Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

TACKLING CYBERCRIME IN FINANCIAL SERVICES
TACKLING CYBERCRIME IN FINANCIAL SERVICES

Published : , on

By Oz Alashe, CEO, CybSafe

Oz Alashe, CEO,CybSafe

Oz Alashe, CEO,CybSafe

It feels that barely a day goes by without a business or government agency suffering a security breach. Victims lose money and sensitive personal information, while organisations suffer reputational damage and the possibility of fines. The scammers and hackers move on to new, unsuspecting victims.

2017 was a bumper year for cybercrimecosting organisations 23 percent more than in 2016. The consequences captured headlines almost daily: in May, a strain of ransomware called WannaCry spread globally, affecting public utilities and large, well-known corporations; in July, a third-party vendor working with Verizon exposed the data of as many as 14 million U.S. customers; in September, tax and auditing giant Deloitte confirmed that it was hit by a cyber attack, resulting in the theft of confidential documents and emails.

Looking behind the headlines, however, cybercrime didn’t occur consistently across all industries. Some industries were, and continue to be, more prized by criminals than others.

Breaking into the bank vaults

At the very top of the list in 2017 was finance. Last year, the cost of cybercrime for companies in financial services was higher than any other sector. Organisations in the sector are roughly 30 percent more likely to be targeted than those from other areas.

Recent, high-profile examples include Tesco Bank, where customers were defrauded of £2.5 million, Equifax, which lost control of 143 million records, including sensitive, identity-related personal information, and UniCredit, Italy’s main bank, which was breached with biographical and loan data from 400,000 client accounts taken.

The heightened threat of cybercrime for the financial sector has proved to be overwhelming, with most companies failing to keep pace with the growing challenges of the cybersecurity sector. Each fresh scandal and disaster often comes as a shock to C-suite executives who, in the majority of cases, assumed their processes would be strong enough to deal with any possible threats.

With a criminal arms race in the financial market, those working in the space need to be equipped and capable of winning the battle. But where should financial services businesses begin in order to address the threat?

The human attack vectors

One, often overlooked aspect in the industry, is the human component- the threats posed to financial institutions directly against their people and their customers. Banks and other commercial entities are often technologically fortressed but fail to have robust training in place for staff.

As history has shown, that threat can appear right at the very top: embarrassing phishing attacks have pranked the Morgan Stanley CEO, James Gormley, and the Bank of England’sMark Carney. Carney was lured into a conversation with a supposed “MrHabgood” about bank notes and alcohol, whilst Stanley was misled into an embarrassing email conversation following the bank’s annual general meeting by a man he assumed was Chairman John McFarlane.

Their examples aren’t anomalies. Exactly43 percent of all cyber attacks are ‘social’ attacks such as phishing.

Changing ccybersecurity behaviour

The problem remains: how do organisations tackle the problem of ‘social attacks’? Staff training is inevitably part of the solution, but actually changing cyber security behaviour amongst staff is easier said than done.

Giving staff training manuals is by no means a guarantee that they will absorb and act on that information. One-off training sessions similarly have little impact due to the required concentration for the training to be consumed, and cyber security hygiene inevitably deteriorates over the course of the year.

It should be evident, especially for highly-targeted financial institutions, that ‘traditional’ cyber security training isn’t enough.

Taking a modern approach financial cyber security training

To keep pace with the developing methods of criminals online, what businesses need – the financial sector most of all – is a new, effective approach; one which understands how people learn and has a tangible impact, not simply on the cyber security knowledge of staff, but on their behaviours.

Cyber security training should be regular- it’s well documented within educational psychology that people digest more information in smaller, regular bites. Training should recognise that different people learn in different ways, and should embrace modern technology that enables it to be done at a time and place convenient for the individual. Training should also involve testing, to ensure staff have retained information adequately and would be able to act on that information.

Effective cyber security rests on three essential pillars- technology, process and people. IT professionals and business leaders have tackled the technology and process aspects through firewalls, patching systems, and encrypting data. Reputationally and commercially, financial services organisations must now pay closer attention to the people aspect of an effective cyber security strategy. Security can longer be considered an appendage to the general operations of businesses; it has to be ingrained in company culture.

Uma Rajagopal has been managing the posting of content for multiple platforms since 2021, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune. Her role ensures that content is published accurately and efficiently across these diverse publications.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post