In today’s hyper-competitive banking and financial services industry, the rapid creation of innovative digital experiences is priority one, right? Well, not so fast. With valuable assets on the line, you need to balance customer convenience with security to protect your organization’s data and infrastructure.
If your organization is accelerating the development of financial services applications, you’re not alone. Cloud efficiency gains and growing customer demand for convenience is prompting many financial institutions to rev up their digital transformation—exposing potential security vulnerabilities in the process.
As malicious cyber actors present a growing threat, the pressure is on to ensure security at every stage of the application lifecycle. The COVID-19 pandemic has highlighted the need for heightened security as cybercriminals exploit increased use of potentially vulnerable services, such as virtual private networks, to target individuals and organizations.[1]
So what can your organization do to maximize customer convenience in the face of persistent cybersecurity threats? It starts with choosing a best-fit path to innovation based on your velocity to market and ROI goals and your unique security, integration, and scalability challenges.
The goal is to leverage a fast and safe application development environment that supports agile service delivery, while incorporating robust security controls to mitigate your risk of exposure. When properly implemented, the right innovation model, augmented with advanced technology, helps you better protect applications and infrastructure as you meet governance, risk, and compliance requirements.
Growing customer demand for convenience is prompting many financial institutions to rev up their digital transformation.
Cybercriminals are always on the lookout for new ways to compromise critical infrastructure and gain access to personally identifiable information. Financial services organizations remain an especially attractive target due to the value and high profile of the information they handle. By attacking these institutions, bad actors seek to steal sensitive data that can be used to open fake accounts, lines of credit, and more.[2]
F5 Labs analyzed its Security Incident Response Team data from 2017 to 2019 and discovered a significant increase in the number of authentication and distributed denial-of-service (DDoS) attacks. On average, brute force and credential stuffing constituted 41% of all attacks on financial services organizations over the full three-year period. Trending upward, DDoS attacks were the second biggest threat to financial services organizations, accounting for 32% of all reported incidents between 2017 and 2019. On the other hand, use of malware and web attacks, while still persistent threats, are on the decline.
Although the banking and financial services sector tends to place greater emphasis on security compared to other industries, it still faces formidable challenges as it strives to combat cyber attacks and entropy.
The implementation of rigorous security controls—both preventive and detective—is the best defense against attacks that could put your institution and your customers at risk. On the preventive side, you can better protect APIs and implement a vulnerability management program that includes external scanning and regular patching. On the detective side, you need to monitor traffic for traces of brute force and credential stuffing—even as the more sophisticated end of the spectrum becomes increasingly adept at evading this kind of detection.
As your institution continues its digital transformation, chances are you’ve increased your focus on application innovation. According to the F5 2020 State of Application Services: Financial Services Edition report, applications are critical for every financial services organization. Three-quarters (74%) of respondents reported that applications are essential to business, with the other 26% stating that applications play a key role in supporting their business and driving competitive advantage.
What’s even more eye-opening is that more of these applications are now running in the cloud. Despite early skepticism, the industry is starting to embrace the cloud to support more agile release cycles, speed up processing, and lower infrastructure and operating costs. Indeed, 60% of respondents ranked the cloud as the strategically most important technology trend in the next two to three years—up from 49% in 2019, according to the report.
60% of respondents ranked the cloud as the strategically most important technology trend in the next two to three years.
Even if you’re adopting cloud platforms as a way to deliver new customer-facing apps, you may be holding back on migrating your back-end legacy systems. Since these are often the applications that move critical data or money, it’s easy to understand why. Lessons learned during the COVID-19 pandemic, however, may accelerate a more full-scale transition to the cloud.
For example, rollout of the federal Paycheck Protection Program caused a surge in demand that exposed the limitations of decades-old infrastructure.[3] This just may be the wake-up call needed to accelerate modernization initiatives.
As you transition more applications to the cloud, security is more important than ever, especially in a highly-regulated industry such as financial services. While various types of attacks can be waged against cloud deployments, proper security controls can go a long way toward mitigating these evolving threats. The ability to protect web applications in the cloud is essential to building a proven and reputable online presence as you advance your digital transformation.
The Right Path To Innovation
If you’re committed to application innovation as a competitive strategy, there are several paths you can take, each with its own pros and cons. You can develop applications in-house, or you can engage with a FinTech company through investment, acquisition, or collaboration.
OPTION 1
Mergers & Acquisitions
Purchasing majority shares in a firm with proven solution innovation can improve your speed to market while creating cross-sell opportunities with new customers. The cons include costly solution integration—not to mention big upfront expenses.
OPTION 2
In-house Development
Keeping development in-house gives you complete control over the technology and allows you to design to scale with heritage systems. However, you’ll need to hire specialized talent and overcome brownfield legacy integration obstacles that can reduce your speed.
OPTION 3
Investment in FinTech Firms
Investing in a FinTech accelerates time-to-market compared to in-house development and provides access to the right talent with the right skills. At the same time, this path could present data security and ROI challenges.
OPTION 4
Collaboration with FinTech Partners
A collaborative partnership with a FinTech speeds time-to-market over in-house development and lets you involve the right talent to build and deploy applications. On the flip side, you’re bound to run into data security issues and give up some level of control over your technology.
If your organization decides to innovate in-house, a modern infrastructure and approach is imperative to support agility. But keep in mind that speedy application development without the appropriate security controls can expose vulnerabilities and put customer data and transactions at risk.
To innovate with confidence, you need to protect against threats at all points of vulnerability: the network the app resides on; the data that travels from the user to the app; the DNS that resolves the IP address to access the app, the web, and application servers; and the associated APIs leveraged by other applications and systems.
High-speed innovation doesn’t have to compromise security, performance, or availability. When you know what makes your financial services applications vulnerable and how they can be attacked, you can put the right solutions in place to lower your risk.
Read our eBook to learn how F5 can help your organization get the application security you need to mitigate today's advanced threats, while supporting the critical innovation required to move your business forward.
[1] Cybersecurity & Infrastructure Security Agency, COVID-19 Exploited by Malicious Cyber Actors, Department of Homeland Security, April 8, 2020
[2] Warwick Ashford, Financial Services Top Cyber Attack Target, ComputerWeekly.com, July 31, 2019
[3] Tom Krazit, Wall Street Spent Years Watching the Cloud Drift By; Then Came Coronavirus, Protocol, April 29, 2020
