by Andrea Benito

How National Bank of Egypt handles security as online banking thrives

Dec 07, 2021

Abeer Khedr, head of cybersecurity at National Bank of Egypt, outlines major threats to banking as the sector undergoes digital transformation, and offers some tips on how to deal with them.

abeer khedr 2
Credit: National Bank of Egypt

Digital transformation in the banking sector is unstoppable and, with closures and safety-protocol limitations placed on physical bank branches due to the pandemic, has only accelerated over the last year. Banks have been forced to improve their digital services and guarantee their quality, while reinforcing information security and avoiding system crashes as a consequence of the increasing use of online banking.

When National Bank of Egypt (NBE) embarked on its digital transformation journey several years ago, the challenge was not simply to introduce digital services to their customers, but also to transform a culture — a culture that has been very reliant on cash.

Egypt’s population exceeds 100 million, and many bank customers are farmers, builders, senior citizens and those who have little exposure to technology. The challenge for National Bank of Egypt is to not only to get these customers to move to online banking against a natural inclination to use cash and visit familiar local bank representatives in branches, but also to ensure the creation of a robust infrastructure to support the millions of other users of online applications.

“Digital branches and auto-bank (bus) branches have further supported a seamless banking experience for our customers wherever they are even when on the road. In these almost fully automated branches, customers can interact with customer service through video chats in ITMs (interactive teller machines) and benefit from instant card issuance in these digital branches among other services. Additional digital solutions are planned for rollout this year which will be announced in due course,” says Abeer Khedr, head of cybersecurity at National Bank of Egypt.

“My role is to support business to deploy these digital projects securely,” Khedr says. “By aligning with management and business teams, early involvement in product initiation phases throughout design, development and testing, we ensure that security is properly integrated within the life cycle of our solutions and ensure timely go to market.”

Digitalization means investing in cybersecurity

The cyberthreat landscape facing the banking industry has evolved in unprecedented ways.  

This is due to many factors: digital transformation initiatives that have accelerated, calling for the adoption of new and disruptive technologies whose security may not have completely matured, coupled with increasing reliance on third-party fintech providers whose risk also has to be managed.

“Criminals have also abused the year of the pandemic and we’ve seen phishing campaigns and scams skyrocket, in addition to malware and ransomware, Khedr says. “Also with the discovery of so many zero-day vulnerabilities across many technology operating systems, in addition to recent large-scale supply chain attacks like SolarWinds, banks find they must step up the pace of their patching processes, their threat detection abilities and fortify their overall security measures.”

Attack vectors on banks now include not only the external perimeter but also banking applications, endpoints, and third-party APIs. In addition, there is the human element, with attackers targeting employees and an customers

Cyberattack vectors multiply

“Tackling this increase in attack vectors requires working with several categories of cybersecurity partners: security solutions vendors that provide you with needed systems and appliances for network defence, threat management, logging, multifactor authentication, and identity management, to name a few areas,” Khedr says. “Another category of partners we work with are security service firms that provide security assessment services, forensics, incident response and brand protection services.”

When new digital solutions were introduced, NBE also simultaneously launched customer security awareness campaigns that provided advice to customers on different topics: mobile security, phishing, scams, and social engineering. The campaigns were directed to customers and potential customers on social media, in branches, ATMs, through call centres and every other possible communication channel.

Considering the new threat landscape, NBE has increased its cybersecurity budget. Khedr prefers to use the term “investing” in cybersecurity, instead of spending.

“Increasing budgets for protection of an organization’s critical assets that keep the business thriving, allocating budgets for security awareness campaigns of your customers that helps them securely adopt your digital solutions while safeguarding them from scammers out there who are after their money — this increases customer trust in your organization as well,” Khedr says.

But money must be spent wisely.

“The security budget becomes a challenge when it’s not directed to the right resources and the expected ROI is not clarified properly to management and boards, and here the job of the CISO (chief information security officer) becomes important to map this investment to business, brand-protection goals, and overall organizational growth strategy,” Khedr adds.