Here are some pointers on deploying a robust security infrastructure:
- A more robust B2B integration of applications — There is definitely scope for technology improvement in the financial sector. Each online platform or mobile financial service offering involves a complex supply chain of multiple vendors. FIs work with these vendors to provide seamless services for their customers. The downside of such an arrangement is the probability of a security breach at each integration point. Therefore, FIs should be committed to providing a comprehensive and robust security infrastructure to prevent breaches.
- Application logic security: Focus area for FIs — Nowadays, customers are relying heavily on online banking to make their financial lives easier. Therefore, FIs have been at the forefront of innovation to make online banking a seamless and secured experience. Several initiatives have been put forward to make online banking more secured include prompting customers to provide complex passwords when accessing their accounts for example.
However, FIs should be aware that there still exists underlying problems between applications that could still compromise security and data. Thus, it is paramount to have a robust application security system in place, as 85 percent of Internet traffic is served by web applications. According to a report by the Internet Society, the Asia Pacific region will have the greatest mobile Internet traffic in the entire world.
It is believed that there are attackers who are targeting specifically on web applications. Such knowledge should be shared among FIs so that they are more aware when building applications for their customers. Therefore FIs need to incorporate not only password protection and flow control, but also application logic security.
- Invest in Web application firewall, email archiver and next-generation firewall — Data protection technology and application security technologies are cornerstones to any financial institution. More specifically, there are three important domains institutions should invest heavily in: applications security, content security and network security.
The Web application firewall takes care of application layer threats including mobile and browser-based applications. The email archiver guards a company's email data which allows fast retrieval and protects the data's origin on the premises of the company. The next-generation firewall scrutinises incoming and outgoing data that is traversing in the company's network and detects unauthorised data traffic that is not meant to be accessed by a particular layer. This is the key to guard against information vulnerability from an unwanted source.
- A vigilant security infrastructure — High traffic and data visibility is one way FIs can stay vigilant in the cyber and digital space. Companies need to examine what goes on when their portal or application is up and running. More than what the traffic is going through, they need to know what kind of data is being transferred over this traffic. As such, setting up a process in risk management is imperative in the event of a data breach. This will ensure that the breach can be put out in the shortest time, mitigating the risk.
FIs need to invest in a good risk management approach to vulnerabilities and seek advice from experts in the security domain. By reaching out to these experts, they can have a better understanding of the latest technologies that are best suited for their security infrastructure.
Sign up for CIO Asia eNewsletters.