Cyber Security Risks and Financial Applications
- July 25, 2016
In today’s modern world cyber security risks and financial applications go hand in hand. Internet banking is growing across the globe and the pace of its popularity among the people indicates that it may overshadow the traditional brick and mortar banking system in future. A vast majority of the adults today conduct financial transactions through online channels. A study conducted by Bain & Company last year has claimed that the mobile devices alone are responsible for 30% of the total international banking transactions. (Source: Bain & Company). What varies is the way individual users utilize the online and mobile banking channels. Statistics show that approximately 90% of mobile users have used mobile phones to check their bank account in the past 12 months. (Source: Statistic Brain)
Although online channels are convenient for the consumers and are the least expensive option for the banks, however, they expose both the banks and customers to a multitude of risks. Considering the amount of confidential information saved by the banks and the magnitude of financial transactions taking place internationally on daily basis, cyber-theft poses banks to crucial downside risk lest the security systems could be compromised. According to Thomson Reuters the average monthly volume of foreign exchange transactions is more than 350 Billion US dollar since January 2015. This shows that how large is the volume of monthly average of foreign exchange transactions that occur between businesses and individuals through financial intermediaries.
Most Common Way for Hackers to Breach into the System
Besides the apparent method of stealing money by breaking into the bank, another motive for cyber criminals is to steal confidential information related to the bank accounts of clients for example, email addresses, contact numbers and credit card details of clients. This enables the hackers to not only conduct fraudulent transactions but also to expand their network and gradually infiltrate into the other groups that are linked to the bank e.g. vendors and financial organizations.
Banks now realize that they are facing the threats of cyber-theft from highly skilled and organized hackers and therefore, they are taking countermeasures to secure the online banking systems. Nevertheless, malware in today’s world are increasingly customizable, which makes it impossible to bring everything under the tab. The most common means for malwares to infiltrate into the banking systems is through emails via infected attachments and links which may be sent from hackers to some of the high ranked bank employees. This makes the computer systems of employees of a financial institution as the primary targets of hackers. The world’s leading banks namely, Barclays, HSBC, Lloyds Banking Group, RBS and Santander report that 93% of the breaches are attributable to human error wherein a naïve employee clicks on an infected link or opens a malicious document. Once given the access, it spreads in a frenzied manner circumventing security gateways and unabashedly stealing vulnerable information. (Source: ITProportal). With the advent of smart phones, the risk of being exposed to unwanted parties has multiplied because the security breach from smartphones is easier as they can be connected to any Local Area Network that may be associated to a bank.
Control Measures should be Put in Place
The question is that how the financial institutions can strengthen their guard to block out those who want to benefit from the vulnerabilities inherent in every online banking system and application?
The most proactive approach in this regard is to invest heavily in technological advancements. Realizing this, the business firms, financial institutions and organizations have increased their information security budgets by 24% in 2015. (Source: Global State of Information Security Survey 2016)
In addition to that, employees should be trained to identify the spam and infected emails and raise a red flag. Financial institutions should understand that training for employees is not a one-time process; rather, it should be ongoing. Most breaches can be evaded if only the employees understand the vitality of keeping security of information as their top priority. Financial institutions can also introduce friendly reminders like circulating emails or pamphlets on monthly basis and organize a meeting to highlight the issue semi-annually or annually.
Even though the advanced security systems are in place and employee training is properly conducted, human error can be controlled only to a certain extent. Therefore, the more critical the information is the more strictly it should be guarded. Four-eye principle should be in place and any employee who disrespects confidentiality should be heavily penalized. However, no matter what systems are installed and how aggressive an institution is about safeguarding privacy of its clients, there will always be security loopholes in the system meaning, thereby, that 100% safety can never be guaranteed because of the two essential reasons:
- Human error cannot be alleviated
- Hackers are sophisticated, organized, work in groups and are extremely difficult to track down immediately
For these reasons, multiple checks should be employed within the organization at each level of the hierarchy to protect against data loss, theft and compromise. Security measures are required to be in place, including, but not limited to the following:
- Password policy should be enforced. Strong passwords are recommended and that should be changed on quarterly basis.
- Devices should be updated regularly with patches/ updates.
- Software in the system are required to be configured properly.
- There must be some anti-virus software installed on every system.
- Spammed emails should be detected and removed.
- Personal information should be protected. Digital foot prints should never be left behind to be traced easily.
- Browsers should be protected to avoid Drive-by downloads
- Data backups should be in practice.
- Network should be well equipped so that it can handle the cyber-attacks.
And last but not the least, Education and Training of employees of financial institutions and banks can play the most important role to protect against the cyber-attacks.