This article was originally published in Global Banking & Finance Review, 22 June 2022, and can be found here.
The unforeseen consequences of cyber security and hybrid working during the pandemic: the impact for the banking sector
Manoj Mistry, Managing Director, IBOS Association
The COVID-19 pandemic had many unforeseen consequences, not least its impact on cyber security and hybrid working. At first blush, these distinctly different issues would appear to have very little in common, but the pandemic served as a critical nexus for the banking sector as they overlapped with significant consequences. The reason is simple: financial services became a more accessible target for cyber criminals.
This happened because governments across the world mandated a series of lockdowns, requiring staff to make an immediate transition to full-time remote working and leaving most offices entirely empty for sustained periods. To serve the online needs of their customers, who were now trapped at home, banks took the initiative, accelerating their digital transformation and enhancing their customer offering through more digital experiences.
The sudden influx of diverse financial technologies and IT solution providers needed to achieve this encouraged hackers to seize the initiative. In presenting them with an opportunity to capitalise on increased technological vulnerabilities that affected financial services, disruption gave them the chance to strike. Cyber criminals increased their activity through carefully selected methods: stealing identities and funds, manipulating sensitive data, extorting money, and using ransomware to encrypt organisations’ data.
Although financial services companies have long been a hackers’ favourite, remote working presented an unprecedented opportunity that was notably beneficial for their criminal intent: an entire workforce that was much less protected from cyber risks in their own homes than in the ultra-secure environment of their offices.
Such a dramatic shift in the pattern of working led staff to become completely fragmented,
suddenly exposing financial services to a range of digital threats. In turn, this further underscored what steps needed to be taken in order to mitigate them.
Now that the worst of the pandemic is behind us, the shift in how and where we work seems to be permanent. This leaves only a few sceptics and traditionalists questioning the idea that remote and hybrid working can deliver substantial benefits for employees and employers. In this new paradigm, the attendant risks continue to present a threat. For example, the use of co-working spaces can makes it easier for hackers to bypass security systems more easily.
Many commentators have pointed to the pandemic as a catalyst for change. This is particularly the case in the financial services sector which has accelerated digitalisation across a wide range of products and services. Arguably, the legacy of hybrid working is also helping to drive further acceleration. These developments are incredibly positive and the activities of hackers should not lead to any regression from the further proliferation of accessibile digital experiences.
In adapting to the new normal, banks therefore have to meet any potential risk of cyber crime head on. Despite having implemented practices to counter and minimise such risks, they need to be continually vigilant in their approach. In practice, this means deploying systems that are able to respond quickly and appropriately to multiple types of cyber attack when they happen and ensuring that a full recovery can then be achieved efficiently and effectively.
It is self-evident that prevention is invariably better than cure: severely limiting the possibility of a cyber attack being launched successfully by putting in place a range of robust measures and systems that can deliver the highest levels of protection. Key preventive measures should include: firewall protection and antivirus software, comprehensive data protection, and regular cyber security training for all members of staff to develop their awareness of risk.
The continued roll out of digitalisation across the financial services sector is essential to its current operation and integral to its future success. This is welcome, of course, so long as the correct due diligence procedures are applied, executed, and monitored properly.
Banks continue to benefit from the rapid pace of technological advances, but so does the ingenuity of those who use these advances to launch cyber attacks against them. In the race to keep one step ahead of cyber criminals, banks have to innovate continuously in order to respond effectively to the diverse threats that they face. Beyond recognising that preventive measures are essential in reducing the level of cyber threat, banks must also know precisely how they should respond and recover from a serious attack should it occur.
In their strategic response to such an event, strong disaster recovery and business continuity plans are critical. In the same way that sufficient resources are allocated to innovation and digitalisation, they also need to be earmarked for cyber security and awareness training – both for their own staff and for third-party suppliers.
Success in banking has always been dependent on the careful and cautious management of money that is held on deposit. In moving towards a new world of financial services as it becomes fully digitalised, care and caution will need to be exercised on every step of that journey.