By Bindu Sundaresan, Director, AT&T Cybersecurity

In the last year, financial services organizations have been pushed to speed up their digitization strategies faster than they could have ever anticipated. The COVID pandemic has closed the doors of many physical banks, forced them to move many interactions with customers to digital and introduce new measures so employees can carry out their jobs from home.

The uptake of digital banking has been immense with a recent report from World Retail Banking revealing that 57 percent of consumers prefer internet banking in the Covid-19 era. Today, connected consumers expect near-real-time online transactions at their own convenience, 24X7, and they expect banks, credit card providers, and stockbrokers to provide uninterrupted web services wherever they are in the world.

However, while this digitization has enabled banks to fully serve their customers during the pandemic, it has raised the security stakes considerably.

All around the world, while financial services organizations are adapting and taking advantage of digital technology to make consumer banking and payments safer, faster and more convenient, cyber criminals have been looking at ways to exploit these new initiatives.

What are the best ways financial organizations can embrace digital transformation, without compromising on security?

Embracing Digital Transformation Security

Financial institutions have long been a top target for cyber criminals and as these organizations broaden their digital footprint, their risk profiles change, and their attack surface widens.

In fact, a recent report from AT&T Business revealed that many organizations have noted an increase in malicious activity and cyber-related fraud against themselves and their customers, since the coronavirus pandemic struck. The attacks on institutions are typically happening through malware or social engineering campaigns, while customers are especially vulnerable to phishing with cyber criminals sending out fake COVID-related emails disguised as if coming from banks.

To help understand and manage these risks, financial organizations need to be proactive with their cybersecurity. One of the most important steps they can take is embedding security into new services from the very beginning. This will enable business leaders to make informed decisions, allocate resources efficiently, and understand the value of systems and information.

Banks and other financial institutions handle some of the most sensitive information for their customers and business – Personally Identifiable Information (PII), credit card numbers, and account information. However, as access points to reach this information increases, security should be embedded into systems earlier in the development process. To help achieve this, security teams need to work more closely with developer teams at the beginning of development stages when new technology is being introduced, rather than security being bolted on at the end, which is something that has traditionally happened.

Building a security-conscious culture is also essential, particularly as employees today are more frequently working from home. Employees need to be educated about the most current fraud and phishing scams and how to avoid them. They should be instructed to access sensitive data from a secure network, using their company device, and through the prescribed channels—not by clicking a link in a newly received e-mail. Employees should not open unexpected e-mail attachments and should report suspicious e-mails to the company’s IT department.

Since external IT services are ubiquitous in today’s business environment, it is imperative that as financial services organizations assess technology providers to provide that  these services do not pose an immediate impact, while also strategizing how best to fortify resilience against third-party challenges. Many third-party services are critical to an organization’s success, including technical support, cloud-based financial applications, security monitoring, email and data backup solutions. Vendor management is a complex and time-intensive task which many organizations do not, and in many cases, cannot dedicate the time and resources to managing. For companies with a small number of vendors, this can be manageable, but most organizations will need additional support to create and implement these programs effectively. By dedicating resources to developing a program, organizations can begin to understand and eliminate the threats posed by third parties.

Financial institutions should also consider implementing a Zero-Trust approach within their security strategy. Zero Trust is a cybersecurity model with a tenet that any endpoint connecting to a network should not be trusted by default. With Zero Trust, everything and everyone— including users, devices, endpoints —must be properly verified before access to the network is allowed. The protocols for a Zero Trust network outline specific rules in place to govern the amount of access granted to users, based upon the type of user, their location, and how they are accessing the network. If the security status of any connecting endpoint or user cannot be resolved, the Zero Trust network will deny the connection by default.

Conclusion

Since the beginning of the pandemic, financial organizations have been forced to change the way they operate. Employees are now working more frequently from home and many banking services can now be done online. While these steps have been vital to keep the finance industry moving during the pandemic, they have introduced new security challenges.

As these organizations embrace digital transformation and are shifting to the cloud, simplifying technology infrastructure and outsourcing workloads to third parties, they are also expanding their cyber risk. Cyber has become more prolific across systems, platforms, and people — employees, customers, and partners — and enterprise leadership must correlate all of this to stay ahead of the adversary and help  protect the organization’s most valuable assets.

Financial institutions therefore must be increasingly vigilant, and increasingly well-equipped technologically, to protect themselves from sophisticated attacks. In this way, digital transformation becomes both a critical contributing factor in the problem of growing cyber risks today—and a critical resource for solving it.