Banks all around the world are re-imagining their businesses to put customer demands front and center. They are undergoing massive digital transformation processes to do so; however, these transformations, coupled with an always-connected, digitally savvy customer and an emerging “hacker industry,” create new and heightened security risks that banks must deal with immediately.
This is a new normal for banks, as evidenced by recent attacks such as the SWIFT hack, and maintaining the security of their systems and customer data will require them to follow new rules and regulations.
The security risks facing banks come as a result of three key issues, all related to a bank’s most important asset: data.
First and foremost, the value of the data—both in terms of what information can be extracted and what a potential hacker could exploit from that information—is extraordinarily high. That means hackers are getting aggressive, looking for any and every way possible to breach security protocols and steal data.
It’s no secret that the sheer volume of data being collected and stored is higher now than ever before. According to EMC, by the year 2020, about 1.7 MB of new information will be created every second for every human on the planet. The data boom isn’t any different for banks—as customers access their banking information across multiple channels and touch points, they’re able to capture new and unique information about customer habits, preferences and more. That information makes banks a goldmine for hackers.
The number of endpoints and systems exposed to the outside world is increasing, which means data no longer remains locked inside a data center. Instead, it proliferates outside of the four walls of business, making it vulnerable to hackers and security threats.
With more endpoints to access, and an ever growing volume of data that’s increasingly valuable, it makes sense that security attacks are becoming more sophisticated and persistent. In fact, a study by the Ponemon Institute found that in 2015 a staggering 65 percent of companies experienced Advanced Persistent Threats (APT)/targeted attacks.
How banks can handle cybersecurity threats
The most difficult part of dealing with security threats is staying ahead of the “bad guys.” To do so effectively, banks must take a proactive approach. Here’s how:
1. Make cybersecurity education the priority
The first, and perhaps most important, step to fighting the bad guys is education—and this means for everyone, not just the IT team. To be truly secure, everyone from the bank tellers to the CEO needs to be digitally savvy, educated on proper security protocols and up to date about different types of cybercrime.
Protecting your bank needs to be a team effort. Some of the highest profile hacks in recent years may have started with something as seemingly benign as an easy password (1234# anyone?) or failure to enforce two-step authentication. Every employee needs to understand not just the value of protecting customer and colleague information, but also their role in keeping it safe.
In addition, cybersecurity protocol must become a part of the formal GRC (governance-risk-compliance) process, according to KuppingerCole. And banks should also look to the industry for support and work together to share best practices and guidelines, as evidenced by the announcement earlier last year of a new consortium comprised of eight of the largest banks in the U.S. The consortium’s goal is simple: collaboration and knowledge sharing.
2. Explain the rules to your employees
Now that the culture is in place, controls need to be added. People slip up and forget—it is human nature—that’s why controls are of the utmost importance when dealing with valuable and sensitive customer data. Banks do not have the luxury of leaving employee compliance up to chance, so IT departments need to actively play a role in ensuring that employees follow security protocol, not just passively respond to potential threats.
Banks should re-evaluate their controls and processes often, particularly with regards to business as usual cyber-risk process controls, and the culture that supports it. Ultimately, a bank’s cybersecurity governance must be enforced consistently and proactively, and it all starts with the right processes.
3. Find the right technology partner
Now, more than ever, it’s imperative to have trusted technology partners to help navigate the sometimes murky waters of cybersecurity. These technology partners come in many shapes and sizes, but there are two that should be considered a priority: service providers that make it their business to host, secure and manage analytics or cloud-based programs and development partners that are willing to work hand-in-hand with a bank to ensure maximum security across the business.
As banking goes digital, there are sure to be many moving parts. One of the best approaches to maintaining security is implementing a modern technology platform that’s capable of taking a holistic approach to cybercrime. That means combining a variety of defenses—including business operations, management oversight and independent audits—with sophisticated compliance analytics that are able to predict and proactively react to threats before a breach even occurs.
By following these three steps, banks will be ready to put their best foot forward to staying secure in a new, digital age.