DATA SECURITY
Cybersecurity in banking and financial services From cybersecurity threats to cloud native platforms, Nicolai Solling, Chief Technology Officer, Help AG gives a detailed account of the front and centre considerations that banks and financial institutions must have when tackling their security and digital needs
H
ow has the pandemic changed cybersecurity requirements for the banking sector? How are financial institutions coping? Are they being confronted with any new kinds of challenges?
The pandemic and ensuing shift to remote work has amplified the cybersecurity threats across multiple industries, and the BFSI sector has not been immune either. According to VMware Carbon Black , cyber-attacks on financial institutions increased by 238% from February to April 2020. The sector has encountered a worrying growth in the compromise of credit card information, as our Digital Risk Protection report showed that Q2 2020 saw a 500% increase in carding fraud. The same period also witnessed a staggering 3-time (183%) jump in threat alerts related to data leakage. Attackers have exploited the fear around the COVID-19 pandemic to get malware onto clients’ devices. This trend has hit the banking sector especially hard. An attacker could send a client a link that seemingly contains information about COVID-19 but in fact downloads
24
malware onto the device once it is clicked. This could constitute the first step of the cyber-attack campaign. This is particularly concerning as the pandemic has caused many banks to build and expand their electronic channels, like most organizations. Banking moved online, and while it is okay for most of us, it has created a new group of users (e.g. senior citizens, blue collar workers, etc.) who are not aware of the nuances of digital technology, let alone safe online practices. This instantly meant a much broader risk surface. In addition, the bank as an enterprise has also been impacted by COVID-19. Due to the pandemic, many bank employees began working from home, and the home network has a very different security posture than the enterprise network that they would normally be utilizing. Although most banks have been operating remote access solutions for a long time, the scale was fairly limited earlier and overnight the situation had to be changed. This added extra pressure to both security and connectivity requirements, causing banks to rethink how they implement secure internet connectivity for remote users, while maintaining data security.
Banking and Finance news in the MEA market
Nicolai Solling, Chief Technology Officer, Help AG
BFSI forms a major chunk of Help AG’s customer base. Have you seen a change in banks’ cybersecurity requirements over the past 12-18 months? In the beginning of the pandemic, of course, we had a lot of requirements when it came to the connectivity aspect of how we securely connect to the bank, how we connect those who work at the bank efficiently to the bank environment, etc. While remote access was not a new feature for most banks, the scale was limited prior to the pandemic, and almost overnight, a massive scale up was needed. Another requirement that we have been seeing is in terms of rethinking how banks address secure connectivity to the internet for their users. The traditional castle-andmoat model had to be transformed to make way for zero trust and security on the edge. Banks are increasingly looking at Secure Access Service Edge (SASE) based services. There is a
