Matt Allan
Head of Engineering
The banking industry, owing to its unfettered access to financial wealth and personally identifiable information (PII) of customers, has always been an attractive target for cyber-attacks. Since COVID-19, the banking industry has seen a massive upsurge in digital transactions and there has been a corresponding and alarming rise in cybercriminals attacking the banking systems for vulnerabilities as well as duping consumers to reveal their credentials.
The banking industry, owing to its unfettered access to financial wealth and personally identifiable information (PII) of customers, has always been an attractive target for cyber-attacks. Since covid, the banking industry has seen a massive upsurge in digital transactions and there has been a corrAccording to the Verizon Data Breach Investigation Report (DBIR), in 2022, 23,896 security incidents ensued, of which 2,527 incidents and 690 confirmed data disclosures belonged to the financial and insurance industry alone. As the financial industry is becoming more digital and partnership-driven with the launch of new regulatory mandates such as open banking, and the adoption of new business models such as banking-as-a-service and embedded finance, the tables have turned from internal factors being the cause of data breaches to external ones, with 73% of the violations arising from external actors.
Shared banking systems, web apps, widespread use of machine learning algorithms, and API integrations with third-party providers have only added more vulnerabilities for data breach incidents and cyber-attacks. Not only would this put such highly critical information in the wrong hands, but it would also equally cause reputational damage to the bank itself, where it may even need to face regulatory penalties or legal costs. In September 2022, KeyBank publicly announced that an untold number of its mortgage customers had their information stolen. It was later slapped with a lawsuit, claiming that both the bank and a third-party service provider were negligent in monitoring and controlling potential IT security issues.
With incidents related to cybersecurity in banking becoming more instantaneous and sophisticated, we look into why cybersecurity has become a crucial agenda for financial institutions.
Cybersecurity in Banking: The Imperatives for Financial Institutions
Cyber incidents have a multi-faceted impact on a bank’s business. Just one cyber incident may result in a significant amount of financial loss and reputational loss, while also inviting regulatory enforcement actions and lawsuits. Even if cards are cancelled, and fraud is immediately taken care of, banks’ data can still be used to target market strategies or reveal information that can be used against the bank. The September 2017 Equifax breach that impacted 147 million customers and the October 2014 JP Morgan Chase data breach resulting in stolen customer contact information of 83 million accounts just prove that even the most industrialised institutions must maintain cybersecurity hygiene.
The bank itself may have to reimburse the ransom amount in some instances. On 28 May 2018, BMO and CIBC announced that hackers had breached their computer systems and stolen sensitive client information. Fraudulent transactions occurred following this data breach, and both BMO and CIBC reimbursed their clients for over $6.85M and $1.78M, respectively, of money stolen through these transactions.
Strict regulatory requirements only add further to the looming challenges for banks when it comes to cybersecurity practices, with many organisations at risk of inviting enforcement actions if they fail to adapt to the ever-changing laws.
From Cybersecurity in Banking to Cyber Resilience
Banks and financial institutions are expected to continue to be victims of diverse forms of cyber-attacks. From phishing, malware (mostly ransomware), and social engineering to cloud-related hacks, the industry is prone to diverse threats with changing behaviours. Denial of service (DoS) attacks account for 58% of security incidents in the vertical, where the targeted host is flooded with traffic so that legitimate users can’t access expected resources. The New Zealand Stock Exchange had to shut down operations in 2020 following an extended Distributed DoS attack on a network provider. Another surprising factor is the misdelivery of sensitive information to the wrong recipient, which is three times higher in the financial sphere compared to other sectors.
With such a high-risk environment and so many sources of vulnerabilities, where do banks even begin their cybersecurity journey? To ensure successful threat monitoring, institutions need to consider building cyber resilience that allows them to mitigate and minimise cyber incident-related risks. Below are some of the measures adopted by leading financial institutions:
- Building capabilities: By appointing skilled security teams at the first and second lines of defence, and providing them with relevant training, banks can better identify the gaps and make decisions about their threat landscape. In 2016, KBC Group formed its Cyber-Expertise and Response Team (CERT) in its Brussels, Belgium, headquarters. The team was tasked with orchestrating the response to cyber threats throughout the group’s multiple entities throughout Europe.
- Model management: To identify novel scenarios related to cybersecurity in banking, manage their portfolio, and build resilience over diverse incidences, banks should take into consideration periodic reviewing and classification of cybersecurity models. BRAC Bank, one of the largest banks in Bangladesh, realised the urgent need for a security information event management (SIEM) solution, an automated solution that provided real-time monitoring across their entire network. The National Bank of Georgia also adopted a SIEM solution to simplify its log management.
- Integrating innovative applications: Developing extended detection and response (XDR) systems, API security, development, security, and operations (DevSecOps) tools, or cloud encryption are just a few of the many ways to incorporate modern cybersecurity solutions to protect data better. At NayaOne, we’ve partnered with various specialised security solution providers to address the banks’ unique needs.
How NayaOne may help you build a robust cyber resilience
NayaOne is a one-stop destination that helps improve cybersecurity in banking and promote cyber resilience by discovering and evaluating modern technology providers for their cybersecurity needs. Through one direct connection, banks have access to pre-vetted datasets and in-built governance rails that support the identification and review of cyber defences while ensuring compliance with cybersecurity guidelines.