Written by Aare Reintam, COO, CybExer Technologies
The financial and banking sectors have long been a high-priority target for cyber criminals, with the potential for huge monetary gains acting as an incentive for both sophisticated and low-level attacks. Ransomware attacks have skyrocketed, whilst the potential for cyber criminals to gain access to endless amounts of customer data has created a boom in identity theft with this information being sold on the dark web for high financial returns. Not only this, but inside information can help cyber criminals to gain insights into the stock market, which has allowed them to further exploit the market.
Although banks are reluctant to admit the severity and number of threats they face, VMware reported a 238% increase in cyberattacks targeting financial institutions in the first half of 2020. The pandemic served as a huge catalyst for cyber crime in the already vulnerable financial services sector. In their attempt to digitise their offering and move with the times, many banks found themselves partnering with FinTechs and third party app developers, thereby creating an extensive ecosystem with multiple players involved in day to day transactions.
The knock-on effect of having more players in the ring is the need for multiple vendor systems to be properly integrated. This causes issues since not all these systems are particularly secure in the first place, and it increases the surface area for cyber criminals to target. While it is critical for banks to digitise, the resulting supply chains are typically vulnerable and susceptible to attack, creating huge opportunities for cyber criminals to access a lucrative store of customer data and monetary assets.
The financial and banking sector is a lifeline for economies and vital to people’s daily activities. For banks, failing services put much more than their reputation at stake. Being able to make and receive payments is critical to the functioning of any economy and society, and the protection of data is a question of integrity.
Cultural Change
It may seem obvious that the seriousness of cyber threats would put banks on high alert, however, the action taken has not always been extensive enough. Some banks have been put off by the need to commit significant time and resources to appoint an expensive and experienced fully dedicated team, and to invest in the right tools to help protect themselves.
Additionally, difficulties exist with being able to accurately pinpoint what form those cybersecurity threats will take. Agile and adept, the nature of the attack changes constantly, making it extremely difficult for the financial sector to put exact measures in place, which risk being redundant within weeks with the emergence of new creative cyber attacks.
One way that forward thinking banks are looking to tackle the cyber threat is through engaging their staff in interactive simulations that educate participants on how to spot potential threats, as well as how to best deal with them.The benefit of this is that employees on the ground, at any number of seniority levels, are able to play a more active role in ensuring business continuity. Despite the highly technical aspect of cyber attacks, human error remains the key weakness for originations when it comes to many forms of security vulnerabilities.
New tools also mean organisations in the banking and financial services sector can assess their infrastructure as a whole, and offer broad-based educational and awareness programmes in a safe environment where staff can be trained and assessed on their ability to mitigate any incoming threat.
Investing in more stable future
If the banking and financial sectors can continue to move in the direction of investing not only in digitisation but also cyber security awareness and education, they stand to form a fully equipped and cyber literate army that can provide a long-term solution to the cyber threat which only shows signs of growth.
Cyber security strategies need to be valued as an integral part of our roadmap for digitalisation – it is a process which helps organisations to take a systematic approach to protecting digital services, not simply an analysis or a project. It’s essential that organisations are holistic about cyber security, taking into account the core business and the ecosystem around it. The cyber threat can cause serious damage to businesses, but we must not forget that those who ultimately suffer will be individuals.
In banking, there needs to be proper leadership and a guarantee that personnel have the necessary level of education, right down to the last employee. This is non-negotiable for banks and financial service organisations that want better protection and prevention when it comes to cyber.
