Over the last decade, the banking industry has gone through multiple changes structurally and operationally owing to rapid technological advancements. Most banking services and their corresponding back-end operations have now become digital. Along with this digital transformation also rises the challenge of information technology security. The myriad types of cybercrimes such as phishing, stalking, spamming, spoofing, hacking, ransomware attacks, and other physical and digital frauds compel individual banks to secure their network and servers with advanced firewalls.
The financial sector has become the main target for cyber attacks because funds are now digitally stored and transferred. Without sound cyber security measures in place, a bank’s sensitive data could be at risk. Cyber security experts point out that the global pandemic crisis is going to compound the cyber risk due to the sudden spurt of online working.
This new digital workforce has pushed most financial institutions including banks to significantly contribute to online footprint by using multiple applications, including renowned video conferencing solutions that have led to privacy issues and phishing attempts including ransomware attacks. For example, Zoom’s default settings were not secure enough because of which it faced huge privacy issues and security backlash.
Robin Bhowmik
Last month, the FBI had warned banks of a series of cyberattacks in mobile banking services. Fidelity National Information Services (FIS) reported a 32 per cent jump in credit and debit card fraud in April 2020 compared to the same period in the last year. In India, according to the Bengaluru Cyber Crime Records Bureau, the number of cybercrimes detected during the first two months of lockdown in Bengaluru saw a sharp increase (1,308 cases) with a majority of them related to bank frauds and scams targeted at elderly people and single women.
Understanding cyber crimes
According to the India government, 13 per cent of cyber crimes have been successful because of the involvement of insiders from the organisations. However, employees also play an integral part in detecting and preventing such wrongdoings. This highlights the importance of awareness and proactive behaviour among bank employees to realise a cyber-risk-free banking culture.
Also, the workforce and organisations need to focus on the following pursuits to protect their ecosystem:
Bank employees need to be conscious of the vulnerability of devices that are being used across corporate applications such as laptops and smartphones. The possibility of cyber threats is high as these devices are an inherent part of our lives today. They need to ensure these machines have up-to-date full-service security that provides real-time protection against malware and protects information when online.
Rise in sophisticated attempts to steal data, including the use of cloning devices, and fake users have made practices like multi-level authentication fundamental in every transaction. Attempts to steal such authenticated data are also getting more sophisticated through apps which mirror the devices and then release the details to hackers.
Bankers need to be aware of possible data leaks across the spectrum of their business due to such cyberattacks. They need to be cognizant of potential phishing attempts on social media platforms such as WhatsApp.
How BFSI sector is dealing with cyber threats
Banks have started using prescriptive approaches to strengthen cyber security. Protective measures already in use include antiviral and anti-malware applications and firewalls. Intelligence-driven measures, which include the use of artificial intelligence to augment authentication methods via biometric logins, are already in place. The use of fingerprints to verify payments on digital payment apps such as Google Pay is a good example of this. Phishing threats are detected and prevented using a combination of artificial intelligence and machine learning.
Cost of a cyber attack
JPMorgan Chase had recently revealed that the company spends about $600 million in cyber security systems every year. Though this is a large amount to spend, when we consider what is at risk, this is a small price to pay to avoid reputational and financial losses. After a cyber security breach, businesses lose 3.9 per cent of their customers, on an average. The loss is way more significant for banks and financial institutions. Since trust is pertinent for customer retention in the BFSI sector.
Hostile attacks are very common today and they cost 25 per cent more than breaches caused by mistakes in a network. Hostile attacks have increased by 20 per cent over the last five years.
Increasing awareness among employees
No fraud prevention program will be successful if employees cannot detect illegal activities and respond dynamically. Therefore, banks need to adopt a comprehensive training module to prepare their staff to handle such mishaps.
The following steps can be taken to bolster a cyber security culture in the financial sector:
- Implementation of training to understand cybercrimes is necessary. Unless sufficient knowledge by way of periodical training—both on and off the job—is imparted to all the workers, banks will not be able to safeguard the interests of their customers and may also be exposed to huge reputational and financial risks.
- Banks should also train their employees in robust anti-fraud measures for detecting anomalous transactions, to be able to alert the customers and prevent possible losses. As part of training, banks may include simulations of cyber-attacks and/or case studies so that employees can understand the threats they are likely to face and are better equipped to react to cyber offences.
In conclusion, cyber security is a real challenge for industries all over the world, especially the BFSI sector. Banks are the prime target for cybercrimes and register million-dollar losses every year. It is absolutely crucial that we find ways to mitigate the threats of our cyber security while still being able to provide our customers with convenient, technologically advanced services.
