Banca 15 / 22nd of January 2019
By Javier Natividad, commercial director of vintegrisTECH
The treatment of confidential information and the new regulatory requirements have pushed the financial sector to be among the most advanced regarding cybersecurity. Although in 2018 there was some alarming news referring to the cybersecurity of some entities, especially in the USA and Asia; Fortunately, in Spain, there has not been or known, the same alarming news, and many people wanted to get more information on cybersecurity facts and figures to keep themselves safe.
This is, in itself, merit for those responsible for cybersecurity in our banking ecosystem. Even more so, when they have been affected by current aspects such as the integration between entities in recent years and other structural, such as customer demand for all services to be in a digital environment. Therefore, there is no longer a financial institution that does not offer all its clients the possibility of consulting their operations from various devices, in any location and connected to any network, which is a cyber risk. Next; I’ll throw some thoughts on points that will define the financial cybersecurity.
Anticipation
The risk will always exist, and it is impossible to guarantee absolute protection. The question that should be asked by the financial institution is to determine the level of risk they can assume. The cybersecurity strategy must be proactive and anticipatory, projects and platforms must be designed with security as one of its pillars and impervious to any attack received. It must be understood even as a business facilitator and leverage for compliance with different regulatory frameworks. If computing, which reached financial institutions decades ago, went from being a nuisance and an investment expense, so should cybersecurity.
More robust and resilient safety models
In comparison with public administrations and Spanish SMEs, the level of cybersecurity in our local financial sector is high. It is for two reasons. On the one hand, by access to numerous technologies that allow them to protect themselves: Internet of things, artificial intelligence, business analytics tools, data mining, blockchain. And on the other, by the obligation to comply with legal frameworks such as the NIS Directive that seeks to identify the sectors in which the protection of networks and information systems must be guaranteed and establish the requirements for cyber-incident notification. The objective is to achieve autonomous security and to respond to risks in an automated way, the result of collaborative solutions.
The risk is not only external …
Sometimes the worst cyber-enemy for a bank or an insurance company is internal. It would not be the first time that careless, incompetent employees or lacking rigorous suppliers, all with direct access to critical data and information, have left the door open. Training employees and collaborators through cybersecurity plans is essential to avoid those risks.
At the same time, you must restrict access to areas and platforms that are not within your role. The technology allows the restriction and tracking of access to elements common in banking and financial institutions, such as digital certificates or electronic signatures only for those who are accredited to use them. Finding effective and specialized providers is another element that can help to avoid these unpleasant episodes that make a reaction difficult.
More information on customer safety
The new business model of financial institutions goes through digitalisation, online banking being a clear example. Any entity that wants to be competitive must offer this solution to its customers. Despite the security codes and the precautions of the entities that use the Internet as a way to access current accounts, many users still fall into the trap of cybercriminals, leaving their money and data unprotected.
The digital banking client must take measures to protect their money from cyber attacks. For example, by ignoring emails from your supposed bank in which security codes are requested, using different passwords from those used in other tasks such as email or avoiding using public Wi-Fi connections to operate with the bank, among others. Client organizations and users should have an important role.
What’s up with the FinTech
The traditional global banking system looks at out of the corner of its eye in many aspects, and cybersecurity is one of them… And not only them: at the Davos Forum in 2018, a cybersecurity consortium was created for the FinTech sector. It is also very relevant for the NIS regulation of the European Union as cited above. The FinTech sector is very attractive for cybercriminals because it is consists of small firms, highly money-oriented, that carry out financial transactions and store their clients’ data. Many of them with average security. Along with this, another effect for large firms that want to be competitive with FinTech. Providing similar services can lead to their heavier structures creating security breaches in their systems. Even so, at this moment nothing proves that a serious and certified FinTech on a trajectory, are anymore insecure than the large banking groups.
We can not predict how cybercrime will be fought by banks and financial institutions in the future. Because among other reasons, although we have many indicators, we are not sure what form it will take. Yes
that it seems clear that technology is going to have a key role, that the environment will be completely mobile, that FinTech will have an increasingly important weight and that proaction will be a common exercise, fulfilling the rule “The best defense is a good offense”.
The original article Banca 15 online (only in Spanish)
