Delivering digital banking experience with security as priority
By Albert Chai December 1, 2016
- The digitization of banking services and operations will bring forth a new breed of offerings to consumers
- Despite the severity of threats for banks, their security readiness is not much higher than companies in other sectors.
THE surge in mobile adoption and the burgeoning growth of e-commerce are some of the key drivers for the rise of digital banks. Today, approximately 87.5% of consumers in Malaysia have experienced digital banking at least once. As consumers become predominantly digital natives by 2025, retail banks will need to accelerate their digital transformation initiatives in order to satisfy the demands of a new generation of tech-savvy consumers and deliver a more personalised banking experience.
The digitization of banking services and operations will not only improve business efficiencies and cost savings but also bring forth a new breed of offerings to consumers. Aside from online banking and mobile payment platforms, banks are now exploring financial technology (FinTech) innovations, such as digital wallets, peer-to-peer lending and remittance platforms, and decentralise databases, to create new business models and services.
Naturally, these new technologies will bring about additional cybersecurity challenges and concerns. The expansion of endpoints broadens the attack surface for cybercriminals, allowing them to deploy fresh forms of attack to circumvent an organisation’s threat defences.
At the same time, cyberattacks against financial services firms are becoming increasingly frequent, sophisticated, and rampant. The growth in digital banking marks the sector as an attractive target for financially-motivated hackers as there are more data to steal and profits to be made. A successful data breach can be a costly affair and banks can incur an average loss of USD3.79 million (RM15.64 million) due to a myriad of reasons, including lost business and regulatory fines.
Despite the severity of threats for banks, their security readiness is not much higher than companies in other sectors. This is one of the reasons why we still repeatedly see reports of successful cyberattacks against banks. For example, earlier this year, it was reported that attackers had utilized a certain type of malware to hack into Bangladesh Bank’s SWIFT platform and steal USD81 million (RM333.5 million). These adversaries nearly got away with almost USD1 billion (RM4.12 billion) if not for the typing error that alerted the authorities.
Closer to home, Malaysia’s national cybersecurity agency, Cybersecurity Malaysia, discovered that over 2,100 servers belonging to various organisations including banks were compromised by attackers. Access to these servers was then sold to hackers for as low as RM29.
With the regularity of cybersecurity incidents in the banking industry, it is no surprise that security and privacy remain a primary concern for many. One in two consumers has expressed worry about the potential lack of privacy and others gaining access to their personal data.
The foundation of our financial institutions and models are built on trust. The growth of digital banking in Malaysia is only sustainable if consumers have confidence in the institution’s security. Therefore, retail banks must be able to prevent security breaches, detect and remedy them as quickly as they occur.
Evidently, it is no longer sufficient for financial institutions to just secure every endpoint. They will need to adopt a new cybersecurity paradigm that addresses advanced threats before, during, and after an attack.
When an incident occurs, the longer attackers are allowed to operate undetected, the more profits they will potentially reap. Therefore, banks need to reduce attackers’ “Time to Operate” by employing first-line of defence measures such as patching, password management and segmentation to impede the movement and propagation of threats. Following that, they need to accelerate their “Time to Secure” to constrain attackers’ operational space and minimise the damage that is being done. Finally, organisations should improve IT hygiene by upgrading aging infrastructure and systems, patching quickly, and consistently backing up their data in anticipation of future attacks.
Against the backdrop of relentless cybercriminals and expanding attack vectors, the challenges that lie ahead for financial service providers is clear. However, they can better protect themselves by making security a critical foundation in their digital journey.
Many banks have reached a tipping point with their Internet infrastructure. They want to simplify and update their devices and software to reduce costs and build a strong IT foundation. This is their moment to harden security so that they will be able to deliver a secure connected banking experience to all their customers and roll out trusted new digital banking services that will help them succeed in the digital economy.
Albert Chai is Cisco Malaysia's managing director
Warning about financial cyberthreats in APAC
IT spending by banking, securities firms in mature APAC region to hit US$19.1 bil in 2017
Online extortion dominates security threats this year
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.