The digital revolution began in the early ‘80s with the home computer. In 30 years, we’ve come a long way: You now have more computing power on your cell phone than that of early personal computers – and you can have it with you anywhere, anytime. This always-connected generation expects secure on-the-go banking. Cybercriminals are also children of the digital age. And they are constantly reinventing their old tricks to exploit the weaknesses in these new technologies.
“Mobile is growing faster than any other banking service,” says David Pollino, Senior Vice President and Enterprise Fraud Prevention Officer at Bank of the West. “You have to embrace it, but you have to balance between usability and security.”
Many of the cyber threats are basic. Simple spam or phishing emails. But the threat landscape is becoming increasingly complex. Cybercriminals will attack any industry, but financial institutions are often the first to get hit with a new threat. To learn more about the cybersecurity challenges faced by those in the banking industry, Longitude Research conducted a survey (on behalf of SAS) of 250 banking executives. (Read the full report, Cyberrisk in Banking, for survey results and information from in-depth expert interviews.)
Among the key findings are:
- Technologies and threats are evolving. Phishing, botnets and mobile malware were rated among the most likely threats faced, and also among the ones with the biggest impact.
- Awareness remains low. Nearly one in three (30 percent) of those polled rate limited customer awareness as a key challenge – making it one of the top four issues faced.
- Preparedness is patchy. Less than one in four banks believe their internal resources are highly prepared for cybersecurity risks – perhaps the easiest aspect of preparedness to resolve.
- Trust trumps financial losses. Despite rising losses and the perception that they will continue to increase, banks are only spending just enough on cybersecurity to make customers trust them.
- Poor cooperation is hindering progress. Although there are exceptions, many financial institutions operate in silos – or only work with each other through industry associations. A striking 78 percent say they do not rely on any other parties in dealing with cybersecurity.
- Response strategies are evolving. There is a growing realization that cybersecurity must become a broader, risk-based approach and move away from being seen as a technical problem.
- There is a growing need to better harness data analytics. Banks have an enormous amount of data at their fingertips. With analytics, they can detect trends and create KPIs to proactively counter cyberthreats.
Financial institutions exist in a reactive world – they conduct forensic analysis on their systems, data and networks to find weaknesses and threats or determine where breaches have occurred. But this is an increasingly outdated approach. The cyberdomain is constantly evolving, providing both new opportunities and challenges for financial services institutions. “We have a velocity problem, a volume problem and a value problem, and the industry is still trying to figure out what’s important,” says Chris Smith, Director, Service Engagement & Federal Enterprise Architecture, SAS. To improve cybersecurity, financial services institutions must elevate the topic and address threats holistically to the highest levels of the organization in a manner that they understand.
Read the full report Cyberrisk in Banking.