8 minute read
Protecting your customers: Mitigating cyber-threats in the financial sector
Protecting your customers: Mitigating cyber-threats in the financial sectorBy
Thorsten Stremlau, Co-Chair of the TCG Marketing Workgroup
Ransomware attacks on the financial sector continue to grow. In 2021, more than half (55%) of organizations within the industry were victims of at least one ransomware attack. For banks and other financial institutions, a cyber-attack is more of a question of when, not if. Therefore, the need for up-to-date, appropriate security systems to ensure the protection of customers and their data has never been greater. With the number of people using internet banking services estimated to reach 2.5 billion by 2024, financial institutions must also be able to trust the standards and technologies found within the general ecosystem to protect their customers’ personal devices.
Threats against online banking
Since the COVID-19 pandemic rocked the world over two years ago, a rapid rate of digitalization within banking has taken place. Whilst online banking services were already playing a major part of people’s daily lives, the last 24 months has seen a big shift in customer behaviour towards digital experiences across many sectors including financial services. There has been a 72% rise in the use of fintech apps in Europe, and up to 80% of people now prefer online banking rather than visiting their bank.
The continual adoption of online banking comes as no surprise. The speed and convenience it enables allows users to access their accounts, view their statements, make transactions, and pay bills both in the home and on the go. However, this creates distinct challenges when it comes to cybersecurity.
Cyber-attacks against personal devices continue to grow in number and complexity. Hackers often deploy Trojans – a malicious code or software that takes on the appearance of a legitimate application – to take control of a user’s device. Once the malware is installed, hackers can then steal money from bank accounts linked to the device as well as other sensitive data. As more and more users access banking systems through their personal mobiles and laptops, banks and other financial institutions are becoming increasingly reliant on organizations such as the Trusted Computing Group (TCG) to develop standards and specifications that ensure the safety of devices, as well as the overall supply chain.
Securing the supply chain
Attacks on the supply chain also occur when a victim is breached through a compromised thirdparty vendor in the network. The attacker can then use the thirdparty vendor to circumvent security controls by creating avenues to sensitive resources. This is possible as vendors often do not take cybersecurity as seriously as their clients. In order to successfully mitigate any vulnerabilities, each phase of a product’s lifecycle – whether it’s the design, manufacturing, transport, utilization or decommission stage – needs to be reviewed to recognize any significant risks.
Unfortunately, this is not easily achieved, with no single entity having end-to-end control of the modern supply chain. It is therefore crucial that all organizations work together to ensure that security standards for the industry are correctly defined, implemented, and adhere to security guidance measures. Banks may already have strong cybersecurity measures in place, however these become effectively useless if the vendor’s measures are not up to the same standard. Third-party risk assessments on a regular basis – especially when there are changes to a bank’s digital infrastructure – ensure that the vendor’s cybersecurity is aligned with the banks.
Staying up-to-date with education and technology
Employees and customers are also one of the biggest threats to exposing a specific organization or supply chain to a potential attack.
In September 2022, 50,000 users of the Revolut financial app within the United Kingdom had their data exposed, leaving them at a greater risk of identity theft and fraud. Social engineering was identified as the main cause of the breach, meaning it was likely the initial cause was due to an employee sharing login details through the use of a phishing scam.
As employees continue working from home and access banking systems online, it is vital that systems are secure against threats and have the ability to recover from a potential attack. To ensure this, financial institutions should insist that their employees and customers leverage devices with Cyber Resilient Technology (CyRes) built in, which establishes a new layer of protection against these threats. Doing so enables users and vendors to develop a solid foundation built on cyber resilience, protecting both the customer’s assets and the reputation of the financial institutions they rely on. The CyRes specification allows for the detection of malware and the recovery of a device if it has become compromised. This makes cyber resilience accessible to the average user and provides assurance to financial organizations that their systems are protected.
A Cyber Resilient Module (CRM) also gives further protection and recovery of connected devices. The module can be integrated into different architecture components of devices in order to provide protection, detection and recovery solutions. The CRM can be implemented as part of a system on a chip within the main hardware of a device. This can recover successive software layers and components found within a device, with the servicing of code and configuration potentially required for multiple layers sequentially. Banks would therefore feel safe in the knowledge that the servers they rely on would be able to recover after a successful attack.
But to avoid an attack completely, employees must still be educated against phishing emails and other threats to their digital infrastructure in order to build operational resilience for financial institutions.
A secure ecosystem
Unlike most enterprises, banks are unique in that they must rely on the security of their customers’ devices when they access banking systems. They must feel assured that the overall security ecosystem is secure in order to prevent or mitigate the damage caused by cyber-attacks within the industry. Stringent security measures and software must be made readily available and common within devices in order to ensure banks are adequately covered against threats. Specifications like CyRes are essential in the ongoing fight against malicious activity, not only for individual devices but for the technology supply chain as a whole.
Beating inflation over the long term: compound interest and tax efficiency
Warren Buffet famously afforded his fortune to his location, “some lucky genes, and compound interest”. For readers who aren’t aware, with an estimated net worth of $110 bn, Warren Buffet is one of the richest people in the world and has been for decades – when it comes to making money, this is someone to take seriously. So, what did he mean by ‘compound interest’?
Well, far from being any arcane investor secret, compound interest is simply a mathematical process that involves reinvesting earned interest alongside the principal investment. Reapplying this process for a sustained period of time has the potential to generate considerable returns, although, as with any investment, risks ap
But first, let’s return to basics. How do you earn interest? Whenever you lend money to an organisation, such as governments via gilts, companies via corporate bonds, banks via savings accounts, or peer-to-peer lending via an IFISA, you accumulate interest on top of your original loan.
Most people would have encountered this as a figure given as an Annual Percentage Rate (APR). For example, an APR of 10% means that after lending £1000, you would receive £1100 back at the end of the year, generating an earned interest of £100.
After receiving your £1100, you could either: Reinvest the £1000 and spend the £100 as earnings Reinvest the total £1100
Applying the latter option is at the heart of compound interest.
The chart below highlights this exponential power. The figures show the enormous potential for returns merely by reinvesting the original £1000 alongside the interest earned each year. After 10 years, with an interest rate of 10%, you’ll have made an additional £1594.
Furthermore, the greater the amount you can invest, the greater your potential for profit. Let’s take a look at what happens if you not only reinvest your earned interest but keep investing a further £1000 each year.
After 10 years and a total investment of £10,00, you will have made an additional £7,531.
Applying this for another 10 years and the interest truly starts to deliver incredible returns.
Nothing special is going on here. It really is pure mathematics. But, as we have demonstrated, it does take time until large earnings truly start to accumulate, and investors will no doubt be aware that interest rates can vary and potential for returns is subject to risk.
However, the principles of compound investment can go a long way in helping investors maximise their returns over the long term and mitigate high inflation rates.
Tax efficiency and compound interest
With the powers of compound interest laid bare, it’s now time to turn to another weapon – tax efficiency – one which is complimentary to compound interest.
Tax efficiency may sound complicated, but the general idea is pretty simple: it’s about using the various investment vehicles and tools available to minimise the taxation on your returns and asset values. Let us take ISAs (Individual Saving Accounts) as an example, which can enable savings and investments to grow tax-free.
They are particularly tax-efficient because they protect money from taxes that would otherwise have to be paid on both the income the investment generates and on any increases in the value of the asset itself. Most valuably, they also enable investors to compound tax-free returns.
Over 20 years, you’ll have invested £20,00 but made a profit of £43,000.
There are many different types of ISAs, each made with a different target audience in mind. These include the ISA, the Lifetime ISA, Stocks and Shares ISAs, and Innovative Finance ISAs. Every year you can save or invest up to £20,000 in an ISA, choosing to select one form or spread it across many.
Cash ISAs are quite similar to traditional savings accounts and can be opened at almost every major bank across the UK. By depositing money into one of these, investors stand to benefit from an annual interest rate which closely mirrors the base rate set by the Bank of England.
While these ISAs are generally very tax efficient, typically interest rates in regular ISAs stand at around 3-4%. Currently, with inflation standing around the double-digit mark, this can make it very challenging for them to deliver real-term growth.
As the name suggests, Stocks and Shares ISAs allow savers to hold conventional forms of investments such as stocks and shares within an ISA. With their eponymous equities often varying so often, such accounts are subject to greater volatility.
Meanwhile, the Lifetime ISA is a longer-term tax-free savings account. Savers can put in up to £4,000 every tax year toward buying a home or retirement planning and the government will provide a 25% bonus on top of the savings. While this is generous, this account does come with several restrictions on the use of the savings and when the cash can be withdrawn.
Finally, Innovative Finance ISAs (IFISAs) are accounts that allow ordinary savers and investors to lend and hold more dynamic forms of finance such as peer-to-peer loans and debt-based securities.
IFISAs are classed as investments, and in large part, this is because they have the ability to generate higher returns (which are not subject to tax) than traditional saving methods. For example, average returns on IFISAs have ranged between 7% – 9% over the past 5 years, compared to the typical 3-4% you would expect on the Cash ISA.
Within the property sector, IFISAs have unlocked the ability for ordinary investors to participate in high-grade property investment opportunities via lending platforms and reap the benefits of tax savings on any returns they receive. As with any investment opportunity, risk levels vary from project to project and investors should select their options based on their own financial goals, investment objectives, and risk appetite.
With inflation presenting a great hurdle to generating real term returns, the combined powers of compound investment and tax efficiency offer investors a powerful tool to navigate the economic landscape. While such tools often work best over the long term, investors with patience will stand to gain the potential rewards.
Jatin Ondhia Co-Founder and CEO of Shojin
Jatin Ondhia is Co-Founder and CEO of Shojin, an FCA-regulated online real estate investment platform that lowers the barriers to entry for individuals across the globe looking to access institutional-grade, UKbased real estate investment opportunities. He served as Director for UBS for nine years, using his wealth of knowledge and experience to provide strategic fixedincome solutions to the bank’s top clients and expand the UBS Delta businesses in the intermediary space. Jatin also has over 20 years of property investment experience.
