Technological innovation is a double-edged sword in cybersecurity
Financial institutions, from incumbent banks to alternative financial players, have been experimenting and investing in innovative solutions to address the persistent cyber-threats and attacks from malicious parties.
- New technologies are increasing the speed of service development as well as cyber-attacks
- Consumers’ data and identity are becoming more vulnerable on social media
- The ability to protect, detect and respond - essential in combatting cybercrimes
New technologies such as artificial intelligence and machine learning have equipped institutions with better tools to detect and fight cyber-criminals. However, the technological evolution also poses new questions on cybersecurity as offenders are also leveraging on these capabilities in sophisticating their attacks.
“Both sides are using it. Thus capacity is important – whoever has more capacity is in the better position,” Dr. Marco Gercke, director of Cybercrime Research Institute, highlighted during The Future of Finance Summit, Cybersecurity track.
He added, “Although we see banks investing a lot on this, the difficulty is that the attackers are also working together and sharing their resources.”
Technology is increasing the speed of service development, but also cyber-attacks
Zachary Delecki, assistant legal attaché and cybersecurity practitioner, United States Embassy Singapore, commented, “Cybercrime is an extremely low-risk and extremely high-reward business. These are also companies who invest on their human resources and infrastructure.”
Cyber hygiene is essential for institutions in building a solid foundation of protection. Ka-Wei Yuen, head of IT security governance in Asia Pacific at Deutsche Bank shared his thoughts:
“Cybersecurity for me is like running a sewage system, nobody knows it is there when it working – nobody cares. But when it does not work, that is when everybody notices because it stinks.”
Thus, in order to stay safe in the digital era, financial institutions must accept that they will always be in the firing line of cyberattacks. Amar Singh, chief executive officer (CEO) and founder of Cyber Management Alliance, advised “they have to take threats seriously and not settle for just good enough.” He reminded the audience, “The amount of data that is available out there, publicly available information on all of us, is just really scary.”
Consumers’ data and identity are becoming more vulnerable on social media
This leads to another issue which is digital identity of customers. With the popularity of internet and social media sites, where personal data of individuals are of abundance, coupled with the lack of government issued identification cards in many countries, customer identity and protection are compromised.
Keith Furst, founder of Data Derivatives, commented “most existing government IDs are useless in determining attackers.” Thus, financial institutions must not only work towards digital identity and protecting customer data, but they also need to educate their customers on cyber-crimes. CEO and co-founder, Inzsure, highlighted, “Today data is considered gold.”
The ability to protect, detect and respond - essential in combatting cybercrimes
During the course of the sessions, an interesting though was brought up by Singh, “the question you have to ask your business is not ‘are you protected?’ but ‘do you have the ability to detect and respond to attacks?’”
Howard Mannella, managing principal, Alternative Resiliency Services, shared that a world class response to an attack should be innovative, intuitive, holistic and enabled. Robin Lee, chief experience officer and co-founder of Inzsure, also contributed to the discussion by adding, “Any strategic or critical plan should be from top to down of the management.”
Moreover, in time of crisis in a digital era, accountability becomes an issue. Institutions must rethink: who is accountable when something goes wrong? You cannot fire a bot or bring a bot to jail.
Indeed, the best innovation does not guarantee 100% security. As Gercke said, “I am rather optimistic, but there will always be situations where we will never be able to anticipate every attack. There is no 100% security.” However, cybersecurity should still always be at the forefront of every decision-making process. Institutions must work together and continually converse to arm themselves for a “digital 9/11”.
Keywords: The Future Of Finance Summit, Cybersecurity, AI, Machine Learning, Cybercrime, IT
Guest: Alicia Garcia Herrero, Eugene Tarzimanov