Banking on trust

In financial services, we talk a lot about digital transformation and the need to keep up with technology innovation and the changing needs of consumers. Despite the talk of tech, ultimately, we are in a relationship business: how we cultivate and maintain trust with customers is still crucial, regardless of how banking services are consumed. And consumers need to be reassured that their sensitive payment data and financial transactions are kept safe.

What does trust mean in the cybersecurity context?

In a recent lunch and learn session at the Financial Brand Forum, Derrick Johnson, National Practice Leader of AT&T Cybersecurity, offered his take on trust, and how financial institutions can go from reactive to proactive, referencing a blog post written by John Kindervag during his time at Palo Alto Networks:

“Trust is a human emotion that refers to the level of confidence someone has in something, but it’s a vulnerability, and an exploit in a digital system.”

Cybersecurity matters to all businesses, large and small; regardless of whether you are on-premise or in the cloud; or whether your team is working remotely, in the office, or somewhere in between. A recent survey conducted by the World Bank, spanning 128 financial authorities from 106 jurisdictions, found that “seventy-eight percent of respondents consider  threats to cybersecurity as the top risk in fintech”. The increase in financial authorities’ concern over cybersecurity threats is also mirrored by findings from fintech firms, who reported an increase in cybersecurity attacks, especially in retail-facing activities, with a year-on-year increase of 7% in 2020, as cited by the Cambridge Centre for Alternative Finance, World Economic Forum, and the World Bank. 

Data breaches are also getting costlier, with the global average cost of a data breach reaching an all-time high of $4.35 million, an increase of nearly 13% during the last two years according to the American Bankers Association (ABA). 

As technology continues to transform how we bank and where we bank, the threat surface is ever expanding. Trust is no longer limited to handshakes between two parties. From connected devices, to data collectors and various third parties, there are a myriad of interconnections that can expose a business to threats. 

With the implied trust zone becoming distributed, it is more crucial than ever to evolve proactive strategies to meet customers’ needs safely and securely. Verifying and authenticating connections and relations along the entire supply chain is imperative to protecting data, businesses, and customers. Sometimes, all it takes is for one employee to accidentally open a phishing email and create a company-wide incident. And it’s far less costly to budget for cybersecurity, than it is to mitigate a data breach, let alone accounting for the reputational damage from the incident.

From preventing ransomware attacks, to protecting identity and facilitating authentication and seamless user journey, there is never a dull moment in the world of cybersecurity. 

So what’s the one advice Derrick would like for startups to remember?

“Look at what is the most important to your business, and imagine what would happen to it, if certain parts of your data, if not all of that data, is disclosed and publicly available on the Internet? Now look at how you are protecting that data and make sure you are placing the protections as close to that data as possible.” 

Transitioning to zero trust is a journey. Start small, assess your existing capabilities, and don’t be afraid to look for help.

Tune into our latest One Vision podcast episode with Derrick Johnson , National Practice Director for Cyber Operations within AT&T Cybersecurity Consulting, for more insights. There is never a dull moment in the world of cybersecurity.

This post was sponsored by AT&T Business, but the opinions are my own and don’t necessarily represent AT&T Business’s positions or strategies.