Trust Is Key to Successful Digital Banking ServicesBy Vincent Goh
Organisations in Singapore today understand that customers want convenience and a personal touch when interacting with them and utilising their services. This is especially true of the banking and insurance sectors.
The growing demand for easier transaction methods and personalisation has encouraged financial services institutions (FSIs) to build on their digital offerings.
A recent EY report highlighted that the contrast between FSIs embracing digital transformation and those that have not. For example, those that have integrated behavioural data and affective computing are empowering customers with new, effective ways to meet their financial goals.
Much of this innovation hinges on leveraging data, which raises significant questions about access to that wealth of information.
Cyberthreats Loom Large for Financial Institutions
While increasing their range of digital services has boosted FSIs' ability to meet customer needs, it has also given rise to unprecedented opportunities for cyberattackers looking to exploit vulnerabilities resulting from these innovations.
Ransomware, in particular, has evolved tremendously as a means for attackers to leverage when carrying out their attacks. For example, ransomware-as-a-service (RaaS) has become popular among attackers, allowing even those without special knowledge, dedicated infrastructure or tools to carry out an advanced attack. The critical nature of financial services makes it a popular target because of the likelihood that ransom would be paid.
Phishing also remains a popular means to target FSIs. In Singapore’s Cyber Security Authority's latest annual report, phishing links grew from 47,000 in 2020 to 55,000 in 2021. Phishing allows threat actors to access personal bank details and transfer money out of their accounts or conduct unauthorised purchases, making it a popular means of attack. For banks though, this can cripple their brand reputation and incur huge fines for breaking regulatory compliance.
Besides employees, organisations must safeguard third-party remote access by vendors or partners, as cyberattackers can leverage unsecured devices to gain entry to the wider IT infrastructure. These challenges underscore the fact that, without the proper device monitoring and risk management tools, malicious actors can wreak havoc on FSIs.
With the growth of the cloud — IDC estimates that 92 percent of Asia Pacific banks increased spending on cloud technologies last year — FSIs are not taking security lightly. In particular, digital trust solutions have gained popularity. A report by SGTech finds that spending on these tools, including cybersecurity, digital identities and privacy enhancing technologies (PETs) are expected to surge from SGD1.7 billion in 2022 to SGD4.8 billion by 2027.
However, these investments must focus on ensuring intelligent privilege controls in the cloud.
Robust Cybersecurity Starts with Identity
Security is the bedrock of strengthening customer relationships, especially in financial services like banking and insurance. Achieving this requires organisations to integrate zero trust to secure identities and protect organisations' assets, since attackers are increasingly leveraging unsecured identities to gain a foothold into an organisation’s network to carry out their elaborate attack campaign.
The first step is to conduct identity audits to gain visibility over users and devices and the resources they can access. With the ability to pinpoint those with excessive privileges, corrective steps can be taken to lower the risk of identity theft and breaches.
The other aspect is to streamline security solutions into one centralised platform. With the right solutions, FSIs can onboard all identities for comprehensive session monitoring and access management. This way, they can stay on top of compliance requirements while retaining their workers' abilities to conduct their duties.
Balancing Convenience with Security
Integrating security does not have to be a chore for employees. In fact, it is quite the opposite, as a robust, enterprise-wide cyber secure culture can accelerate business efficiency and performance. Through education, FSIs can safeguard the organisation and implement best practices. By conducting consistent training, FSIs can continue to provide the best services, while also minimising service downtimes. Besides that, FSIs need to ensure that their security systems are accurately configured.
FSIs also need to adopt an "assume breach" stance, which is a crucial element of zero trust security. Employees can secure workloads by creating strong passwords that contain a combination of uppercase and lowercase letters, numbers and symbols and is at least 12 characters long. Changing them as regularly as possible is just as crucial in minimising the risk of credential theft, with the cut-off time being every three months after its creation. Meanwhile, security teams should integrate multi-factor authentication (MFA) algorithms to prevent malicious users from compromising accounts. A cloud-based enterprise password management solution enables organizations to securely capture, store and manage password-based applications and other secrets.
With the tremendous benefits offered to customers and providers, digital banking will only grow in popularity. For FSIs, the onus is on them to ensure customers have positive and secure experiences.
Zero-trust and least privilege approaches are the best weapons to do this, because they allow the business to leverage new technologies without compromising security. While identity isn’t the sole security focus, it is a major one because modern identity security controls feature heavily in factors central to mitigating the risk of advanced cyberattacks. Through a security-forward identity and access management approach, FSIs can secure sensitive data and infrastructure while leveraging the full power of cloud environments.