logo

Combating external and internal threats: How banks cope up in a digitised world

https://live.theasianbanker.com/
Written by Sean Duca  
  • Jan 01, 1970
  • 15 min read

Sean Duca, regional chief security officer for Asia Pacific at Palo Alto Networks, a network and enterprise security firm that helps businesses fend off cyber attacks, discusses the external and internal threats that are impacting organisations and how banks handle these attacks.

  • Cybersecurity is still an incipient sector in AsiaPacific as very few countries have enforced strategies to control and protect themselves against cyberattacks
  • Ransomware, a type of malware that threatens its victims to publish their data or block their access until a ransom is paid, was one of the biggest threats affecting Asia Pacific
  • Internal fraud is another problem that appears to be rampant in developing countries in the region

Our world is in the cusp of a monumental breakthrough as the physical and digital realms converge, inciting organisations to reassess their management and governance systems. Technology is changing into an ecosystem that is complex and extensive; comprising of big data analytics, machine learning, artificial intelligence and the internet of things has opened doors towards incomparable growth opportunities. However, synchronous to the advancement in technology is the rise in cybercrime.


Sean Duca, regional chief security officer for Asia Pacific, Palo Alto Networks

“To most of the regions around the world…cybercrime is definitely, by far one of the leading types of threats that are actually impacting organisations and individuals across the region,” says Sean Duca, regional chief security officer for AsiaPacific (APAC) at Palo Alto Networks.

According to Duca, 95% of all the threats that we typically see have a financial motivation and has an information stealing capability. The rest is made up of cyber-espionage or cyber-hacking type of threat. Cybersecurity is still an incipient sector in the APAC region as very few countries have enforced strategies to control and protect themselves against attacks from cyber-criminals. These attacks come in multiple threat categories, ranging from malicious software (malware) to online banking attacks.

Ransomware, a type of malware that threatens its victims to publish their data or block their access until a ransom is paid, was cited by Duca as one of the biggest threats affecting the APAC region. Predominantly, 68% of total ransomware attacks are identified in Australia and the rest across APAC. Cyber-criminals are more drawn towards nations like, South Korea, Australia, New Zealand, Japan and Singapore. These mature countries, which are heavily-dependent on internet-based transactions, appear to be more vulnerable to cyberattacks than the developing countries in the region, according to Duca.

“We saw a vulnerability come up, so Microsoft released a patch. People were a little bit lax about patching and we started seeing an influx of attacks. Many thought it was an email-borne threat and the reason for that was that they were basically confusing it with another; when in reality there were five different types of attacks happening simultaneously,” Duca further explained.

Malware infections has become a serious threat due to unsecured systems, particularly those with unpatched vulnerabilities. Financial malware comes in all shapes and sizes, and will often be tailored to target a single organisation. Banks’ defences determine how these malwares operate, meaning there are no requirements for cyber-criminals to spend time creating unnecessarily complex malware. Cyber-criminals that are using these programs to conduct attacks can modify the malicious files very easily and use automated tools.

Nowadays, a relatively high percentage of attacks are automated in nature. “You do not have thousands of people sitting behind computer terminals that are systematically trying to do things in real time to try and compromise different people. There are bots that are actively out there doing a lot of the work programmed by cyber-criminals,” says Duca.

From the network percentage perspective, financial institutions, depending on their maturity levels, are assigning employees around the clock, staring at computer screens as they manage multiple solutions to address these cyber threats across numerous channels. Duca mentions that there could be roughly around two to three hundred personnel managing operations to thwart these highly automated attacks.

While external threats may seem like a behemoth of a challenge to financial organisations, internal fraud is an entirely different animal. Internal fraud is another problem that appears to be rampant in developing countries in APAC. Sophisticated markets are, however, not immune to such misconducts. When controlling for internal fraud, customer experience is not the most significant consideration. The nature of these incidents does not often directly impact customers, which means there is a lesser chance for the customer to detect the fraud and inform the banks. Initiatives undertaken by banks to combat internal fraud can vary depending on the maturity and sophistication of the entity. Some opt to use off-the-shelf software to automate the consolidation of data and certain manual checks to flag suspicious activity. Others prefer using data science platforms that offer a lot of technological agility to build business rules and algorithms on the platform.

For example, in Australia, projects with regards to identity theft have been in place for a long time. Duca says that banks have been working on controlling what employees can access based on their levels of seniority and ensure that there would be no rooms for collusion.

“This is where it goes back to one of the core tenets, where from a security standpoint, you really need to have visibility. You really need to be able to see everything and understand: what is the user doing, what applications are they accessing, do they have the correct credentials, and not just simply rely on a username and password, how do we start to implement some extra levels of security,” explains Duca. Continuous reinforcement through communications and training, alongside assessing, tracking, and monitoring individual progress against risk framework plans can strengthen the risk culture.

“Technology isn’t something that we shy away from and I think that it’s inevitable that we’re always going to see this type of digital transformation in the financial services. I think it just needs to be embraced, and it needs to be done in such a way that we’re securing everything that we do,” shared Duca.

The methods and devices used by malicious individuals and organisations are progressing so quickly that even security experts can have a hard time keeping up. The best defence against a tenuous, large-scale threat is to put in place a consistent, overarching strategy that empowers everyone.