Designing Security to Reduce Risk and Disruption

By Cheryl Chiodi, Industry Marketing Manager: Financial Services, Akamai Technologies, Inc.

Introduction

In order to stay competitive, financial institutions must not only meet, but exceed their customers’ ever-increasing expectations for fast, reliable and secure digital experiences. Simplicity and convenience are imperatives when it comes to user experience but, just how do you keep something as important as financial security simple?

Make Security a Cornerstone of Every Business Decision
As financial institutions build their digital strategy, they are faced with the tension between balancing customer expectations for convenience while maintaining security. Financial customers are increasingly less loyal and are willing to pull away from institutions that have been breached. While simplicity is critical when it comes to attracting new customers, security is equally important for retaining them.

As evident in the chart below, financial executives around the world share similar concerns regarding the increasing risk of cybersecurity threats, where data theft is the primary security concern, ahead of their own reputational damage, compliance, revenue loss and system downtime.

Akamai Image 1
Source: Akamai / TechValidate survey of 136 business and technology executives at financial services institutions worldwide

Here are 3 security considerations for a successful digital strategy

1. Multi-factor authentication
Multi-factor authentication can secure financial transactions with only a slight increase in complexity for customers. The practice makes hacking an account more difficult because two separate and unconnected authentication channels would have to be compromised for a malicious actor to gain access. Many financial institutions have implemented knowledge-based authentication (KBA) because it can be less expensive to deploy than security key fobs or more complex biometric methods. Other forms of multi-factor authentication include requiring the user to make a phone call from a registered number, respond to an automatically-generated phone call from the institution, or text a code displayed after login from their registered smartphone to the institution. For further security, voiceprint technology may be used to provide biometric verification, in fact, Google Intelligence reports that by 2020, one-fourth of all worldwide electronic transactions will be authenticated biometrically, driven by the widespread adoption and use of biometric-enabled mobile devices.

2. Downtime prevention
Customers expect access to their accounts at any time, from any location, on any device. In fact, many customers execute 100% of their activity remotely. At the same time, financial institutions are at an increased risk of sophisticated attack tactics such as the recent digital espionage activities from the DD4BC (DDoS for bitcoin) group. Their Distributed Denial-of-Service (DDoS) campaigns threaten to render targeted websites inaccessible unless a payment (anonymous via bitcoin) is made. In the absence of a highly scalable security solution, victims often pay, knowing that further downtime could result in huge online revenue losses, additional technical support costs and significant reputational damage. According to a 2015 survey done by the Ponemon Institute, the average consolidated total cost of a data breach is $3.5M per year per occurrence and the cost incurred for each lost or stolen record containing sensitive and confidential information increased more than nine percent to a consolidated average of $145 per record.

3. Protection of data, sites and applications
In today’s rapidly changing IT environment, mobile sites and applications are often the weakest and most-targeted points. Financial institutions are entrusted with a wealth of data that is highly sought after by cyber criminals. The responsibility to protect not only the data, but also sites and applications, is critical — all while improving application response time. It may seem difficult to imagine providing this level of security simultaneously with the convenience that today’s financial customers demand. But the two need not be viewed as tradeoffs, as both are required to achieve digital transformation.

Summary
To protect customers, data and reputation, financial institutions should adopt a defense-in-depth strategy, comprehensive enough to easily thwart even the largest of attacks at both the network and application layer. This approach will safeguard critical web assets while reducing demands on their core infrastructure. It works by building multiple layers of security, compartmentalizing the network and adding access control points closer to the various assets that are being protected. Overall security is therefore not reliant on a single defense mechanism.

Contact:
Cheryl Chiodi
Email: cchiodi@akamai.com
@cchiodi

About Akamai
Akamai is the global leader in Content Delivery Network (CDN) services, making the Internet fast, reliable and secure for its customers. The company’s advanced web performance, mobile performance, cloud security and media delivery solutions are revolutionizing how businesses optimize consumer, enterprise and entertainment experiences for any device, anywhere. www.akamai.com/finserv

Advertisement

Follow Us:

Sitemap | Privacy | Copyright © © 2017, WSTA®, All Rights Reserved.