The cybersecurity threat towards the banking industry
Working from home poses new threats to financial institutions as cybersecurity and digital transformation go hand in hand. With businesses undergoing rapid digital transformation, security needs to be simultaneously reinvented, especially when handling sensitive information or user data, which become prime targets for cybercriminals.
Financial institutions must deploy comprehensive, intelligent, and proactive security strategies. According to the Global Wealth Report, this sector is up to 300 times more likely to suffer a cyberattack than others.
This month the Financial Stability Board, which coordinates financial rules for the G20 group of nations, warned remote working during the pandemic has revealed new possibilities for cyber-attacks. Cyber activities such as phishing, malware, and ransomware attack grew from fewer than 5,000 per week in February 2020 to more than 200,000 per week in late April 2021.
Now that digital services have been widely embraced, banks need to pre-emptively protect consumers. New processes, barriers, and cybersecurity frameworks are required to prevent and mitigate attacks.Cibersecurity threats in the age of digital transformation
Financial institutions must consider strategies that consider new omnichannel models (physical branch networks, self-service, online and mobile banking services) to protect the entire banking ecosystem in a structured, centralised, and optimised way.
In our digital age and following the increase in remote working, criminals constantly discover new avenues to perpetrate their attacks. For example, data breaches have been on the rise during COVID-19 and can be catastrophic to financial institutions as user information can be manipulated by criminals to, among other things, gain access to accounts and obtain money.
There is also malware aimed at encrypting information and extorting entities by publishing the personal information of customers and/or employees.
Cybercriminals obtain private information about people or companies on social media, company websites or via other publicly accessible sources. Spear phishing uses this information to trick their victims into performing a task or sharing valuable information.
Another mechanism is social engineering, which is the psychological manipulation of people to make them reveal information or act wrongly. Often, victims do not even know they have made a mistake until the fraud is uncovered. Both types are targeted at a small number of potential victims, such as bank employees.
Another completely new cybersecurity threat that must be kept in mind, and addressed, is end-user PCs and laptops vulnerabilities. When cybercriminals send phishing emails or malicious attachments to employees, they target any device that can somehow be manipulated to gain access to the entire network. These endpoints act as ideal "windows of entry" and create an attack surface for further unlawful activities.
Broadly speaking, cyber-attacks are centred on the lack of knowledge of types of threats, poor maintenance of system upgrades, and unsatisfactory cybersecurity practices (for example connection to unsecured Wi-Fi networks).
Digital transformation has equally contributed to the massive use of new technologies such as cloud servers, which indirectly expose organisations to vulnerabilities – if they do not allocate the necessary investment to keep their systems secure.
Last, but not least, all industries have embraced remote working and gone digital because of the pandemic. The challenge now is to improve the overall customer experience no matter what channel is used.Lookwise Device Manager to the rescue
How is security maintained when employees work remotely?
Financial institutions must therefore also guarantee the security of personal data handled at a virtual helpdesk via webchat or video call. Recording sensitive data during a video call, for example, requires the highest possible security and compliance.
There are modern security solutions for financial institutions on the market, such as Auriga's Lookwise Device Manager (LDM), that protect critical applications used on remote workstations.
LDM offers a complete workstation package that simplifies securing and monitoring processes. The technology used exploits the concept of whitelisting to allow access to system resources in a controlled manner. For instance, the USB ports can be blocked when a video call or remote support is being made and the customer provides personal data, so that the video file cannot be saved on an external device.
AI and ML are playing an increasing role in cybersecurity to detect attacks at an early stage - emerging issues are virtually detected and fixed before they can negatively affect business operations.
Various security tools analyse data from millions of cyber incidents and use it to determine potential cyber security threat. An employee account acting strangely and clicking on a potential phishing email or a new type of malware can be more easily identified.
No matter if it is during the pandemic or beyond, providing the right security measures for each workstation is critical to the success of a business. Secure workstations are the foundation of secure networks - if a hacker gains access to one workstation, the entire network is compromised.
Cybersecurity is an ongoing investment, commitment, and priority - no access point can be neglected if business leaders want to avoid exposing the organisation to critical risk.