Cyber security: trends and implications in financial services
Cyber-attacks continue to evolve and are becoming more frequent and widespread. Attackers are improving their tactics and techniques faster than security teams can keep up and their methods grow more sophisticated each year. What are the technological trends that define the threat and risk associated with cyber security and their implications for financial services?
Financial institutions face a growing pressure threat from cyber-attacks, which can take many different forms across a wide range of channels. A typical attack will be perpetrated by a criminal in a remote and safe location who tries to get inside the systems of a bank or of its clients. Other attacks include attempts to divert payments into the accounts of criminals. Fraud is very closely linked with cyber-crime and there are synergies in how financial institutions fight cyber-crime and fraud.
To fight cyber-crime, banks must invest very heavily in systems and people. Because cyber-attacks are constantly changing, financial institutions must permanently supervise cyber-crime protection, ensuring that measures are always improved to keep up with increasingly sophisticated cyber-attacks. Improving defences requires new products, systems and people. A growing number of people at Societe Generale, for example, are devoted full-time to keeping cyber criminals outside the gates. In addition to this, focusing on fraud will also help in the fight against cyber-crime. There are synergies between how both types of activity are dealt with and the fight against fraud is complementary to the fight against cyber-crime.
Banks must take a broad view across all channels and customer behaviours to defend against cyber-attacks. Technologies including machine learning (ML), artificial intelligence (AI) and big data are increasingly deployed to improve the detection of suspicious transactions. By combining strong identification and authentication methods with AI and ML, banks can sift through large amounts of data in real time and identify suspicious transactions. These transactions might originate from phishing attacks but also can come via ‘safe’ channels that have been penetrated. Big data enables links to be established between dubious IP addresses and phishing attacks, alerting a bank to transactions from that address. By combining big data with ML, the cyber defences can ‘learn’ how to detect anomalies going forward. Alerts may also arise from transactions that are inconsistent with a client’s usual behaviour. The complex nature of cyber-attacks requires banks to track and detect transactions more proactively.
Cyber criminals increasingly act like corporates, with new product development teams and some organisations offering their services to or integrating them with those of other criminal gangs. Cyber-crime is more lucrative than other crimes, so banks must continue to invest a lot of resources into building defences against it.
Deputy Head of Global Transaction and Payment Services
Alongside technology, banks realise that new types of staff need to be deployed to fight cyber-crime. Teams comprising data scientists, bankers, payments specialists and others are working together to develop the skills to protect a bank and its client from attack. Cyber defences must combine technology with know-how.
If corporate clients are aware that a bank is committed to preventing fraud and cyber-attack, confidence in the bank will grow and a good relationship will be established.
Head of Banking Solutions Engineering
One of the challenges in developing cyber defences is the number of ‘false positives’ that can arise. These can never be eradicated, but by constantly working on the rules we develop for detection systems, we can reduce their number. Societe Generale’s approach is to try to discover the rules that are relevant to different scenarios; we do this in live sessions. Our approach is to improve the efficiency and accuracy of the rules we are establishing, and AI and ML can bring a great deal of efficiency to this process. We process more than 15 million transactions per day1 and scan those transactions for several factors, such as a change in the behaviour of a client and suspicious IP addresses.
In fighting cyber-crime, financial institutions should make sure that their staff and clients are regularly informed about the risks, such as phishing attacks and social engineering. Clients must understand why it is so important to implement strong authentication and to have encryption to create more robust communications channels. Often stronger cyber-security systems are more complex and cumbersome to implement. There is a danger that clients may view aspects of cyber defence as an inconvenience, but with the right information, clients should accept the reality of cyber threats. There is a growing awareness among corporate clients that cyber security is a problem and to protect against it, they may have to move to stronger authentication and communication systems. Successfully detecting a fraudulent transaction or cyber-attack can strengthen a bank’s relationship with its corporate client. Increasingly, transaction banking RFPs request details about security and how the bank proposes protecting against attacks.
In the corporate payments world, new capabilities are being developed to ‘push’ information to clients prior to a transaction being initiated. By analysing payment flows, a bank can send information to a client before a remittance is signed if an anomaly is detected.
Notes: 1- July 2018, 330 million transaction in a month, basis of 22 days = 15M transaction/day