Tuesday, July 23, 2019

Consumerization of Technology and its influence on Information Security

Posted by OnCourse Staff January 17, 2014 11:49am

Photo Credit: SimonOk

Unless you’ve been living under a rock for the past few years, you’ve probably heard of a trojan known as Zeus. It is often referred to as the "Man-in-the-Browser" because it begins by infecting the customer, not the institution.  It takes advantage of vulnerabilities on a customer’s computer and waits for the customer to connect to an institution’s website.  Once the customer connects, the trojan is capable of detecting that the customer is browsing a financial institution’s website and can silently make transactions in the background. It can also alert the attacker in real-time so that the attacker can hijack the customers session and manually perform transactions of his own.

The point of this post is not to discuss the technicals of Zeus. Rather, the point is that Zeus, and its variants, are a direct result of web-based electronic banking.  Prior to large-scale deployment of online banking systems, the concept of a Zeus-like attack was not possible.  More specifically, the deployment of consumer-focused online banking systems allows for the existence of Zeus-like malware. 

The tremendous popularity of consumer-based devices such as mobile phones and tablet computers is a strong indicator that the hardware and software technology providers are shifting focus to the consumer market. There was a time when technology innovation was directed at the enterprise. The cost and expertise in developing, deploying and administering the systems made them impractical for the commercial consumer market.  However, the technology landscape is changing rapidly.  Always-on, always-available mobile networks, cloud-based software and storage, and cheaper, faster and easy-to-use computing systems have created a consumer market viable for technology providers.  This shift in focus is having a profound impact on how technology is implemented in the enterprise.  Rather than the enterprise market being the primary force driving technological innovation, the consumer market is assuming that role (McDonald, 2010).  This paradigm shift is sometimes referred to as the “consumerization” of technology and leaves the enterprise in the position of having to react and support the consumer, rather than dictating to the consumer how technology can be used (Gartner, 2005).

The growing popularity of consumer-focused devices and services is forcing financial institutions to adapt in order to remain competitive.  Consumers demand technology, which prompts some financial institutions to offer products and services to meet those demands, which in turn forces the remaining institutions to also adapt and offer solutions so as to remain competitive in attracting customers. Mobile banking is an example of such a near-term technology decision many community financial institutions will have to address.  The fact that institutions even have to consider mobile banking solutions is a direct result of the popularity of consumer-based mobile devices.  As more and more consumers use mobile devices, the pressure on financial institutions to support the devices increases.  The consumer market is shaping the technology landscape of community financial institutions.

Consider cloud computing as longer-term example.  Cloud computing is the name of a delivery model where data and applications are accessed and stored on the Internet.  Some of the most successful technology companies are built on a cloud-based model. Google, for example, offers cloud-based email, word processing and spreadsheet alternatives to historically desktop based office applications offered by Microsoft. Mobile devices and tablet computers, the iPhone and iPad from Apple being notable examples, are becoming windows to the cloud.  The applications that run on those devices are increasingly using the cloud as the primary data store.  The attraction for the consumer is that cloud-based services are cheap (often free) and provide a convenience that is very difficult for traditional, locally deployed software solutions to match.  The attraction to the service providers is that cloud-based solutions are cheaper to develop, deliver and maintain.

What does that mean for financial services? That remains to be seen but if the cloud-based business model proves to be valid then financial institutions are likely going to have to consider cloud-based solutions to remain competitive.  In other words, as the competition, be it other community financial institutions or very large national banks, deploys cheap, efficient cloud-based solutions, community financial institutions will have to also deploy such solutions to remain price competitive.  It is difficult to predict the form that cloud solutions will take but examples could possibly include online backup and disaster recovery solutions, cloud-based online banking systems, or even a cloud-based help desk.

On a less theoretical note, one needs only to look to the consumer banking market to see the impact the customer is having on technology decisions.  Customers can bank online, pay bills online, check balances on mobile phones, and even receive text messages when balances are low.  JPMorgan Chase recently ran a commercial where newlyweds take a picture of a check with a cell phone and it is instantly deposited into their account. Many community financial institutions will make the argument that community banking is different because it’s a relationship business.  Relationships will always have value, but the young, technically sophisticated consumer of today is the community financial institution’s business customer of tomorrow. These individuals, who have grown up in the wake of social media and consumerized information technology products, are going to expect a certain level of technical sophistication and demand the same convenience they have come to expect.

It is impossible to predict the future of technology.  However, it is entirely reasonable to assume that security implications will grow in proportion to new technologies and services.  If Zeus-like attacks were made possible by the large-scale introduction of consumer-based online banking systems, then it is logical to expect that other innovations in technology like mobile banking, cloud computing, or whatever the next greatest innovation happens to be, will introduce their own security issues.  What is particularly relevant to community financial institutions is that the consumer will drive the market.  Ultimately, institutions will have very little choice when deciding to implement new technologies should they wish to remain competitive in attracting new customers.  Consequently, they will have to deal with the related security implications.

 

References

Gartner Inc. (October, 2005). Gartner Says Consumerization Will Be Most Significant Trend Affecting IT During Next 10 Years. Retrieved February 21, 2011 from http://www.gartner.com/press_releases/asset_138285_11.html

McDonald, Mark (2010). Power shift! What happens when consumers drive technology markets. Retrieved February 18, 2011 from http://blogs.gartner.com/mark_mcdonald/2010/08/30/power-shift-what-happens-when-consumers-drive-technology-markets/

 


Comments

Add a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.



 Image

OnCourse Staff

The OnCourse writing staff work to keep you informed about the most pertinent financial industry news of the moment



OnCourse Staff's Posts Subscribe to RSS Feed



New Jersey's Corporate Business Tax Legislation: A Look at the Impact for Banks
Correspondent Banking: The Challenges of Data Transparency
Training – An Investment and Risk Management Tool
Are You Gambling with Your BSA Program?
The Case of Foreign Banks and Heightened Scrutiny
IRS and New Jersey Tax Audits of Banks
State Taxation of Financial Institutions in Today's Environment
Does your 401(k) Plan need an Audit?
De-Risking of Foreign Correspondent Banks
Same Day ACH Credits – Phase One
FinCEN Finalizes Ruling on Beneficial Ownership and Ongoing Customer Due Diligence
Is the IRS Status of your Defined Benefit plan in Jeopardy?
The Dilemma of Banking Medical Marijuana Businesses and Other Indirect Risks
Is your Institution Monitoring Working Capital Lines of Credit?
Financial Reporting and Regulatory Update on the Horizon
BSA/AML Training: Is your program effective?
Planning in a Consolidating Banking Industry
To opt-out or not to opt-out, that is the question – A reminder on March 31, 2015 Call Report, Schedule RC-R, item 3.a
Anti-Money Laundering – The Age of Technology
FFIEC Releases Revised BSA/AML Examination Manual: So what’s new?
OFAC Consolidates Non-SDN Listings
Coping with HOPA
Coping with the CFPB’s Ability-to-Repay Rule
Appraisal Disclosure Rule
Cybercriminals Broaden their Attacks in Social Networks
The Importance of Segregating a Bank’s Credit Function from its Lending Function
Appraisal Management Companies in Regulatory Crosshairs
All About the Home Owners Protection Act
Requesting Current Financial Information
Countdown to Windows XP End of Life and Support: Are you still at Risk?
314(b) Distinct Advantages for Financial Institutions
Where is the Document?
The Credit -- Er, IT Crisis?
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
Wag the Dog
Consumerization of Technology and its influence on Information Security
Keeping the Balance: IT Security and the Org Chart
IT Security: "IT's" About Process
Detective, Reactive and Preventive: Evolving Your IT Security
Do You Know The Security Features of the New $100 Bill?
Segregation of Duties for Wire Transfer Processing
Summarizing ACAMS White Paper on EDD and AML Risk Assessments (Industry Survey)
Allowance for Loan Loss Tips and Tricks
Community Banks Slowly Warm Up to Private Student Loans
Has your Bank updated the Adverse Action Notice?
How Does Your Bank Handle Customer Requested Maintenance Changes?
OCC Releases Booklet on "Common Sense" Community Banking
New SAR Filing Updates
Is your BSA/AML automated monitoring system up to par?
The Importance of BSA Training
Office of Foreign Assets Control (“OFAC”) introduces the OFAC SDN Fuzzy Logic Search Tool
Filing the New CTR Forms: What you need to Know
FFIEC Proposed Risk Management Guidance on Social Media: Beware and Prepare
Pandemic Preparedness: Are you testing your Pandemic Plan?
FFIEC issues revised “Supervision of Technology Service Providers” booklet
Is Your Institution's Marketing UDAAP Compliant?
What is Enterprise Risk Management?
New OCC Guidance Released on Investor Owned Properties
Electronic Work Papers - Why P&G Made the Switch
OCC to Toughen Exams in Response to United States Senate Permanent Subcommittee On Investigations
Clarifying Regulatory Obligations Regarding Continuing Activity SAR Filings
Federal Regulatory Agencies Proposal New Rule
Risk management - Smaller institutions and the benefits of ERM
Strengthening Your Loan Maintenance Monitoring
New Lending Proposal from CFPB
FDIC Reaches Settlement on Overdraft Fees
FRB Guidance on Foreclosures
Loan Denials and Withdrawals – Tips to Sure Up your Process
The Summer of CFPB Proposals
Community Lenders Seize Market Share From Big Banks by Using Advanced Online Lending Technology
Dodd-Frank Rule to Change Legal Lending Limit Monitoring Requirements
The ABCs of a TDR
Supreme Court ruling for the Freeman, et al. v. Quicken Loans, Inc case
New FinCEN Guidance for CTR Aggregation for Businesses with Common Ownership (FIN – 2012 –G001)
Senior member of House of Financial Services Committee Introduces Overdraft Protection Act
FinCEN is looking to streamline the financial institution reporting process by issuing mandatory E-filing reporting requirements.
Curry: Operational Risk Now OCC’s Top Concern
JOBS Act Client Alert - Rules 506 of Regulation D
New Rules Proposal for Servicers Coming from the CFPB
Wall Street Receives Volcker Rule Clarity
De-stressing with stress testing
Banks Participate in Information Sharing to Battle Online Theft
IT security: Is your program still effective?
Banking Solutions: ALLL and GAAP in Agreement
How are the most recent regulatory enforcement trends that banks are facing today affecting internal audit? Why?
What are the most recent regulatory enforcement trends that banks are facing today?
Mobile banking: How do we get there?
UBS further struggles with $2 Billion loss by Rogue Trader
Capital One Becomes Dodd-Frank Test as Nation’s Fifth Largest Bank
Community Banks to receive US Funding for Small Businesses
FDIC fields questions about overdraft guidance
Negligent Hiring – A mistake can cost more than just money!
Regulatory Burden – Managing the Pain
From Embezzlement to Imprisonment: Former Citigroup employee faces charges with $19.2 million in bank fraud
TDR or Not to TDR …Much Ado about Nothing?
Finding the Right Hire
Model behavior: Is your ALM model capturing your bank’s risks?
ALLL best practices: Pay attention to qualitative factors
Abandoned Property Law, and its new New York State of Mind
Consumerization of Technology and its influence on Information Security
FDIC releases Provisions on Dodd-Frank to help Community Banks
Social Media in the Employment Arena – It Gets Funky!
The Proof is in the Pudding: Affects of Dodd-Frank on Community Banks
Banks and Businesses get "swiped" over Fees
A little bit of this, and a little bit of that: Fed Unveils list of Banks Helped during Financial Crisis of 2008
IT Security: "IT's" About Process
To Test or Not to Test; That is the Question
2011 Failed Bank List Hits 25
Wag the Dog
Committee on Financial Services to Hold Hearing on the Effects of Dodd-Frank on Small Biz and Banks Today
2011 Failed Bank List up to 18
A Culture of Whatever: On the Path to Proper Governance
The Test Drive: Leasing or Buying a HR IT Platform
Detective, Reactive and Preventive: Evolving Your IT Security
Cracking the ALLL Code: How to Develop the Right FAS 114 Methodology
Double Digits: Bank Closings up to 11 in 2011
FCIC Releases Report on the Causes of the Financial Crisis
Part of the In Crowd: Thoughts on the Dodd-Frank Act
Another One Bites the Dust: Regulators Close 4 Banks
Keeping the Balance: IT Security and the Org Chart
On Notice: FDIC Issues Rule for Temp Unlimited Deposit Insurance
2011 Failed Bank List Up to 3
Welcome to OnCourse
Stick 'Em Up!
Time for a Tune-Up: The Necessity of a HR Audit
Visa Instituting Two-Tiered Debit Card Interchange Structure
The First Failed Banks of 2011
The Credit -- Er, IT Crisis?
Painting a Masterpiece: The Art of the ALLL Reserve
The Law on Your Side: Understanding HR Regulations in 2011
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
No Respite from RESPA