CYBERSECURITY
58
Financial institutions often need to build an ecosystem of third parties and open up APIs to provide access to data in order to deliver greater personalisation . APIs are a relatively new way for organisations to offer these digital capabilities , such as linking customer accounts to payments for everyday services . The worry is that open APIs , accessed by multiple third parties , will create concentrated points of failure and a new attack vector for adversaries to target . This means that financial companies need to weigh up the added value to customers versus the new risks that are introduced to the business from these new services .
Any new technology or service must be built with security in mind , and any access to sensitive data should always be limited to a need-to-know basis by default . Banks also need to be careful who they get into bed with and ensure they have conducted a thorough risk assessment before opening up any systems , while limiting access to absolute need . Applications and APIs should also be constantly monitored for cyber-attacks and fraud .
From the consumer perspective , do you think that the risks are accurately explained ?
It ’ s certainly true that consumers are more aware of cyber risks than they ever have been , but awareness alone doesn ’ t always translate into secure behaviours . Convenience often trumps security , even where our personal details or money is concerned .
DECEMBER 2019