Finextra spoke with Beate Zwijnenberg, chief information security officer at ING, about some of the challenges the bank is facing across fraud and cyber security.

Zwijnenberg opened up about the IT security challenges they are being hit with at ING: “I would say we're most concerned about the catastrophic impact a ransomware attack could have on the business in general and the systemic risks related to that because it not only harms our customers and ING, but of course, ING is part of a larger financial ecosystem. So from that perspective, I think everybody is preparing for that.”

Regarding fraud risks, Zwijnenberg said: “Criminal organisations are using much more technology to be better at their attacks. They are becoming more and more sophisticated, for instance, in their development of phishing campaigns which are much more difficult to detect. You also see them using QR technology as a new phishing technique in their campaigns.
On one side we’re leveraging technology on our side to deliver brilliant customer experience, but those gangs are also using that same technology to make their attacks more sophisticated.”

Looking to their tactics to deal with this, Zwijnenberg argued that “It’s good in the identify space if you understand the landscape that you’re operating in. Understanding what kind of criminal organisations are targeting you as a company but also, monitoring third parties if they are breached or attacked.”

To help with these challenges, Zwijnenberg emphasised the need for further data sharing between financial institutions to better identify the tactics, techniques, and procedures (TTPs) of cybercriminals. “I think it’s key to understand the attackers' perspective. […] If you’re capable of sharing data, and intelligence, amongst each other, you’re in a better place to find a strategy. So learning from each other and leveraging knowledge.”

She further added that this should go further than just within the financial world, and go beyond into other sectors like telecommunications, cloud and internet providers. “You want to also share across sectors because you want to learn the other types of attacks.”

Adding to this Zwijnenberg said that in addition to spotting these tactics and techniques, sharing across sectors can help specifically with issues around effectiveness and efficiency: “Understanding that we all need to play a role in the battle to prevent fraud and cyber-attacks and working more closely between all parties in the chain is only going to help the customer.

“I truly believe that this is not only a banking challenge. A lot of social engineering starts for instance with people capable of creating a fake LinkedIn account. If you look to what I expect from telcos, but also from those platforms, that they play a key role in understanding what is the identity behind the identity.”