Information security measures in the BFSI sector and misuse of technology for cyber fraud continue to play a cat-and-mouse game with each passing year. Will the increasingly creative security breaches, the constant threat perception and past precedent of financial fraud compel BFSI players to reboot their security strategies for 2018?
Security threats continue to remain a seemingly insurmountable challenge for the BFSI sector if the numbers are anything to go by. If 2017 was the year where ransomware like WannaCry, NotPetya, and Bad Rabbit created havoc, the coming year is likely to see an increased threat perception and more targeted attacks.
According to Information Security Forum (ISF), a global independent information security body, "angry customers will pressure governments to introduce tighter data protection legislation." BFSI enterprises will be therefore walking the proverbial tight rope, balancing product innovations—which may be prone to potential security breaches—and a robust information security framework.
Here are the five main classes of security threats or attacks emerging in 2018.
1. Brace yourself for account-centric frauds
Financial services-related attacks have increasingly become personalized and customer-centric. The sheer frequency with which data breaches are exploding on the scene means only one thing—cyber criminals have a lot of valuable resources at hand including personal information details of customers, leading to a potential account takeover.
Add to this the innovation in services offered by various BFSI enterprises. Have you just launched an AI- or IoT-related product innovation? You have just increased the threat perception, albeit unwittingly. BFSI enterprises will need to ensure Omni-channel fraud prevention as more personal attack attempts may be foreseen in the near future.
2. Cryptocurrencies remain a potential target
The increase in the value of various crypto-currencies like Bitcoin and Ethereum can only make them more of a target of attacks against cryptocurrencies, which may witness a surge in the coming year. There have been cyber attacks against Initial Coin Offerings (ICOs) along with malware designed exclusively to steal cryptocurrencies.
Since many BFSI organizations are likely to explore the possible deployment of cryptocurrencies in one form or the other in the foreseeable future, such mining malware and cryptocurrency vulnerability is bad news for the sector.
3. Mobility and security threats will be in lockstep
According to the latest Kaspersky Cybersecurity Index, more people are now using their mobile phones for financial transactions including payment transfers, shopping, and online banking. Mobile-first consumers are at increased risk as cyber criminals keep devising malware variants intended to steal personal banking information using ingenious ways.
Growing demand by consumers for faster BFSI transactions—including cross border payments—can be a godsend for cyber criminals. And a nightmare for you as a BFSI security professional or CXO. BFSI enterprises are therefore focusing on AI-based security mechanisms to ensure consumer data is walled off against cyber threats.
4. Fraud-as-a-Service is the new normal
BFSI enterprises need to share information on the nature of security vulnerabilities amongst themselves in real-time if only to neutralize the spread of stolen information online—which is a lot faster than you think. Fraud services are nonchalantly offered on the dark web, allowing relatively lesser proficient cyber criminals access to tools that can impact financial security of BFSIs.
5. Social engineering and phishing are not going anywhere
While newer and innovative ways of stealing financial data emerge each day, conventionally tried and tested methods like social engineering and phishing scams continue to be operational. BFSIs need to ensure they focus on both customer and employee awareness to reduce the possibilities of such attacks and scams.