Securing e-commerce from cyber crimes
The threat of cyberattacks is one now being taken seriously by the financial sector and fintech executives in the Middle East and elsewhere. After more than a decade of warnings and the growing reality of harm caused by digital malfeasance, the age of awareness raising is truly over. More than 70 per cent of financial sector leaders in the US have listed cyber-related threats as a top risk.
That’s not surprising when, according to some estimates, one in five malware deployments are aimed at the sector. As in other sectors, ransomware – extortion through locking victims out of their systems – is a problem that risks growing exponentially.
That in turn isn’t surprising given crime and malevolent state activity tend to follow where the money is. Damage can range from small-scale theft through to the spectacular. Four years ago, the Bank of Bangladesh was robbed of $81 million. Had it not been for a minor typographical error noticed by authorities in New York, it is believed the loss could have been ten times as great.
Cautionary tales
But these stories are not a reason for despair; they are a reason to redouble efforts to manage risk effectively. Indeed, the financial services sector, in particular, has three inbuilt advantages which help explain why financial institutions are the best protected of any of the privately owned critical sectors.
First, banks already have strong internal controls to manage the risk of insider trading and so-called ‘fat finger’ trading. Both of these rely on limiting the damage any one person or group of people acting wrongly – whether intentionally or accidentally – can do. These controls work in cyber security, too: if a rogue trader can’t manipulate systems easily to bring down a bank, axiomatically that makes it harder for an outside cyber attacker to do the same.
Second, regulators have been smart in finance. Rather than create a box called ‘cyber’ that requires executives to tick it, cyber resilience has been built into the regulatory model as a whole. And the big, interbank clearing systems are being designed with cyber resilience in mind.
Rather than approach the new technology with an attitude of fear, we need to focus on investing in cost-effective security by design.
Share the concerns
Finally, the industry has acted sensibly. It’s the one sector where information sharing is more than a slogan; useful data actually gets shared between institutions who are normally competitors. Well-resourced, technically competent centres are springing up in the various regional financial hubs
Indeed, thanks to these strengths, there is much to celebrate and takeaway from the performance of the financial system and fintech in the extremely challenging year of 2020. The massive increase in dependency on digital commerce has not been accompanied by a catastrophic increase in cyber-related financial crime. Rather than approach the new technology with an attitude of fear, we need to focus on investing in cost-effective security by design. The technology we use now was developed without security in mind.
That was no one’s fault. It’s just the way it happened. But it left us with an ecosystem where services were free in cash terms so long as the citizen gave away mountains of personal data — not a good recipe for security. As we move towards the age of blockchain transactions, machine learning, 5G-enabled services, and quantum, we need to make sure we do not repeat this mistake. Fixing the present and building in security and resilience for the future are the ways in which we will ensure a prosperous digital financial ecosystem in the years ahead.