The greatest threat to banks today
By Lim Chin Keng April 25, 2016
- Digital has boosted convenience, but has also created greater vulnerability
- Web fraud, DDoS attacks, POS intrusions, crimeware, malware and cyber-espionage
MOST people sleep peacefully at night knowing their hard-earned money is resting safely in banks.
However, in recent years, things have changed. The finance industry has been revolutionised by digital technology, and this has made it more vulnerable to security threats.
In Asia alone, digital banking consumers are expected to reach approximately 1.7 billion by 2020. The year-on-year growth of Internet and mobile channels for various banking services averages 35%.
While all of this translates into ultra-convenience for consumers, it has also opened up the playing field for cybercriminals to wreak havoc for banks.
What once started out as ‘Nigerian’ email scams seemingly eons ago, has evolved to highly complex, targeted operations that rake in billions of illegally-gained dollars.
Attacks now come in all forms, from web fraud, DDoS (distributed denial of service) attacks and POS (point of sale) intrusions to crimeware, malware and cyber-espionage.
Adding to the complexity is the fact that there is no defined target spectrum for these cybercriminals. Organisations and individuals alike are in their crosshairs.
One major issue faced by banks in Asia Pacific is the prevalence of malware specifically designed to target them and their customers.
In the first three months of this year alone, new variants of financial trojans Tinbapore and Gootkit were found to be targeting banks and financial organisations in Asia. These developments point to the rapid evolution such threats undergo.
For example, Gootkit prepares its attacks by using a video recording functionality before it launches actual attacks on the websites of financial institutions.
This means that cybercriminals now have the ability to study the internal processes of financial transactions within a bank and can easily look for gaps in approval processes with the new insights.
This is an example of the creativity that cybercriminals today possess and the effort they are willing to put in to refine the process by which they approach their victims and conduct their criminal activities.
Another issue is banks in Asia Pacific generally adopt a reactionary approach to cybersecurity by investing in resources only after an attack, or simply abiding with regulations.
Quite often, there are few to zero cybersecurity professionals on their payroll, and they rarely engage the services of specialist cybersecurity organisations.
Additionally, in some countries, there are limited comprehensive cybersecurity policies and regulations within banks and financial organisations, and even policies sanctioned by the government are not robust enough to make up for this shortcoming.
The final issue faced by banks and financial organisations in Asia Pacific is having to protect themselves against cyberthreats across multiple banking channels.
With the rapid digital transformation of banking services, it is growing increasingly arduous to keep an eye on all of these banking channels. Even if there are safeguards in place to protect these channels, cybercriminals have proven to be savvy enough to find and exploit loopholes in the digital infrastructure of these banking channels.
In the past, most of a corporation’s value was derived from tangible assets such as products, buildings and people.
Today, approximately three-quarters of an organisation’s value is intangible. The digital space we reside and conduct business in has made a brand’s reputation its most valuable commodity.
Financial cybercrime not only affects an organisation’s cash flow or payment systems, it can also ruin a company’s reputation. Consumers and investors may not trust a company that has fallen prey to preventable cybercrime, and brands may suffer losses that they may not be able to recover from.
Leveraging visibility for defence
It is true that we are residing in a fearful climate, and the digital space and Internet are not the safest around. With the rampant prevalence of cybercrime, it is important to stay prepared and protected in the face of such threats.
Organisations these days are recognising the need for and importance of cybersecurity strategies to address cyberthreats that their businesses face.
Many businesses now conduct periodic threat assessments, while many also engage in active monitoring or conduct analysis of security intelligence.
They also have information security strategies in place. For banks and financial institutions, they need strategies that offer real-time threat identification, deep analysis and comprehensive protection due to the dynamic nature of their operations.
Banks need visibility into the end points, network and application of their IT infrastructure to ensure that they remain agile in the protection of their online and mobile banking services.
The current security solutions that some banks are using do not adequately offer the level of visibility they need. An integrated solution which oversees the protection of the networks, applications and endpoints will enable these banks to put adequate security controls in place, allowing them to reduce instances of fraud.
Today, the creativity of the attacks and the process by which cybercriminals are planning and carrying out their attacks definitely show how cybercriminals have stepped up their game.
There is a pressing need to be vigilant today. Cybercrime is the greatest threat that your business is facing. The slightest oversight could result in financial catastrophe that is the result of an instance of cybercrime.
Careful planning and prompt action for if, not when, your organisation is threatened can make or break your business.
Lim Chin Keng is Asia Pacific director of security solutions at F5 Networks.
Asian banks being targeted, time to get holistic on security
Singapore a ripe target for cyberthreats and banking trojans
Network visibility not just about security, but future-proofing
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.