Cyber Security for Banks - Risks and Controls
By Finacle Client Advisory Board’s (FCAB) Working Group (WG)
igitalization is changing the face of banking. Regulatory mandates such as Open Banking, and new business models such as the platform business model in banking are setting unprecedented transformation in motion, a transformation which is not only about embracing new ways of doing business, but also about aligning internal processes and operations to ensure success in the new digital future. Technology is the bedrock of this transformation since a large proportion of it is buoyed by evolution of technology and the new possibilities it enables, such as the free movement of data for innovation and collaboration. But these new possibilities are bringing some existing concerns into greater focus. With the rise in cases of data theft, unethical exposure of records, and sophistication of methods of attack, Cyber Security has become a strategic priority for banks.Moreover data privacy regulations such as GDPR puts the onus on banks to ensure customer data held by the bank is securely managed by them under the threat of punitive action by regulators. This trend of strict data privacy is catching-up on other geographies as well.Hacks and system vulnerabilities cost millions of dollars of revenue* to banks worldwide. The cost of irreversible loss of reputation such incidents inflict, is worth more than the millions of dollars lost in revenue. The stakes are higher than ever before.
With this as the backdrop, the Working Group (WG) of Finacle Client Advisory Board (FCAB) has come up with a set of recommendations to mitigate critical vulnerabilities and risks. The FCAB WG first set out to identify the crucial vulnerabilities modern banks have to deal with, in order
to make the apposite recommendation for controlling or mitigating each such risk identified.
The FCAB WG classifies Cyber Security related risks into seven sub-tracks. The WG has followed industry best practices to come up with its recommendations.
The group is confident that these guidelines will serve as
a good reference point for the Chief Information Security Office (CISO) of Banks embarking on new Cyber Security initiatives or looking to enhance existing Cyber Security controls.