This article was originally published in Blockchain Tribune, and republished in both Trading Herald and Biz Dispatch, 20 June 2022, and can be found here, here and here respectively.
Why banks must respond to digital attacks and the effects of hybrid working
Manoj Mistry, Managing Director, IBOS Association
Cyber security and hybrid working have become paramount considerations for every business, not least those in the banking sector. Ostensibly, the two issues are distinctly different, but the COVID-19 pandemic provided a critical nexus in which they came to overlap with significant consequences. The banking sector, and financial services more broadly, became a more accessible target for cyber criminals.
The reason is straightforward: as the pandemic necessitated an immediate transition of staff from the office to full-time remote working, it equally created a need for many banks to enhance their customer offering through more digital experiences. As banks utilised a large spread of financial technology and IT solution providers to achieve this, particularly during periods of lockdown, hackers could seize the initiative.
For cyber criminals, this was their chance to capitalise on the increased vulnerability that suddenly arose in financial services. The disruption afforded them a greater range of opportunities to strike, resulting in higher levels of cyber crime using sophisticated and targeted methods: stealing funds and identities, manipulating sensitive data, extorting money, and even using ransomware to encrypt an entire organisation’s data.
Although they have always regarded the sector as a high priority target for attack, hackers saw remote working as particularly beneficial to their activities, creating a workforce that was much more diffuse and distinctly less protected in their own homes, compared to the ultra-secure environment of their offices. Notably, this dramatic shift in working patterns demonstrated how vulnerable the financial services industry had suddenly become to digital threats when staff were fragmented in this way. It also underscored what needs to be done in order to mitigate them.
Thankfully, the worst effects of the pandemic have largely subsided, but it has left a permanent legacy of change in how and where we work. Although remote working may provide significant benefits for employees and employers alike, the scope and scale of associated risks continue to present a threat. For example, one aspect of more remote working is the enduring use of co-working spaces, which increase the opportunities for hackers to infiltrate more easily through security systems.
In the context of the pandemic, much has been written about how it became a catalyst for change, accelerating the digitalisation of a greater range of products and services across financial services and how the legacy of hybrid working continues to drive further acceleration. This represents an incredibly positive achievement and hackers should not cause anyone to regress or shy away from the increased proliferation and accessibility of digital experiences.
Instead, banks need to adapt to the new normal and meet the potentially increased risk of cyber crime head on. Although they have practices in place devoted to combatting and minimising such risks, banks must be ever-vigilant in their approach. This means being able to deploy systems that can respond swiftly and appropriately to myriad forms of cyber attack when they do occur and ensuring that a complete recovery can be achieved efficiently and effectively.
Manifestly, the best course of action is prevention rather than cure: severely limiting the scope for any cyber attack to be launched and implementing a suite of defensive measures and robust systems that can guarantee the very highest levels of protection. Preventive measures should include: comprehensive data protection, firewall protection and antivirus software, as well as the promotion of phishing awareness among all members of staff.
The sustained roll out of digitalisation across the financial services industry is integral to its current operation and imperative for its future success. This should be embraced, of course, but always predicated on the basis that the correct due diligence procedures are in place and that they are carefully executed and thoroughly monitored.
As technology advances at an ever-faster pace, so does the ingenuity of those who use it to launch cyber attacks. To try and keep one step ahead of the cyber criminals, banks will need to innovate thoughtfully and evolve continuously in order to respond effectively to the diverse challenges that they present. In recognising that preventive measures are critical to minimising the cyber threat, banks must also know exactly how to respond and to recover from a serious attack when it happens.
Strong disaster recovery and business continuity plans are essential to their strategic response. Just as resources are focused on innovation and digitalisation, they also need to be centred on cyber security and awareness training, not just among their own staff, but also among their third-party suppliers.
Successful banking has always depended on being careful and cautious with other people’s money which they hold on deposit. In progressing towards a world of financial services that is fully digitalised, they will need to exercise care and caution every step of the way.