By Steve Bishop, Head of Head of Risk Information & Insurance at ORX
Over the course of the pandemic, ORX, experts in operational risk management and cybersecurity fraud, have been analysing how phishing scams and social engineering has seen a high rise within the banking and finance sector with security measures through working from home causing troublesome scenarios.
Steve Bishop, Head of Risk Information & Insurance at ORX and specialises in Cybercrime. He analyses how the current pandemic is affecting financial businesses around the world and the measures that need to be in place to operate with data safely in this unusual environment.
“In our regular conversations with over 100 member banks and insurers from around the globe, we’ve heard first-hand how concerns regarding cyber risk have been heightened significantly due to coronavirus. We see two main drivers behind this.
Firstly, the threat landscape has changed, with organisations noting a clear surge in both direct attacks and attacks on their clients and customers exploiting the pandemic. Specifically, they have seen more spoof domains appearing and tailored phishing attacks attempting to capitalise on fear. These are often manipulating the increase in communication from – and dependence on – governments and other bodies, as well as the enforced increased use of virtual tools. Firms we’ve spoken to have also seen more social engineering (where criminals attempt to manipulate staff and customers into divulging confidential information), and malware such as viruses – all with a coronavirus theme.
The threat is not expected to subside any time soon either due to malicious exploitation of longer-term financial and psychological stresses associated with the lockdown environment. This is combined with concerns raised about an increase in cyber-related fraud caused by an economic downturn, something which is highly likely following this pandemic.
The second driver behind the increase in cyber risk concern amongst the firms we’ve spoken to is related to their current operating environment. There are increased risks associated with remote working arrangements, with activities such as payments, customer identification and trading, as well as the management of sensitive data, all taking place outside of the office – often for the first time ever. They are also focusing on how prepared their many third and fourth party suppliers are to deal with increased cyber risk at all levels of their often complex supply chains.
However, in spite all of this, we have noted that our member organisations, including banks and insurers from across the globe, are responding robustly. They are focusing on ensuring their risk monitoring, management and response plans can keep pace. Many are often thinking weeks and even months ahead to make sure their controls are able to operate during stressed times, to ensure they work with their third parties and, importantly, to be able to support their customers. We also noted that our members are looking to the future as well, considering the lessons they are learning from the current situation and how they can improve longer-term resilience.
What is clear is that if businesses don’t manage the increased cyber risks associated with coronavirus, the impact could be significant, both on themselves and their customers. At ORX, we believe that industry-wide collaboration is one of the key components of the risk management response. Businesses working alone won’t have access to the same volume of shared data, insights and experience that those working together will have”