No company is immune from cybercrime. That’s especially true in the financial sector, which, according to Verizon’s 2016 Data Breach Investigations Report, has the most confirmed security incidents of any industry. For bankers, these threats pose a risk not only to their own information, but also to the information of their customers and their overall reputation.
Security has traditionally been addressed retroactively: A report indicates a breach, customers are notified that their information might have been compromised, and a new card is mailed to them. However, as the volume and variety of attacks grows and the number of digital interactions, touchpoints, transactions, and channels between a bank and its clients increases, it’s imperative that banks take a proactive and holistic approach to addressing security in real-time.
Shifting to this real-time model is technology intensive; it requires real-time analytics, data standardization, and Big Data capabilities, supported by intense encryption processes. As we discussed in a recent post, the three lines of defense must be created. This is a framework that banks can use to align risk management (and security protocols) across operating groups. Think of it as a fortress within a bank. Technology sentries—in the form of real-time analytics—patrol the fortress walls looking for vulnerabilities or breaches across the banks’ various ecosystems. As these ecosystems grow, in the form of new channels or service offerings, the fortress will, too, ensuring protection at every stage.
Perhaps even more important than the technology, however, is shifting the cultural mindset within the bank. Banks must build a culture of defense within their own four walls. To do this, employees throughout the business, not only those in the IT department, must be given the tools and materials to think with a “security first” mindset. This will help enable risks to be spotted ahead of time so that potentially threatening events can be quickly quashed.
A key part of achieving this is the onboarding process of employees within banks and with ongoing training. Senior management must also play its part by working within the industry to develop protocols that make the industry more secure and enable it to react more quickly to threats.
Banks can also stay up to date on security trends by working with partners and/or their peers to learn about the latest developments. These may be in technology—for example, the application of artificially intelligent systems—or they may simply be best practices for how to manage an incident once it has occurred.
The bottom line is that as criminals’ approach to cybercrime becomes more like a business, banks must tackle it with the same seriousness it gives to any other disruptive organization. By taking the steps outlined here, it’s possible to tackle security head-on and proactively address any threats, incidents, or disruptions in real time.
In the next post in this series, we’ll look at the rise of fintechs and how banks can respond to them.
With the banking industry in a state of flux, The Banker, in collaboration with SAP, has developed a timely video series entitled “Digital Trends Driving Bank Innovation,” which includes a video with Catriona Whelan, head of compliance and controls/payments, on the topic of cybercrime: download it here.