In January 2021, I contributed an article to the Amount blog, a platform dedicated to fintech innovation and banking security, titled “Banks Against Cyber Attacks.” The piece examined the escalating threat landscape facing financial institutions as digital banking accelerated, highlighting the critical importance of robust cybersecurity practices, the adoption of advanced technology, and a culture of security awareness. My article emphasized the importance of proactive risk management, regulatory compliance, and ongoing employee education in protecting sensitive financial data in an increasingly interconnected world.
Although the original post has since been removed from the Amount website following my transition from the company, its insights remain relevant in today’s rapidly evolving digital environment. I am proud to have contributed to this important conversation and to have helped raise awareness about the vital role of cybersecurity in fintech and banking.
It’s the age of cloud banking. Bank products and services have become widely accessible over the internet out of necessity. These innovations have enabled efficiencies in our day-to-day lives, while also heightening the risks of cyberattacks.
Why are cyber attacks dangerous to financial institutions?
Cyber attacks are digital assaults against computers, networks, and/or databases. They can be used to disable computers remotely, steal data, or hack a system’s operations, among other things. Banks are particularly susceptible to cyber attacks.
According to research from the Boston Consulting Group, financial institutions are 300 times more likely to suffer from cyber attacks than organizations from other sectors. This underscores the importance of prioritizing a strategy, both defensively and offensively, that combats the risks of modern banking and finance.
While cyber threats have been looming for decades now, the global pandemic has further worsened the potential damage in the financial sector. With the shift from cash payments to online alternatives, cybercriminals are given more avenues to execute their attacks. In the past few years, the surging e-commerce space has created new opportunities for both consumers and cybercriminals. Unfortunately, the net result is an ongoing rise in compromised data and stolen money.
With cybercriminals becoming more sophisticated in their tactics, banks must improve their cybersecurity measures to ensure that their digital systems are not vulnerable to attacks.
What can banks do to protect themselves?
Some financial institutions have begun taking appropriate measures to protect their digital assets. Darren Argyle, Chief Information Security Risk Officer at Standard Chartered Bank, places an emphasis on creating application programming interfaces (APIs) with tight verification and authentication processes in place. It’s important to learn how cybercriminals operate so that the institution can put the appropriate security measures in place.
The banks’ Information Security teams conduct red/blue teaming exercises to simulate how their security measures hold up against cyber attacks. Through these practices, the team can assess how effective the security system is and pinpoint any weaknesses in its structure. Of course, designing secure systems and then conducting red-teaming exercises are not the only way to protect digital assets.
Let’s take a closer look at how banks can safeguard against cyber threats.
Find the weak points
Coordinate with the IT department and take a deep dive into the system’s applications and databases. Find out all the information that can be used by hackers to execute cyber attacks against the bank or its clients. Don’t enact security measures without assessing the current system first. Identify the weak spots prior to making any strategic decisions.
Banks and financial institutions conduct repeat audits to ensure these gaps are filled and to pinpoint new gaps, many times through third-party providers to ensure the most current protocols. Given the complexities of banking and cyber regulations, many banks simply do not have the people power to ensure this type of oversight.
Enter artificial intelligence and machine learning.
artificial intelligence (AI) and machine learning (ML) systems
Business email compromise via phishing emails are the most common cyber threat for financial institutions. Old tactics like email flooding, spear-phishing, and malware have made a strong comeback in recent times. This can be attributed to services on the dark web that have enabled these methods of attack with little effort and resources. The black market enables attackers of all skill levels to carry out complex attacks. Personalized emails to employees require a simple cross-referencing of social media resources, breaking down the organizational security barriers.
Incorporating AI and ML into the bank’s digital system can help in detecting fraudulent emails and even tracking phishing sources. With machine learning in place, a security system will be able to adapt much quicker than any person, making it an effective measure against fraud. In the future, AI and ML systems will be widely implemented to guard against more cyber threats so it’s crucial for financial institutions to establish these systems early.
Focus on security fundamentals and avoid common mistakes
As the threat landscape broadens, adversaries are growing more sophisticated and crafting more complex attacks to cause even greater damage. Navigating through the complex threat landscape can be challenging. It can be tempting to fall victim to a new shiny tool that assures protection against threats to the organization, but that is not necessarily the case. Many times the most widespread cybersecurity breaches emerge from a lack of security basics done right. The following are key areas where organizational mistakes frequently occur:
Security basics
- Identifying assets, assessing risk, security training, and shaping a strong response plan are essential practices.
Environmental vulnerabilities
- Neglecting to patch vulnerabilities in a timely manner leaves financial institutions susceptible to attacks. Vulnerabilities are not only limited to bugs, but also include misconfigurations.
In-depth defense practices
- Continuing to identify, apply and enhance security controls while accepting that the technical landscape will change over time will ensure best practices from a defensive standpoint.
Educate all employees on cyber threats, not just the IT department
In 2021, cybersecurity is no longer just a role for the IT team or the security team. It’s paramount for organizations to educate every employee, partner, client, and customer on the dangers of cyber threats. Employees need to be aware of basic security measures that must be practiced when handling banking processes—be it online or through traditional means. It should not end there.
Given the current cyber threat landscape, attacks against banks are not a matter of if, but when. It is one of the top concerns for the financial industry. Banking professionals are encouraged to take the necessary measures to protect their systems against hackers. And they need to realize that doing so is the job of both the employees and the clients.
Choose the right partners and vendors
While having the right processes, professionals and educational plans in place is important to fight against the ongoing cybersecurity battle, banks need to have a strong platform at their core in order to protect their digital assets and customers.
While banks can certainly build their own platforms, FinTechs have become a viable—and quick—option for banks looking to go digital and elevate their fraud and verification capabilities.
Amount provides the essential technology banks need to best protect their customers and their information. With core platform features including fraud prevention, verification, decisioning engines and account management, banks have the ability to serve and protect their customers every step of the way.
Learn more about how you can upgrade your bank’s infrastructure.
