Stay ahead of attackers, maintain good cyber hygiene: How to strengthen cybersecurity in financial services

Experts from Akamai Technologies and Security Bank Philippines discussed the latest trends and threats in the financial services sector today.

Cyber attacks in the financial services sector are getting more sophisticated by the day, amidst the rising number of customers who are adopting the usage of digital banking platforms. Financial services institutions will continue to drive forward their agenda of digitalisation but they also continue to be the biggest targets of cyber attacks like phishing, fraud and attacks targeting APIs.

In line with the cybersecurity concerns they face, it can go a long way for companies to discuss best practices that can help address these cyber threats.

Asian Banking and Finance, during its March 9 webinar “Cyber Leaders Dialogue for Financial Services” with Akamai Technologies, tackled how the financial services industry has become a primary target of cyber threats. The webinar featured Akamai’s Security Technology & Strategy Director Reuben Koh and Security Bank Philippines’ Chief Information Security Officer Albert Dela Cruz.

During the event, Akamai's Koh shared findings from the company's latest research on cyber trends and the major types of attacks impacting the financial services sector. Amongst its key takeaways, the Akamai research shows that investments in digital technologies have risen across the region and are now central to financial services. This is whilst customer expectations when transacting with such services also continue to increase. In addition to this, financial institutions continue to grapple with challenges around regulatory compliance, protecting customer privacy, and keeping data secure.

Security Bank's Dela Cruz emphasised the importance of these kinds of research in creating more protected financial institutions, as such studies provide guidance to assess the best technology and security systems to implement as well as optimise a firm's spending. He also stressed that telecommunications companies and governments have to be involved in measures that prevent cyber threats.

Today, financial institutions are primarily concerned with the following threats: ransomware, phishing, and attacks targeting web applications and APIs. In fact, finance has become a "benchmark" for cyber attackers because "if it works in finance, it's going to work everywhere else,” Koh explained.

Expanding visibility to cybersecurity threats

Given the prevalence of cyber attacks, financial services organisations need to constantly stay on top of all the evolving trends in cybersecurity to always be prepared if such instances arise. Koh noted that there are several ways to do this, including working with capable and specialised security providers who can offer actionable insights. "[They must give] data that you can consume and basically use to defend yourself better," said Koh.

Koh also recommended attending briefings by local agencies and computer emergency response teams, as well as joining industry groups that focus on sharing and collaborating on track findings.

Security Bank’s Dela Cruz pointed out that the C-suite has fortunately been looking to be more involved in understanding cybersecurity threats, noting that they have been showing their support through logistics and budget for protecting their organisations against these kinds of attacks.

Dela Cruz and Koh were also asked about how to balance a financial institution’s security with clients’ convenience.

Though Koh and Dela Cruz admitted that there is no specific way to address friction in a customer’s journey, they emphasised that balancing security and convenience depends on a company’s own assessment of acceptable risks and the possible return on investment. “I think it also boils down to your level of risk appetite,” Koh added.

Ensuring security through sound cyber hygiene

Amidst these various cyber threats, Koh highlighted that financial institutions—and even other organisations–have to make sure they have sound baseline cyber hygiene that helps maintain system health and improve online security.

“Sometimes we tend to look at these fancy new systems, fancy devices, or paradigms, but we fail to look at the basic cybersecurity hygiene. Do we have them in place right now? Because basic cybersecurity hygiene will constitute about 70 to 80% of protection,” Dela Cruz advised firms.

Additionally, companies must also look into areas that require more specialised focus or protection, which cannot be done with simple traditional firewalls and IPS.

Koh then laid out five key recommendations for financial institutions to improve their cybersecurity. First of all, organisations have to constantly update their incident response plans, especially since firms' vulnerabilities can be exploited in less than 24 hours. Dela Cruz agreed with this and said that there must also be strategies in place to increase awareness of cyber threats.

Next, it is essential to understand the industry's ever-expanding attack surface amidst continuous digitalisation. Koh’s third recommendation is the continuous review of risk models in terms of fraud management, customer-based threats, and account takeovers, amongst others. Fourthly, firms should also consider updating their phishing defences as more sophisticated techniques arise. Lastly, companies have to be prepared to adapt their risk and security strategies whilst the landscape of cyber threats continues to evolve. This can be done through various means, such as attending security advisories or connecting with peers in the industry.

As financial services institutions continue to push for digitisation, it is essential for them to stay ahead of their attackers and anticipate anything that could pose a danger to their security. However, the best cybersecurity practices come with good cyber hygiene aided by advanced technologies and strategies. At the end of the day, companies must carefully consider the risks they are willing to take without sacrificing security and convenience.