Industry view: Improving operational and technology efficiency while building cyber-resilience
The explosion in fintech start-ups promises to deliver innovation and efficiency to a market that is stultified by established players and legacy systems. Considerable opportunities exist for companies to use fintech solutions to address key operational and technology efficiency challenges, as well as increasing regulation, like the forthcoming revised EU Payment Services Directive (PSD2). But companies buying new fintech software and services must be wary of potential gaps in digital security.
Most fintech start-ups are, quite rightly, focused on building something that works, something customers like, and that delivers value quickly. Start-ups rarely have the resources to build and maintain effective security in the early stages of development and commercialisation. In addition, companies that purchase fintech services need to consider the security of the underlying people, processes, software and, infrastructure, which is often cloud-based. Stroz Friedberg, a global risk management and cyber-security firm, has the expertise companies need to adopt innovative fintech rapidly and safely.
“Ensuring innovative fintech doesn’t become a major weak link in a company’s cyber-security posture isn’t possible with a check-box, thirdparty assurance exercise,” according to Simon Viney, a director in Stroz Friedberg’s cyber-security consulting practice. “Companies need to be confident they fully understand the security of a fintech solution they adopt. They must consider how the fintech service or software fits into their overall operations and IT architecture, and ensure existing security processes will effectively mitigate security risks.”
Viney advises that another key requirement is to understand the threats. “What do the bad guys want? Why do they want it? How might they attempt to acquire it? Only when armed with this knowledge can companies work out how to prevent a breach from occurring, or respond effectively should a breach occur,” he added.
Stroz Friedberg’s experience securing fintech solutions is among the most potent tools businesses can employ to address and respond to this type of cyber-risk. “We recently helped a financial services firm address the risk by moving to a ‘DevOps’ model,” said Phil Huggins, a vice president in Stroz Friedberg’s cybersecurity consulting practice. “We developed a modern, secure software development lifecycle for our client, and empowered their development teams to identify, understand and address security issues themselves. This provided security assurance from multiple vendors that was automated, independent and efficiently integratedintothe client’s operational environment.
This delivered a security function that supported increased agility and a plan to scale.”
Use of fintech presents an opportunity to dramatically increase business and IT agility. Stroz Friedberg can help firms buying fintech software or services, understand how a fintech solution will affect cyber-risk and establish a posture that enables rapid and securely managed innovation. The result: improved operational and technology efficiency while building cyber-resilience and achieving many of the goals regulators are laying out for financial firms.
Phil Huggins (left) is vice president at Stroz Friedberg
+44 (0)20 7061 2299
phuggins@strozfriedberg.co.uk