GuestBlog By: Vincent Wong, Area Vice Presidents Sales Asia at Citrix
The banking, financial services and insurance (BFSI) industry in Singapore is one of the industry’s most prone to cyberattacks, as transactions and connectivity among consumers become more digitised. The proliferation of mobile apps and data is fuelling an increase in cyberattacks around the world, often because of vulnerabilities found in these apps and poor security practices of the app owners. Breaches are also becoming increasingly sophisticated and highly targeted, and are resulting in millions of dollars in damages and losses for organisations.
In Singapore alone, cybercrimes have been found to cost the city-state about S$1.25 billion annually.1 At the end of 2015, a PwC study revealed that tech-related crimes and risks topped all other concerns for banks in Singapore. Respondents who took part in the survey recorded among the lowest scores globally when asked about level of preparedness in dealing with risks from cybercrime.2 Nearly two years later, risks to banks have only grown in severity. Cybersecurity firm Fortinet recently called out the country’s financial services sector as the top target for cybercriminals in 2017.3
However, when breaches do occur, financial institutions are some of the quickest to respond, investing heavily in innovative, reliable and modern security systems. Singaporean banks in particular hold impressively high safety rankings among global financial institutions, with DBS Bank ranking 12th in the world’s 50 safest banks, and OCBC Bank Singapore and United Overseas Bank ranked 14th and 16th respectively.4
Because banks and financial institutions acknowledge their duty of care to protect the highly sensitive data and confidential information of their customers, they have some of the most heightened security practices and infrastructure in the business. Banking is also one of the most highly regulated sectors, so safeguarding data is often a legal requirement.
Other sectors, including retail, manufacturing, education, healthcare, transport and logistics, and energy, can look to banks’ stringent compliance practices and best practice to inspire their own IT safeguards.
What specifically are these institutions doing so well and what can other sectors learn from them, to protect their apps and data from malicious hackers and safeguard their customer’s personal information?
The best security involves multiple layers
When it comes to IT protection, the more security layers an organisation has in place, the more difficult it is for criminals to gain entry to their systems, apps and data. Singapore’s DBS Bank has architected its online internet banking service, such that it requires consumers to complete a two-factor authentication – an extra layer of security that requires not only a password and username, but also a private piece of information only they know. These added layers of security underpin everyday transactions, such as fund transfers and bill payments. While multi-factor authentication can be circumvented with the right targeted malware, organisations across all sectors can still deter cybercriminals with more rigorous security systems in place.
Detection and prevention can protect against fraud
As well as strong user authentication tools, many banks offer two-way alerts which notify customers of suspicious activity in almost real-time, and let customers respond – to let their bank know if a transaction is legitimate. Alerts notify customers of unusually large transactions or transactions taking place in a foreign location. This is especially relevant for the retail sector, where online retail giants have been the victims of high-profile data breaches. eBay, for example, suffered one the biggest data breaches in history, when around 145 million records, that contained passwords, were accessed by hackers.
Retailers are slowly catching up and they are often seen adopting detection and prevention practices. Last year, Amazon sent out emails to its users asking for a quick password reset – the reason was a possible breach of some of the users’ credentials. Bricks and mortar stores can also adopt tighter security measures for their store-issued shopping cards, including PIN security and chip-based “smart cards” (which are already being used in Europe). Credit card fraud remains a massive problem worldwide, but fraud can still be slowed with “smarter” safeguards.
Communication is key
Amazon’s alert emails also highlight the necessity of swift and informative communications with users. The Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT) recently warned customers it was aware of a number of fraudulent payment cases, where affected customers suffered breaches in their local payment infrastructure. SWIFT quickly launched an initiative to share cyber threat information with customers to help them protect their own environments from intrusions and malware. Other sectors can learn from banks’ improved communications to, and education of, customers, as well as swiftly reacting when an attack occurs. No matter the industry, trusted communication is key for customers to feel protected and valued.
The finance sector is constantly being challenged to fight cybercrime and, given the potential financial gains from successful attacks, the battle with malicious hackers is likely to rage on. However, banks employ some of the most rigorous security tools, technologies and services, and other sectors can look to these trailblazers for best practice. Multi-layer authentication tools, detection systems and customer communications are just some of the cyber safety lessons that apply to all sectors, in order to better safeguard mobile apps and protect customer’s personal information from key vulnerabilities.
From a business perspective, a ‘new normal’ of security is required – one where IT risks are communicated in business terms and IT safety is backed up by the right technology infrastructure and installations. This will help empower organisations to achieve compliance within their sector. Cybercrimes pose a serious threat to companies, leading to significant business implications and bad press. Ultimately though, absorbing best practice from industry leaders allows companies to increase sales, save time, cut costs and foster better connections with customers.
Vincent Wong joined Citrix in August 2017 as Vice president, sales and services for the Asia region; comprised of ASEAN markets, Korea and Pakistan. He brings an extensive experience in driving Workspace innovation, Cloud adoption and business transformation.
Prior to joining Citrix, Vincent spent fourteen years at Microsoft where he held various roles, most recently as director of the company’s APAC channel business.