Keeping an Eye on Cybersecurity

Financial organizations across the globe are focused on ensuring stringent cyber resilience in the wake of new threats

By Matt Tengwall, Vice President and General Manager, Verint

Financial organizations across the world face a new risk paradigm; one that encompasses both cyber and physical threats, such as ATM skimming, identity theft, data breaches, scams, and phishing. Banks are often the victim of hackers looking to steal corporate information and transactional data or funds, and criminals continue to become more sophisticated in their schemes.

Each day brings new threats, cyber risks, or physical attacks, all designed to grasp hold of bank deposits and potentially affect brand reputation:

    • Attempted fraud against bank deposit accounts reached $19.1 billion in 2016, up from $12.9 billion in 2014.
    • Check fraud (35 percent of fraud losses) has increased, particularly at larger banks.
    • Criminal networks are increasingly becoming more complex.
    • The introduction of chip card technology has propelled an elevation in fraud in other areas.

According to the 2017 American Bankers Association Deposit Account Fraud Survey, fraud against bank deposit accounts cost the industry approximately $2.2 billion in losses in 2016. But there is good news: Of the estimated fraud loss amount, banks’ prevention measures stopped another $17 billion in fraudulent transactions.

The bottom line is that fraud is always increasing and it is a constant battle for banks to manage. And recently, one specific type of threat is causing havoc to financial institutions much more than it has in the past.

Focus on Cyber
Over the past two years, cyber threats have taken a front seat in the lineup of primary risks facing financial institutions. According to Cybersecurity Ventures, the amount of money taken in cyber heists, both in banking and elsewhere, was estimated at $3 trillion overall for 2015, and this substantial amount is expected to double by 2021.

Cyber attacks are not only becoming more prevalent, but they’re also becoming more intricate and therefore harder to address. Although the convenient interconnectivity of the Internet of Things (IoT) creates many advantages, the connected world also introduces an increased risk. Banks must ensure stringent data protection efforts to ensure corporate and customer data is protected at all times.

With the growing complexity and intensity of cyber threats, it’s no surprise that more and more regulations are being developed to protect personal data. The increasing use of the IoT and smart devices have made the transfer and sharing of data easier than ever before, but how can consumers be assured that their most sensitive information is kept secure? The government and the industry have answered with regulatory initiatives designed to achieve stronger data protection.

The General Data Protection Regulation (GDPR) put in place a set of rules and guidelines that must be followed by businesses in the European Union and those in the United States that “offer goods or services to, or monitor the behavior of EU data subjects.” The California Consumer Privacy Act (CCPA) signed into law in mid-2018 also incorporates the same concept as the GDPR, “focusing on transparency, control, and accountability.”

Legislation such as the GDPR and CCPA will only become more common as we move toward a universal understanding of data protection and privacy. These regulations greatly affect numerous aspects of a financial organization, with one being its security systems and devices. Officials must ensure that they keep a balance between privacy, efficient monitoring, and investigative efforts while maintaining a significant level of cyber resiliency.

Best Practices
Banks must leverage intelligent methodologies to develop a predictive model for ensuring physical and IT security and safety. To reach this goal, these organizations require tools and data management processes that can help sort through what information is important and what is not. Here are some best practices to follow in this quest:

    • Proactively Reduce Risk: The ability to leverage information from multiple sources, systems, and sensors is extremely valuable. The data collected from these sources can be used not only to reduce risk but also to protect a brand, increase operational efficiency, and enhance customer engagement. The more banks can get ahead of threats, the stronger their security posture is overall.
    • Manage Brand Protection: In today’s environment, banks, credit unions, and financial organizations of all types are primary targets for hackers. But it’s not just the monetary loss that these businesses need to be concerned about — there is also a threat to the brand, customer trust, and employee safety. Ensure that you have a plan to address brand protection — that is a topic senior leadership is very interested in.
    • Simplify, Modernize, Automate. Integrated applications, which include video analytics, facial recognition, and advanced identification via deep learning, can automatically pinpoint potential cyber breaches and significant events and send alerts to the appropriate personnel and agencies. This approach can be influential in fusing together critical information that can be valuable to close investigations. Overall, these types of intelligent platforms deliver a simplified and modernized operating environment.

The Future of Risk Management
Ensuring the cybersecurity of networked platforms and devices is critical, especially in today’s risk-filled environment. Vendors are focusing on hardening their IP-based technologies, but banks also need to address how to ensure the cybersecurity of their devices internally. Partnering with IT teams is critical, especially as cybercriminals and schemes become more complicated.

Modern-day solutions that generate intelligence augment the ability to identify security threats and vulnerabilities in real time, helping banks mitigate risk, ensure operational compliance, improve fraud investigations, and strengthen network security.