Commuters pass the offices of Swiss financial company UBS, on April 1, 2008 in London, England. Credit: Thinkstock
Banks are being targeted by cybercriminals, and that looks likely to continue in a world with more data and devices. Are banks being innovative enough with information security to ward off the threats?
From chip-and-pin fraud and distributed-denial-of-service (DDoS) attacks to malware and nation-state APTs, cybercrime has become a big problem for banks across the world.
In the last year alone, we’ve seen the emergence of Carbanak, the Russian gang which stole $1 billion from more than 100 banks across 30 countries, as well as high-profile data breaches at JP Morgan Chase, HSBC, Halifax and Barclays. JP Morgan subsequently pledged to spend $500 million on security following its breach in late 2014, a trend adopted by many other companies post-breach. Indeed, PwC predicts that US financial services companies will increase their cyber security budgets by $2 billion by 2017.
Banks more open to attack
This spending, and increased focus on information security, is hardly surprising. Banks are being asked to be more open, digital, and customer-focused through the advance of newer technologies like mobile payments, biometrics and wearable devices. Even additional security, such as two-factor authentication and password management, must be done with user experience in mind.
This is, however, putting an enormous strain on bank security teams, supply chains and compliance, as outlined by UBS CIO Oliver Bussmann in a recent blog post.
“[The] digitization of services means data privacy becomes an even more important issue than it already is for every financial services institution. Recent malware incidents show how fast changing cyber-security threats are and how important it is for any new technology to place data protection above everything else.
“The regulatory landscape is also becoming tougher and any new developments must be integrated. Consequently IT systems need to have the flexibility and agility to respond to new demands from financial authorities. This is challenging, particularly for smaller entrants to the market, because resources are finite,” said Bussmann, adding skills is another ‘major’ challenge in light of the advance of new technologies.
Commentators, subsequently, say that banks now have to innovative to satisfy customer ‘wants’, rather than needs, with YBS Group head of information security and risk, Mike Jolley, saying customer-centric strategies are emerging.
“Strategic trends are around a customer-first digital strategy. A year or so ago it was digital first,” he told CSO Online.
Alex Van Someren, managing partner of the Early Stage Funds at Amadeus and director of the Cylon London start-up accelerator, believes banks must think like hackers.
Sign up for CIO Asia eNewsletters.