Securing the digital vault within financial institutions

  • By Bede Hackney

ASIC’s recent action against the multi-million dollar online fraud syndicate is a reminder of how cybersecurity remains a constant threat for financial services.

The regulator has already put businesses on notice that it will be monitoring their approach to managing cybersecurity risks. Tenable’s Bede Hackney assesses how organisations must address this challenge.

The rise in cyber crime against financial services organisations has been a lucrative criminal enterprise due to the high-value and sensitive data held within these institutions.

The iconic scenarios of masked robbers cracking into heavily guarded bank vaults stealing piles of money is fast becoming a thing of the past.

The new wave of theft no longer occurs physically before our eyes and the currency is not restricted to cash, rather it is digital wealth in the form of funds and customer information. The figurative vault is now the technology that stands in the way of potential attacks.

The modern heist

Since the turn of the millennium, we’ve witnessed persistent attacks against the financial ecosystem. First detected in 2007, the Zeus Virus was a form of malicious software which targeted Microsoft Windows to steal financial data. Nearly a decade later, one of the most notorious hacks took place.

Thirty-five fraudulent instructions were issued by hackers via the SWIFT network to illegally transfer close to US $1 billion from the Federal Reserve Bank of New York account belonging to Bangladesh Bank.

The scope and scale of cyber threats continue to grow, from individual privacy breaches to attacks on the broader financial system.

With the recent introduction of legislation such as the Notifiable Data Breaches scheme and APRA CPS-234 as well as Open Banking, it’s expected that spending on cybersecurity will increase by 88 per cent to US$248 billion by 2026 as a result of increased regulations.

It’s also estimated that the major banks already spend between $50 million and $100 million a year each on cybersecurity.

In addition, the growing number of IoT devices, public cloud services and ephemeral applications is rapidly expanding the modern attack surface meaning banks need to work around the clock to safeguard the sensitive data they’ve been entrusted to protect whilst ensuring continuity of services.

The race to digital

Not only are the banks occupied with fighting off the persistent threat of cybercrime, they’re also staving off competition from agile fintechs.

The incumbents are racing to keep up with customer demand for tech-savvy and efficient services that conveniently fit into their digital lives.

These expectations have forced banks to compete as digital businesses, delivering tailored services that can be accessed 24 hours a day, from any device.

While digital transformation opens up a whole new world of opportunities, it also creates a host of security challenges. The banks must strike a balance between digital innovation and security.

You can’t secure what you can’t see

A recent report by the Ponemon Institute on behalf of Tenable found that less than one-third of the 202 Australian businesses surveyed are confident they have a good enough understanding of the vulnerabilities they face across the entire organisation.

A lack of visibility, resources and time-to-market pressures means that, as banks look to innovate, security might be overlooked. This imperative to transform has left some exposed, with many struggling to plug vulnerability gaps across their environments.

As cyber risk gets more complex, the banks need to build a robust culture of security and accountability of their assets.

Cybersecurity must be embedded from the beginning and a key underpinning in the design of business processes, strategy and innovation.

To achieve this, security teams need a complete and reliable view of the entire modern computing environment so they can continue to innovate and take a proactive rather than a reactive approach to managing the security challenges of today and tomorrow.

From an elastic attack surface, to increased regulation and emerging competition, the financial services industry is experiencing rapid disruption. Those that best navigate these changes are the ones that will come out on top.

Bede Hackney is the country manager ANZ at Tenable