The Financial Industry’s Fight Against Cybercrime

By their very nature, banks - being the main custodians of money - have always been a target of criminals. But the nature of banks’ enemies is constantly changing in the digital age as the opportunities to conduct cyber attacks make criminals arguably more dangerous.

Cybersecurity may have once been the concern of IT departments but that has long since changed. Today, almost every person within any organisation must understand their responsibility in defending against cyber attacks. And this is none the more salient than in the financial industry.

The industry is one of the most targeted comprising 19 per cent of total attacks and incidents, according to an IBM report entitled X-Force Threat Intelligence Index.(1) Just how much damage a cyber attack can cause was demonstrated on Bangladesh’s central bank in February 2016, when US$101 million was extracted over a five-day period via 35 separate money orders, of which only US$20 million so far has been recovered.(2)

Since then, however, “many organisations in this industry are cognizant of their vulnerability to cyber attacks and are actively preparing for a potential crisis”, reads the IBM report.

In order to defend themselves and their customers’ money, banks need to take a broader, intelligence-based approach to cybersecurity while being aware of new threats such as geopolitical climate, third-party risk and exposed insiders.(3)

Shoring up Cyber Defences

United Overseas Bank (UOB) is one bank that takes its cyber defences seriously. Tobias Gondrom, Chief Information Security Officer at UOB, explains that the Bank follows the National Institute of Standards and Technology Cybersecurity Framework.

Within this framework, Gondrom says the key steps are
· to understand one’s risks;
· put protection mechanisms in place;
· consider all angles of potential threats and how to detect them; and,
· be able to respond and to recover quickly.

Yet, one of the difficulties in the financial industry’s fight against cybercrime is that the targets within a bank for sophisticated cybercriminals are almost boundless, comprising millions of clients, numerous other banks and a growing bracket of fintech partners. Not to mention that cybercriminals are always inventing new ways of attacking.

//

//

One example is phishing scams via e-mail or SMS, which a customer could receive purporting to be from a bank and then shares his or her identification and authentification details. Or even an automated recording claiming that an account has been compromised and the targeted individual is asked to share their information via keypad.(4)

In both instances, the bank is not directly involved and so prevention can prove tricky. Hence, raising awareness through educational messages at ATMs or via social media is key to the way UOB helps educate its customers on the need to stay alert.

Integrity As A Security Standpoint

To protect the data of its customers, UOB has invested in a 24/7 security operation centre, has put monitoring tools in place and developed an advanced security analytics system that uses artificial intelligence and machine learning to detect suspicious transaction behaviour.

Within the organisation, every employee has to go through mandatory security training and Gondrom says that the values at the Bank help from a security perspective.

“Doing what is right for our customers and placing honour before profit aligns very nicely with fostering the right security culture,” he continues. “If you want to defend someone, holding integrity as a high value works well from a security standpoint.”

While UOB may have a head start on building the right culture, a difficulty facing all banks is the lack of skilled security personel. Research by (ISC)2 says the shortage of cybersecurity professionals around the globe is just under 3 million, with Asia Pacific making up 97.7% of the deficit.(5)

For its part, UOB is keen to address this deficit and to expand the industry’s talent pool by participating in The Institute of Banking and Finance Singapore’s Technology in Finance Immersion Programme where it has taken on half of all the successful applicants for the cybersecurity course.

//

//

Cybersecurity is obviously being taken seriously at many banks and it is intertwined at all levels, products, services, processes and people within the company. Yet, ultimately, in this digital day and age, cybersecurity cannot be the responsibility of institutions or companies only.

“Everyone needs to work together to fend off cyber criminals,” says Gondrom. “And what it basically boils down to is good cybersecurity hygiene.”

Basic Cyber Hygiene Tips

· Be alert. Do not disclose your personal information, bank account and credit card details to anyone.
· Be cautious. Do not follow instructions from unsolicited parties who request for your personal or bank information, or transfer any money to recipients whom you do not know.
· Be prudent. Check the validity of requests from unsolicited parties by calling the organisation’s official contact number.
· If in doubt, please inform your bank or call the police for assistance.

(1)Click here
(2)Click here
(3)Click here
(4)Click here
(5)Click here