We increasingly live our lives on our smart devices – whether it is banking or shopping online. Therefore, it’s good to see Cyber Security Month focus on cybersecurity in banking this week, which is one of four topics as part of a major awareness campaign backed by ENISA. Activities are taking place across the globe and, at NTT Security, we want to help raise awareness on some of the issues that we face today. In the first of a series of blog posts, we talk about cybersecurity in banking.
While banks remain the most trustworthy websites, according to our recent Consumer Trust survey, a significant number of consumers would not carry on using a site if it suffered a data breach – and this is lost business that will be very difficult to get back. In fact, when we asked what they would do if their online bank or retailer suffered an attack, 24% said they would stop using the site and move to another supplier, while 44% would stop using it until the problem was fixed.
The same global research report also revealed that the theft of credit card information is seen as the biggest threat to privacy when online (84%), suggesting there is still more work for banks to do.
The fact that both consumers and businesses are often required to log in or share personal information puts the banking industry under the cyber threat spotlight. These services are, and will continue to be, under attack from the constantly changing and progressive threat landscape.
Financial institutions are taking information security very seriously but the key is to ensure that their own cybersecurity measures are relevant and put into context of the wider business. This means building information security into the DNA of their organisation. Banks also need to place more emphasis on demonstrating to customers the steps they are taking to safe guard their data. The smartest banks will show how security is at the heart of their online operations in order to build confidence and trust amongst existing customers, whilst at the same time attracting new ones.
Changes from GDPR will ensure disclosure even after Brexit, and this will continue to drive banks to develop a comprehensive resilient cyber security architecture. But it’s not just the banks that need to take action. Customers must take more responsibility, not expecting the bank to automatically cover their costs if they act irresponsibly. Education and user awareness for consumers is just as critical for helping reduce the impact of fraudulent activity.
While banks are now collaborating and sharing threat intelligence and systems, a more focused and wider collaboration with information security and risk management partners is needed to share advanced analytics on targeted attacks and emerging techniques. Awareness will always reduce the risk but what’s needed are the skills and expertise to use machine learning and advanced analytics to remove the haystack.
Cyber Security is a Shared Responsibility ECSM is the EU’s annual advocacy campaign that takes place in October and aims to raise awareness of cyber security threats, promote cyber security among citizens and provide up to date security information, through education and sharing of good practices.