7 Questions to Sandra Tobler about Covid and Cybersecurity

7 Questions to Sandra Tobler about Covid and Cybersecurity

by July 1, 2020

In May 2020, Fintechnews.ch launched the Fintech Influencer Switzerland Interview series, which presents at least once a week a short interview we have conducted with a well-known, longtime Swiss Fintech Influencer to get his or her views on some of the industry’s most urging issues and hottest trends.

Today we speak with Sandra Tobler, Sandra is CEO of Futurae and was nominated by Miki Vayloyan.

Hi Sandra, what has changed for you personally during this pandemic?

These are very special times for many of us on a personal level asking to cope with family, work, and uncertainty at the same time. Luckily, everyone around me is safe and healthy. Not super much changed for me in the business context except that I had more quality time for strategic thinking and in-depth discussions with peers and customers since many physical meetings and travels were translated to the virtual space. My company Futurae is used to working in a remote set up and our customers got more and more used to it too.

Do you think COVID-19 is the digital accelerator that the industry has been missing so far?

The skeptical decision-makers who saw in digitalization only a marketing gag finally understood that customers expect that they have access to services around the clock, from where they want (which translated to the sofa in-between Netflix shows), especially in the times of a pandemic. Consumers were forced to change service providers if their previous ones did not manage to offer services in time and when organizations that just paid lip service instead of acting.

The global pandemic crisis around Covid-19 definitely propelled much-debated concepts like Open Finance as decision-makers grasped the power of those approaches. Even the C-level suite understood how partnering with highly innovative Fintech companies is an asset to bring onboard state-of-the-art technology in a fast way.

We were also able to sign many new customers during the lockdown and went live with others. The record-holder is Frankfurter Bankgesellschaft that went live with an entire IAM and authentication solution within 6 weeks.

What is your current focus?

Let’s start with a simple message: where there is money, there is fraud. With my team at Futurae I am constantly working on optimizing security and usability for customer-facing applications like portals web or mobile banking. We always have to be faster than the fraudsters. At Futurae we currently see high demand for our PSD2 compliant strong customer authentication and transaction platform for retail and private banks and merchants across Europe.

Since the pandemic started, we were also able to serve new use cases (especially securing employee access within companies to applications like Office365, Citrix or VPNs) or services in the public space. Futurae security engineers constantly enhance the adaptive solutions that allow companies to authenticate users in all possible scenarios. Additionally, trends like Fido2 respectively Webauthn compliance and payment protection from so-called ‘Social Engineering Attacks’ are definitely more and more up-and-coming and in demand in the second half of 2020.

What are the hottest Cybersecurity Fintech Trends?

In the area of strong customer authentication, the most exciting area is adaptive authentication where risk-based engines can serve down-to-the-user tailor-made use cases. The beauty of novel ML-based approaches is that the user does not feel anything about the security and the secure authentication and transaction signing works in all possible circumstances. This is not only relevant for today’s use cases like online and mobile banking and wallets, but also where banking and financial services are done in the future: think smart homes, connected cars, and wearables.

Which country is ahead in terms of cybersecurity?

I do not see major differences from country to country. There are industries that have been exposed for a longer time to online fraud and historically have a better understanding of Cybersecurity. Financial services organizations understood how to partner with the best-of-breed Cybersecurity companies earlier, compared to other industries. A lot of organizations in other industries (to mention health, public, and higher education) still did not fully grasp that it is not in their interest to build Cybersecurity infrastructure in-house.

Banks understood where their core expertise is and where they better join forces with the local, accessible, highly trained, Cybersecurity ecosystem. Furthermore, in Europe financial organizations are a lot more careful designing IT architecture in a privacy-conserving manner. In the US I do not experience the same diligence. The (not so) popular GDPR regulation, which among other things forces organizations to report data breaches to consumers definitely brought more transparency in the continent about who is doing a diligent job with consumer data and who is not.

How does Switzerland stand in authentication and cybersecurity?

Swiss organizations in financial services always took a comparatively conservative stance: this is not necessarily bad. Switzerland critically analyzed upcoming technology trends in Cybersecurity, such as new digital identities and secure authentication, compared to for instance the Nordics that were a lot more aggressive with their rollouts across entire populations.

Fast-changing Cybersecurity threats, however, require organizations to be able to react quickly to exposures. If a bank builds a Cybersecurity product in-house, this is tremendously slowing the response time down and adds unnecessary risks, especially when Cybersecurity is not the core competency of an organization. The product might be old by the time it is in production and there is a huge risk in the case of turnover of key personnel that designed its security features in the first place. Financial services understand more and more that it is a big asset to work with local Cybersecurity startups that are agile and very knowledgeable in a specific field.

Typically, it would be tough to hire such talent from some of the best technical Universities like ETH Zurich. Working with a local Cybersecurity service is mutually beneficial since the financial institution can benefit from the collaboration at an attractive price tag and with an always up-to-date service tackling changing Cybersecurity threats. Find the Swiss Cybersecurity Startup Map initiative I co-initiated. We built an inventory for companies to find highly innovative home-grown Cybersecurity companies in Switzerland to partner with.

Find all the Swiss Cyber Security Start-Ups in one placeOf course, a certain degree of flexibility from the Incumbents is needed especially in an early phase: working with a Cybersecurity startup requires taking some risk, which is almost always guaranteed to pay off in the long run since ETH data shows that the large majority of local Cybersecurity startups is still around and thriving after more than 5 years.

Which Swiss Fintech Startup should we have on our radar?

What I love about the Swiss Fintech ecosystem is that many founders come from the industry and address problems they faced during their careers. This is a huge chance for local players in the financial services sector to have such knowhow you can engage to work with, in areas of wealthtech, cybersecurity or regtech. Other Fintech ecosystems brought up more radical technologies that tried to just compete with incumbent players.

At times these more radical approaches did not fully grasp the full extent of the inner technical or business complexities. For me, personally, the most interesting FinTech’s are not the ones most perceived but the ones working on innovating the complex backends where you can add more radical innovation over time without relying on legacy technology.

*Swiss Fintech Influencer Sandra Tobler:
Sandra Tobler

Sandra Tobler

Sandra is a Co-founder and CEO of Futurae. She worked many years for IBM in international IT projects in financial services and other industries. Before joining Futurae, Sandra worked in San Francisco, responsible for the official economic representation (EDA) working with high-tech companies after some time at S-GE where she was responsible for the ICT industry and initiated the first Fintech trade missions and awareness initiatives back in the early 2010s.

Sandra is a passionate Fintech ecosystem builder from the early hour. She is also active in advocacy work between startups and the Swiss regulator and administration where she is creating awareness for better framework conditions for the local tech ecosystem. She is in the board of Startupticker and the Swiss Cybersecurity Startup map, ambassador for Swiss Finance Startups and was in the jury of the Swiss Fintech Awards.