Jobert David
By Jobert David, Technical Director F5 Networks Philippines
Most people sleep peacefully at night knowing their hard earned money is resting safely in banks. However, in recent years, things have changed. The finance industry has been revolutionized by digital technology, and this has made it more vulnerable to security threats.
In Asia alone, digital banking consumers are expected to number approximately 1.7 billion by 2020. While all of this translates into ultra-convenience for consumers, it has also presented fraudsters with a multichannel digital playing field to operate in.
What once started out as “Nigerian email scams” seemingly an eon ago, has now evolved to highly complex, targeted operations that rake in billions of illegally gained dollars. Attacks now come in all forms–from web fraud, DDOS attacks and POS intrusions, to crimeware, malware and cyber espionage. Additionally, there is no defined target spectrum for these cyber criminals: organizations and individuals alike are in their crosshairs.
Cybersecurity Issues Faced by Banks
One major issue faced by banks in Asia Pacific is the prevalence of malware specifically designed to target them and their customers. In the first three months of this year alone, new variants of the financial Trojan, Tinbapore, and new Gootkit campaigns were found to target banks and financial organizations in Asia. These developments point to their rapid evolution. For example, Gootkit prepares for attacks by using video recording functionality before it launches actual attacks on financial institutions’ websites. This means that fraudsters now have the ability to study the internal processes of financial transactions within a bank and look for gaps in approval processes without having to be in the bank. This is an example of the creativity that cyber criminals of today possess and the effort they are willing to put into refining the process by which they approach their victims.
Another issue is banks in Asia Pacific generally adopt a reactionary approach to cyber security by investing in resources only after an attack, or by doing minimum compliance just to abide by the regulations. Quite often, there are few to none cyber security professionals on their payroll, and they do not engage the services of specialist cyber security organizations. Additionally, there are limited comprehensive cyber security policies and regulations within banks and financial organizations, and even policies on a governmental level are not robust enough to make up for this shortcoming.
The final issue that banks and financial organizations in Asia Pacific faces is the need to protect themselves against cyber threats across multiple banking channels. With the rapid digitization of banking services, it is growing increasingly arduous to keep an eye on all of these banking channels. Even if there are safeguards in place to protect these channels, cyber criminals have proven to be savvy enough to find and exploit loopholes in the digital infrastructure of these banking channels.
In the past, most of a corporation’s value was derived from tangible assets such as products, buildings and people. Today, approximately three-quarters of an organization’s value is intangible. The digital space we reside and conduct business in has made a brand’s reputation its most valuable commodity. Financial cybercrime not only affects an organization’s cash flow or payment systems, it can also ruin a company’s reputation. Consumers and investors may not trust a company that has fallen prey to preventable cybercrime, and brands may suffer losses that they may not be able to recover from.
Leveraging Visibility for Cyber Threat Defense
With the rampant prevalence of cybercrime, it is important to stay prepared and protected and organisations are recognizing the need for cyber security strategies. Many businesses now conduct periodic threat assessments, while many engage active monitoring or analysis of security intelligence. They also have information security strategies in place.
For banks and financial institutions, they need strategies that offer real-time threat identification, deep analysis and comprehensive protection due to the dynamic nature of their operations.
Banks need visibility into the endpoints, the network and the applications of their IT infrastructure to ensure they remain agile in the protection of their online and mobile banking services. The current security solutions that some banks are using do not adequately offer the level of visibility they need. An integrated solution which oversees the protection of the networks, applications and endpoints will enable banks to put adequate security controls in place, allowing them to reduce instances of fraud.
Today, the creativity of attacks and process by which cyber criminals are planning and carrying out their attacks show how much they have stepped up their game. There is a pressing need to be vigilant. Cybercrime is one of the greatest threats to any business, as the slightest oversight could result in financial catastrophe. Carefully planning, and taking prompt action when–not if– your organization is threatened can make or break your business.
