Digital banking has given us new innovations, business opportunities and customer convenience, but fintech leaders must ensure they are prioritising cybersecurity.
The COVID-19 pandemic has greatly impacted the financial services ecosystem in Malaysia in recent years, especially in accelerating the adoption of online payment services and digital banking amongst consumers. According to McKinsey & Company’s latest APAC Personal Financial Services survey, 90% of Malaysians have used digital banking at least once a month this year compared with 62% in 2017, while a recent study on financial wellness by Backbase and Forrester Consulting maintained that 82% conducted their day-to-day banking via their mobile devices. This high level of adoption is likely to stick even after the pandemic is over. It is little wonder that, with Bank Negara Malaysia’s proposal to issue up to five digital banking licences in the first half of 2022, digital banking will eventually become a new battleground between new entrants into this space and threat actors perpetually lurking in cyber space.
Fintech under cyber siege
The financial industry has always been a hotbed of cyber attacks. The pandemic only exacerbated the severity and frequency of the attacks, with cybercriminals taking full advantage of the abrupt pivot to virtual workspaces, the increasing use of online collaborative tools and applications, and the dramatic rise in online financial transactions. Worryingly, Trend Micro’s recent Midyear Roundup Report revealed that the global banking industry has experienced a disproportionate 1,318% year-on-year increase in ransomware attacks in the first half of 2021. Today, we continue to see threat actors taking advantage of any and every open avenue – typically seeking out gaps and blind spots in the networks of digital banks.
With new innovations come new risks
Unlike traditional banking, where customer data is typically confined to one bank, the onset of digital banking will see more enterprises looking to integrate its platforms and share financial data with third parties to better understand customer behaviour. This means that data fluidity will be a defining factor in digital banking, and banks will have to put identity protection at the forefront, not just focusing on data privacy.
As consumers become increasingly reliant on the convenience of online and mobile payments, and cyber threats become more sophisticated, the challenges fintech players face in securing their infrastructures are only going to grow more complex. Understanding the risks and potential vulnerabilities, along with how attackers will try to exploit them, is the cornerstone of maintaining a strong cybersecurity posture.
To facilitate a secure environment for their customer base, financial players venturing into the digital banking space should keep these cybersecurity considerations in mind:
1.Application and Mindset Modernisation
Unlike fintech organisations which are typically born on the cloud, traditional banks, including those that are looking to digitise, are often confined to monolithic applications and legacy security systems causing issues and an almost unmanageable expansion of complexity. In fact, according to Backbase and Forrester, 66% of financial services firms in Malaysia cited outdated technology as the top challenge when implementing or developing digital money management tools.
Alongside that, many traditional organisations are also imprisoned by a legacy mindset, often reluctant to embrace new technologies and cultivate a cloud-first culture throughout the organisation.
To build a secure digital banking business, leaders must prioritise investing in cloud services, applications, and infrastructure to ensure that the organisation is able to keep up with the modern threat landscape, which continues to evolve with more sophisticated and widespread attacks.
Statistically, data breaches are a rare occurrence in banking. Yet, personal financial data is vulnerable, and people, in general, are worried about sharing their data online. A January Fico 2021 study found that 48% of consumers prefer to open bank accounts at physical branches compared to digitally.
In the digital banking space, organisations must move away from relying on usernames and passwords as a form of authentication, to identity-based authentication, such as through two-factor authentication. This is to help them build trust and customer loyalty, and ultimately provide genuinely innovative, differentiating, revenue-generating services.
3.Round the Clock Cybersecurity Intelligence
While most banks today are monitoring their cybersecurity 24/7, many are built to respond to cybersecurity incidents after they happen. With the rise of digital banking, it is critical for financial institutions to instead take a proactive approach to detect potential threats early – such as through investing in a cybersecurity intelligence engine that provides predictive analysis – as a method of prevention. Through this approach, financial institutions can easily identify the occurrence of a cyberattack in advance, equipping them with the information needed to take advanced action.
Trust none, verify all
As threats continue to shift, fintech players need to have a complete understanding of their risks and to continuously adapt their protective strategies. This is so that security teams can make informed decisions and implement effective solutions that can scale and adapt, rather than simply exchanging one piece of cybersecurity infrastructure for another.
With a dispersed workforce using a variety of devices to access corporate resources hosted in a range of locations, from the corporate data centre to cloud or SaaS applications, organisations can no longer assume verified or trusted devices and individual identities are secure.
Zero Trust, a cybersecurity model that assumes threats exist both inside and outside a network, is the key strategy to having better visibility into an organisation’s security risks. It is the way forward to secure the always changing hybrid workplace in a more agile effective manner than legacy security architectures can deliver.
Cybersecurity is the foundation of a flourishing digital economy
The 12th Malaysia Plan 2021-2025 (12MP) is expected to digitise and develop Malaysia into a regional leader in 2030 and digitising the banking landscape will undoubtedly be a progressive step towards financial inclusion and digital transformation. Understanding the risks and potential vulnerabilities and how attackers will try to exploit the system is the foundation of good cybersecurity, therefore it is of paramount importance that fintech players first set in place strong cybersecurity policies before furthering their moves into digital banking and payments. It is only when security is prioritised at every step of innovation, can Bank Negara Malaysia’s vision of enhancing access to affordable and quality financial solutions to all Malaysians be realised.
Goh Chee Hoh is Managing Director of Trend Micro Malaysia & Nascent Countries.