Wipro: Is cybercrime costing banks more than money?
Banking has changed vastly over the past few years, as new technologies emerge to change the way we transact. Non-traditional methods of transacting, such as the blockchain and mobile banking, have emerged, causing an influx of data from multiple sources. Data is no longer generated purely from ATMs or on site, but through online banking, ecommerce platforms, mobile applications – both banking and for mobile purchasing, and non-banking platforms such as the blockchain. The introduction of these omni-channel platforms has led to a need for broader, more effective security measures to be put in place.
The likes of ransomware and malware have been causing quite a stir on a global scale in the past few months, however the banking sector been besieged by all manner of cybercrime since the dawn of digital banking. As the business of banking is centred around the handling and transacting of money on various scales, banks and their customers are often considered soft targets for cybercriminals looking to make a quick buck. However, while cybercrime can be massively expensive for banks, their true Achilles heel is their reputation, the loss of which can extend the cost of cybercrime even more, as banks lose existing customers, potential business and even sometimes having to shut their doors.
Cybercrime, in line with technology, continues to evolve, taking new forms and finding new ways to infiltrate financial enterprises, and banks are struggling to maintain pace with this evolution. This is largely due to the fact that there are so many new methods of banking along with the strong shift from traditional banking to mobile banking.
Financial theft, fraud, identity theft, theft of intellectual property (IP) and general damage to the business processes, critical infrastructure and IT systems are but a few of the ways in which banks are affected by cybercrime - on a daily basis.
With banks typically absorbing the financial impact of losses caused by cybercrime, whether to themselves or their customers, there is a huge focus on ensuring they are protected and ready for anything that enterprising hackers can throw at them.
The evolution of banking cybercrime
As banking has become more digital, moving from traditional banking methods to Internet banking, telephone banking and mobile banking, breaches of data and confidential information have risen. With every new avenue of banking that is explored, another door is opened for potential access by a cybercriminal.
With so many mobile applications available for transacting, the data generated no longer belongs solely to the bank. Third parties have access to banking data, which compounds the risk. Banks are able to control only a portion of the security of transactions today, and much of the onus is on the third party. The security of unknown devices, such as mobile smart phones, cannot be established, so application developers and banks need to ensure that security measures are built into these applications themselves, in order to protect their customers.
Cross channel and cross border payments and transfers are often intercepted by hackers who lay claim to the funds being transferred. Additionally, the rise of ecommerce has introduced the need for third parties to act as intermediaries between ecommerce stores and banks, which poses yet another opportunity for interception through the likes of phishing scams and data collecting malware.
Over and above the theft of money, is the theft of identities. With so much personal information being required by online retailers and banks, people are quick to trust that their information is going into the right hands that few run the necessary checks to ensure that the data portal is secure, or that their information is reaching the intended destination. This further compounds the risk for both banks and retailers as the likes of the Protection of Personal Information (PoPI) Act come into play.
The impact on banks
Banks carry a lot of risk when it comes to cybercrime. Not only are they susceptible to the financial impact of unsecured transactions, phishing sites, re-imbursement, transaction reversal fees and so much more, but they also need to consider the impact of investigating the cause of a breach and re-addressing their cyber security every time a breach occurs. Beyond the possible risk of an “inside job”, they need to pinpoint their weak spots and address them with urgency – something that can be a cost intensive exercise. There is also the concern of damage to the confidentiality of their customers, which can irreparably ruin their reputation and credibility as a financial institution.
Loss of reputation directly translates to a loss of customer trust in the bank’s ability to safeguard and manage their wealth and assets. A bank that cannot effectively “bank” is no bank at all, in the eyes of the discerning customer. In an age where the customer is the key driver of business, loss of credibility can be detrimental to the success of the business and can lead to total failure.
It is absolutely imperative that, more than simply protecting against theft and financial breach, banks focus on protecting their customer’s personal information and other sensitive data. Not only to appease regulatory bodies – in play or yet to come – but also to retain their good standing with their customers.
Prevention is better than cure
As more and more parties get involved with transacting and as more players become involved in the banking space, often from other industries such as ICT, so do more compliance and security requirements emerge. Traditional security measures simply aren’t going to cut it any longer, and banks need to be always looking to future technologies in order to stay a step ahead of cybercriminals.
Confidentiality is key in today’s age of big data and omni-channel banking. Ensuring data and transactions are protected from all angles will be a challenge – one that banks and third parties will have to collaborate on to ensure their customers are wholly protected, and their data and privacy is completely secure.
Cyber security teams need to be looking at all potential entry points, from online banking to application access to the type of encryption employed by third party enablers. Every engagement platform needs to be addressed. They need to ensure that access is controlled, leveraging measures such as authentication, voice recognition and other biometric solutions, passwords and encryption. As new technologies are introduced and new security risks are identified, approaches such as new forms of multiple authentication will become a new trend.
Banks need to ensure they maintain a 360-degree view of their security, keeping a finger on every pulse of the industry, even extending beyond their own domain to businesses that touch on, or overlap with, theirs. Their measures need to be drawn from beyond existing customers, encompassing past customers as well. Network security, identity protection, governance, mobile and application security, channel security, protection of data in motion and data at rest, data masking, encryption, and myriad other security tools need to be reviewed and updated on a constant and regular basis.
Banks can start by assessing and securing their architecture, ensuring their network and servers are trustworthy, and that access to these are controlled and entrusted to select individuals. They should also be addressing their governance structures and standards, ensuring these are compliant not only with local governing bodies, but also with those countries with whom they do business. Having the right people in the right place, and with the proper identity verifications and biometrics in place can also go a long way to managing risk.
There are a vast number of tools and security measures available on the market today, however banks don’t necessarily need all of them – just the right tools in the right places, with the right access to them, or a service provider who understand the nature of banking from a strategic point of view, who can ensure that the bank has the necessary tools in place for a solution that is integrated and effective and yet won’t break the bank.
By Sanjay Vaid, Director of Cyber Security and Risk at Wipro Limited
Is Cloud Computing Environmentally Friendly?
Cloud adoption was well underway before the coronavirus pandemic hit but it has definitely accelerated more organisations to make a move.
Research from NetApp has found that a large majority of users (86%) felt the cloud has become essential to their business and many of them saw it as playing a greater role in their storage strategies. Some 87% viewed storing data in the cloud as easier than other methods.
Flexera, revealed that almost all organisations are using at least one cloud with 99% of respondents saying they are using at least one public or private cloud. 97% of respondents utilise at least one public cloud, while 80% have at least one private cloud. 78% of respondents are using hybrid cloud.
By pursuing a green approach, Accenture analysis suggests migrations to the public cloud can reduce global carbon (CO2) emissions by 59 million tons of CO2 per year. This represents a 5.9% reduction in total IT emissions and equates to taking 22 million cars off the road.
A greener cloud
Selecting a carbon-thoughtful provider is the first step towards a sustainable cloud-first journey. Cloud providers set different corporate commitments towards sustainability, which in turn determine how they plan, build, power, operate, and retire their data centres.
The Google Cloud platform has committed to operating its data centres carbon-free 24/7 by 2030, rather than rely on annual direct energy matches. In 2020, Google became the first company to achieve a zero lifetime net carbon footprint, meaning the company has eliminated its entire legacy operational carbon emissions. According to Google, their data centers are twice as energy-efficient as a typical data centre, and they now deliver seven times more computing power for the same amount of electrical power than they did six years ago.
Microsoft has committed to shifting its data centres to 100% supply of renewable energy by 2025 through power purchase agreements (PPAs). The company has launched its ambition to be carbon negative by 2030 and by 2050 to remove all carbon emitted by the company since 1975. Microsoft Azure’s customers can access a carbon calculator that tracks emissions associated with their own workload on the cloud.
A new forecast from International Data Corporation (IDC) shows that the continued adoption of cloud computing could prevent the emission of more than 1 billion metric tons of carbon dioxide (CO2) from 2021 through 2024.
"The idea of 'green IT' has been around now for years, but the direct impact of hyperscale computing can have on CO2 emissions is getting increased notice from customers, regulators, and investors and it's starting to factor into buying decisions," said Cushing Anderson, programme vice president at IDC. "For some, going 'carbon neutral' will be achieved using carbon offsets, but designing datacentres from the ground up to be carbon neutral will be the real measure of contribution. And for advanced cloud providers, matching workloads with renewable energy availability will further accelerate their sustainability goals."
Accenture analysis shows that customising applications to be cloud-native can stretch carbon emission reduction to 98%. Customisation requires designing applications to take full advantage of on-demand computing, higher asset utilisation rates, and dynamic allocation of computing resources. Cloud computing is also a way of reducing the use of resources such as paper, electricity, packing materials, and much more.
For companies striving to cut carbon emissions and to become more sustainable, cloud computing is definitely an option. Taking the steps to choose the right providers and making the businesses more efficient is key to having the wanted end result.