No rest for banks amid the hackers. And certainly not with an outsourced tech model.
In the wake of the Capital One data breach that exposed data tied to 100 million individuals in the United States comes a warning that there really are not any places to hide.
A quoted by Bloomberg, a senior official at the European Central Bank (ECB) has warned of the threats that come with embracing the digital age.
It’s no secret that banks have been turning, increasingly, to bits and bytes to boost the consumer experience and provide a range of services to individuals and corporates alike.
There may be cause for caution.
“There will be accidents, especially in the cloud,” Korbinian Ibel, a director general at the ECB’s supervisory operations, said in the report. “It’s not that clouds are more vulnerable, they’re actually often better protected than in-house systems, but they’re seen as juicy targets.”
The warning comes as banks have been enlisting the aid of tech giants like Microsoft and Amazon, while bringing operations and data to the cloud. Such moves are tied to the desire to streamline operations, move beyond legacy systems and cut costs. This last point is especially desirable in an age where lower interest rates mean top lines see pressure.
Does the Capital One breach portend risks for banks on the Continent? Not as of yet, since many financial institutions (FIs) in Europe do not store sensitive data on public clouds.
“We see the benefits” of cloud computing, Ibel said. “The rule is that the banker is always responsible for their data and services … It’s not enough to have one person as the IT expert,” he said. “You need a common understanding at board level of the needs and risks of IT.”
The ECB warnings come as eCommerce giant Amazon late last month said it was not to blame, contending instead that clients (such as banks) are ultimately responsible for their own apps. As quoted by Newsweek, the firm said via spokesperson, “AWS was not compromised in any way and functioned as designed. The perpetrator gained access through a misconfiguration of the web application and not the underlying cloud-based infrastructure. As Capital One explained clearly in its disclosure, this type of vulnerability is not specific to the cloud.”
In more recent news, the ECB itself said last week (as recounted in Forbes) it had been breached, in an incident where hackers injected malware that may have caused the bank to lose data. The hackers had gained access to the ECB’s Integrated Reporting Dictionary site. That site had been breached at the end of last year, and had been hosted by a third-party provider.
“The BIRD website provides the banking industry with details on how to produce statistical and supervisory reports,” the ECB statement said, “it is physically separate from any other external and internal ECB systems.” At least some data tied to subscribers may have been “captured.”
Here then lies a conundrum. In the build vs. buy debate there has been a third way — partner. The model where banks (or any firms for that matter) link with other companies to tap expertise and get to market with new products and services saves time and money.
As reported by PYMNTS and as noted at the end of last month through the Innovation Readiness Playbook done in conjunction with i2c, as many as 80 percent of top performing artificial intelligence (AI) systems will focus on data analytics over the next few years. And, as noted in the study, technical limitations and complexity remain barriers to innovation for many FIs. This suggests they could benefit from partnerships to help them overcome some of these challenges, including the constraints imposed by legacy payment systems.
In the outsourcing model, then, it seems prudence would demand: caveat emptor.