Today’s banking is no longer the fortress of the 19th century.e century protected by heavy bronze and steel doors designed to withstand the blowtorches of safe-crackers. Thanks to the digitalization of our societies, this bank, which prevailed until the 1970s, has transformed in a few decades into a gigantic and complex information system.
What has not changed, and has even worsened considerably, are the threats that continue to weigh not only on it but also, and this is new, on its customers, who have now become the preferred targets of cybercrime. A new crime whose motivations are no longer, as in the good old days, solely financial, but increasingly often political or ideological with the aim of destabilizing States. In short, if it has brought more comfort and fluidity to the user and efficiency to the players in financial services, the digital transformation has clearly become a new systemic risk for banks.
Revolution of uses
Thus, and to face the evolution of the threats they face at every moment, the networks and computer systems of banks are constantly evolving in a Darwinian race for adaptation. If they are still extremely robust and resilient today despite their age and sometimes their obsolescence, it is at the cost of incessant efforts whose cost continues to increase.
The other risk factor is that digital transformation also, and perhaps above all, results in a revolution in uses, particularly thanks to the new European regulatory framework for payments (DSP1/DSP2) which has enabled the development of an ecosystem of fintechs whose innovations have accelerated the “nomadization” of payments, the “platformization” of services and the “cloudification” of transaction processing. Thus, new financial services are increasingly freeing themselves from the information systems traditionally owned by banks in favor of telecommunications networks and public cloud services.
A trend observed in many areas but here accelerated by the disintermediation of exchanges and payments which, by ousting trusted third parties, has been accompanied by the arrival of new players who now occupy strategic positions in activities hitherto reserved for regulated institutions forced to comply with very strict prudential obligations.
Securing all of our digital infrastructures
Also, traditional players, like newcomers, are now increasingly using infrastructures that have neither been designed nor secured to support sensitive and strategic flows such as those of the banking industry, and which furthermore provide no guarantee of reliability, incorruptibility or resilience, having been designed and deployed by commercial operators for general public use.
Since this evolution is inseparable from that of uses, it seems illusory to consider any return to the past. The ball is thus and now in the court of the companies that operate the digital infrastructures and of the State on which the institutions responsible for their security depend.
Because today, it is no longer so much a question of securing a few strategic information systems reserved for critical uses, but rather all of our digital infrastructures, that is to say those that we use on a daily basis as they now support the entire organization and proper functioning of our country, whether economic, political, social, or affecting the well-being and security of its citizens.
Jacques Marceau is president of Aromates, administrator and spokesperson for the Concorde Foundation and co-founder of the Assises des technologies financiers.
