20 August 2017
Ajay Vij

82196

Ajay Vij - Infosys

4Posts 25,693Views 0Comments

Securing future banks

11 November 2016  |  6130 views  |  0

Last week, even as the shadow of Wikileaks loomed large over the third US presidential debate, another event of epic proportions happened in the cyber-world. Large scale DDoS (Distributed Denial of Service) cyberattacks disrupted the availability of popular websites like Twitter, Netflix and Paypal, among others, across North America and Europe.

A distributed denial-of-service (DDoS) is when the attack is launched by many unique IP addresses—or, as in this case, devices—all aiming traffic at one or multiple targets. The target simply crumbles under the pressure of so much traffic. And that is what happened in this case. In the last year, hackers have upped the DDoS stakes in a big way. The hacker group claiming responsibility for these attacks said that the day's antics were just a dry run and that it has its sights set on a much bigger target.

This is a good example to explain why organisations across the world, and more specifically in the Financial Services domain, are getting increasingly paranoid about security. After all, when was the last time you heard of an “unlimited” budget? But that’s just how the CEO of one of the largest banks in the world, had described their cybersecurity spending agenda for 2015. 

Financial services institutions face approximately four times the number of attacks compared to other companies on average, and thus they are among the biggest spenders on cybersecurity. That trend will only intensify as banks embrace digitisation and the higher cyber security risk that comes with it. For confirmation of the latter, one doesn’t need to look further than the audacious attacks on Banco del Austro in Ecuador, Tien Phong Bank in Vietnam and Bangladesh’s Central Bank, no less, in the past 18 months.

Clearly, banks need to put together a comprehensive yet practical strategy for safeguarding their organisations and their customers from attack. These are some of the things they should consider:

Balance detection and prevention: Since it will not always be possible to predict and prevent fraud, banks need to continue to invest in fraud detection as a parallel line of defense. They should therefore allocate IT spending between a variety of solutions, such as those, which prevent data loss or improve data monitoring and others, which employ behavior analytics, machine learning or data matching with the goal of preventing attack. There is also growing acknowledgement that biometrics and tokenisation, in addition to validating identity and securing payments, could be used to protect data.

Become stronger on the inside: A survey by the Association of Corporate Counsel reported that 1 in 3 data breaches may be attributed to employee behavior. This is a grim reminder of the need to strengthen internal controls by not only tightening security systems but also making sure employees can distinguish between safe and unsafe actions. Some restrictions – such as prohibiting the use of official email for personal activities – may also be necessary. There is a strong use case for Artificial Intelligence based system for preventing internal fraud.

Put knowledge to use: Reportedly, banks use less than 5 percent of the data available for making decisions related to fraud prevention. There is an urgent need to reclaim this lost opportunity. As the volume and variety of data continues to increase, technology has tried to keep pace with advancements such as data visualisation that allow organisations to grasp complex information through visual patterns. By leveraging such technologies, banks would be able to spot telltale deviant patterns that are often associated with fraud and take timely action.

Partner up: Digitisation is on the agenda of most countries, which see it as a way to social and economic progress. Consequently, many governments are taking an active role in improving cyber security. Where possible, banks should work alongside governments – and also with the industry, academia, fintech startups and others – sharing their knowledge and experience to tackle current and emerging problems across the security ecosystem. 

 

TagsSecurity

Comments: (0)

Comment on this story (membership required)

Latest posts from Ajay

Securing future banks

11 November 2016  |  6130 views  |  0 comments | recomends Recommends 0 TagsSecurity

The Threat is Real: Battling Cybercrime in Banking

02 June 2016  |  8128 views  |  1 comments | recomends Recommends 1 TagsSecurityRisk & regulation

Is the selfie your new banking password?

25 May 2016  |  4923 views  |  0 comments | recomends Recommends 0 TagsPaymentsInnovation

Blockchain: Legislation and compliance for a new approach to Fintech

27 April 2016  |  6513 views  |  1 comments | recomends Recommends 0 TagsBlockchainTransaction banking

Ajay's profile

job title Vice President
location London
member since 2016
Summary profile See full profile »
Ajay Vij heads the Financial Services for the entire Europe region. He has a strong background of developing product/platform partnerships and large transformation deals with Financial services client...

Ajay's expertise

Member since 2016
4 posts0 comments
What Ajay reads
Ajay's blog archive
2016 (4)

Who's commenting on Ajay's posts