Innovation has become the key for banking to offer customers an enriching experience. GCC banks have leveraged on technology to provide such unique experiences.
This has resulted in tremendous growth in the adoption of technology by the GCC banking and financial services sector. However, the growth is intrinsically linked with major concerns and threats of cyber security. Cyber security is a collective concern that is comprehensive in scope – the Internet has no national boundaries. Social networking has become a playground for criminal minds due to its ability to store big amount of private data. Cloud computing has also become an ideal target because of its reliability and scalability.
GCC banks and financial institutions also need to gear up to the challenges of cyber security. Traditional security methods such as next generation firewalls and other reactive measures are losing the fight against a new breed of attacks. Security is now very much about the protection of the application, the enforcement of encryption and the protection of user identity.
Malware is also one of the preferred form of cyber attack. Malware is most often delivered in email right to your inbox. Malware aims to find your passwords, contents of your e-mail, the networks accessed and the databases we access, the applications we use and other computers where we login. There are five malware events every second in the world. Detecting and removing malware could be expensive.
In October 2015, cyber attackers stole at least £20 million from British bank accounts. The cyber criminals had used malware to gain access to people’s personal computers. The malware Dridex was responsible for worldwide losses of $100 million. About 56 million customer debit and credit cards were put at risk after hackers broke into the American retailer Home Depot’s payment systems in April 2015.
In recent times, we are also seeing the threat of new mobile malware targeting banks and their clients. Traditionally, these threats have been by way of the PC and the online channel. However, given the rise in popularity of mobile banking, criminals have begun paying closer attention to the emerging mobile channel and the opportunities it presents.
This is a clear indicator that mobile malware is on the rise and will become more prevalent. Certain mobile malwares break into a mobile device through a social engineering campaign using text messages. Once it has wormed its way into a device, the malware looks for apps from financial institutions.
The UAE Banks Federation has plans to develop a mobile wallet accessible to its members in 2016. With banks looking forward to the mobile wallet to reach customers, they should also monitor transactions for signs of account takeover activity stemming from the mobile malware. They can also educate customers about such threats.
Mobile commerce is not only a great opportunity for retailers, it has also already been opened up to cybercrime, in the form of apps that are sometimes not verified for their proper behaviour.
Cyber security has become important for the financial services industry in meeting compliance standards and in keeping customer information safe. Cyber security is also a strategic risk for the financial sector as it could damage an organisation’s brand and reputation, resulting in loss of share value and market confidence. It can also impact the financial and intellectual property, resulting in loss of competitive edge and can cause system inoperability caused by a breach, resulting in inability to execute trades and access to information.
Hence, the involvement of the company’s board is required which should set the tone for enhancing security and determine whether the full board or a committee should have oversight responsibility. On the whole, cyber risk is a real challenge for GCC banks.