Connect with us

Banking

Two weak links cyber attackers are exploring to breach banks

Why the financial sector must use security orchestration & automation to keep up with cyber threats        

By Rui Ribeiro, CEO at Jscrambler

The coronavirus pandemic has brought on a lot of changes into modern society, specifically when it comes to digital transformation. If we were already headed into the digital direction pre-pandemic, these unprecedented circumstances have only further accelerated the process. From education to banking, all sectors are going through this digital transformation, providing much-needed safer alternatives to in-person interactions. But how does this new paradigm impact the cybersecurity posture of organisations? How are financial institutions adapting and what do they need to improve?

When it comes to the banking sector, the digital component has become instrumental in the economy. On this note, it was found in a recent survey that 84% of consumers expect banks to actively transform their processes and offer digital services to keep them safe. We have seen large-scale closure of physical banks, and the use of electronic payments is increasing as people make the shift from cash to digital. Due to the circumstances, there has also been a general increase in e-commerce transactions, for example, there was an 81% increase in Italy according to Mckinsey & Co. All these factors are making traditional banks shift to digital banking faster than ever.

Incumbents are embracing the democratization of financial services and launching customer-centric platforms, for example, Santander launching openBank or RBS launching Bó. Not only are we seeing traditional banks shift their processes, but we are also seeing an increase in neobanks. These banks operate exclusively online without traditional physical branch networks as is the case with Revolut, N26, Nubank, and many more. But what does all this rapid growth mean for banks in terms of security?

With all the upsides digital banking brings, also come new challenges, specifically in terms of keeping user’s data safe. The core logic of modern web banking apps and hybrid mobile banking apps is written in JavaScript, a programming language that allows development teams to shorten product release cycles. However, JavaScript requires special attention in terms of security, as it can be easily retrieved or tampered with by attackers, who can target the JavaScript source code to plan or automate data exfiltration attacks.

The majority of digital banking providers also rely on an agile product development process to be able to keep up with market demand and they often sacrifice security because of it. This race also increases the possibility of web supply chain attacks since development teams are relying extensively on third-party code. For example, we saw this issue in November of 2018 when an attacker was able to gain control of the event-stream JavaScript library, which was a third-party code dependency of Copay, a cryptocurrency wallet. This allowed the attacker to inject malicious code which harvested the credentials and private keys of Copay users. The company’s development team did not detect the malicious code immediately and released several builds of the infected application.

The Copay example is only one in many incidents that have happened over the years. These cybersecurity incidents are sadly not uncommon, especially when technology advances as fast as it has in the past few years. With this rapid mutation of digital banking solutions, we see malicious strategies also improving fast to try and keep up with the market. Companies need to be aware of this double-edged sword so that they can also focus on improving their security. Having visibility and control over their products is crucial when it comes to ensuring that their web and mobile applications are not being leveraged by attackers to siphon user data.

In conclusion, although the shift to digital transformation is bringing a lot of needed safety for users when it comes to avoiding in-person interactions, users also need protection in the digital space. Because of this, banks are required to consider the possibility of the various online threats and find solutions to keep their users’ data safe. Developing an application fast enough to keep up with other digital banking applications is not enough to provide a good user experience. The key takeaway here is that banks need to take action now and mature their client-side security to prevent breaches and be compliant with regulations. If they are able to successfully manage their client-side security, they can outpace attackers and keep their users safe.

Editorial & Advertiser disclosure
Our website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.
Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Recommended

Newsletters with Secrets & Analysis. Subscribe Now