Why banks need to start considering outsourced SOCs

The financial crash in 2008 plunged the world into a prolonged period of financial instability, leading to unemployment and a global decline in business profits due to a fall in demand for goods and services. Ten years on from the crash and we are experiencing an entirely new digital financial landscape, and facing a new set of opportunities and challenges.

Although the crash resulted in a number of regulatory and legislative measures to prevent a similar event from happening again, the changes in our banking habits are already attracting a new breed of threat: cyber criminals.

Incumbent banks and insurers have been under growing pressure to evolve the way they operate over the last decade in order to compete with a host of innovative new, data-driven, digital savvy competitors who have grown out of a consumer demand for more convenient, personalised services.

In order to compete and offer an increasingly personalised experience for their customers, banks need to collect and maintain a wealth of data on their customers. The return for the financial industry, from banks to insurers, is clear as experts estimate that organisations that invest in big data are anticipated to increase their operating margins by 60%.

The value of data has increased exponentially in the last decade and the next financial crisis could be caused by security attacks.

We are already seeing ripples in the financial industry in this space – the most recent example being the huge data breach at US credit reporting bureau Equifax. The breach resulted in a significant loss of data in which the personal details of over 145 million people across the US, UK and Canada were leaked. The event has already started to affect a change in the US, spurring a rethink of data protection laws and has financial services industry commentators considering the role of cybersecurity in banking.

In Europe there will soon be an eye-watering financial tag associated with data loss of up to 20 million Euros or 4% of group worldwide turnover. Elsewhere in the world bodies like the new Computer Emergency Response Team in Financial Sector in India show that institutions around the world are taking steps to mitigate the threat that cyber criminals pose.

This demonstrates the hugely damaging effect that a breach can have on revenue but the industry must also consider the reputational fallout. According to a recent study 50% of consumers would consider switching banks if theirs suffered a cyber-attack, with 47% admitting they would lose complete trust in their bank, should the worst happen.

Trust is paramount in the financial services sector, and the industry is acutely aware of the criticality of the information they’re handling, but as the industry evolves, so too does the threat.

Combating new cyber threats

In early 2017, UK-based banks operating under Lloyds, Halifax and Bank of Scotland were hit by a significant Distributed Denial of Service attack over the course of 48 hours. More recently, a host of South Korean Banks were threatened by a damaging DDoS attack if they did not pay the $315,000 bitcoin ransom demand. Thankfully, banks are acutely aware of the criticality of the data they handle, and in both cases the attacks were successfully defended against.

Although DDoS attacks remain prevalent across a number of industries, the effectiveness of the method relies on the organisation paying up the ransom, which many organisations are refusing. Another more worrying form of attack for banks is one that quietly siphons off data across a period of time. These are often introduced in the form of malware driven attacks, such as banking Trojans.

An example of these kinds of threats is an evolving malware project called TrickBot which, while currently plaguing Latin America, has targeted banks in over 40 countries across the globe.

Attacks that lead to a systematic leakage of data over time do not have the immediate shock effect of a swift attack, but they can be just as damaging, and serve to weaken the banks’ defences over time. An additional layer of complexity to this issue is that there will soon be more and more channels in which hackers can access the systems. P2P services are on the rise, and regulation such as PSD2 is being introduced to increase competition in the industry by introducing an open API standard for banking in the UK, for example.

Securing all the various channels will only get more difficult for the industry as the way we bank continues to evolve and leaders must be armed with an agile cybersecurity plan to move into the next generation of finance with the confidence of their customers behind them.

Securing the future of banking from threats

Traditionally, the banking industry has been one of the main investors in security, and it is likely this will continue to be the case as we navigate the new threats landscape that the future of banking presents.

As open banking accelerates and the industry’s data becomes more and more interconnected, the industry cannot afford to take risks with the data they hold on their customers. One leak could be the first symptom that infects the whole industry with a sickness that could have wider-reaching effects.

In order to combat this evolving threat, the industry needs an adaptive, 24×7 method of detection, defence and counter-attack. Many organisations are looking to outsource their security services in order to ensure they have comprehensive, around the clock coverage. Investment in security operation centres for example is on the rise.

One of the main learnings of the 2008 crisis was that the industry needed to be more responsible in its approach to risk. By keeping abreast of the latest security threats, and investing in security applications that are able to adapt to the future of banking, the industry will be able to avoid a similar crippling financial event.

Key takeaways

• One of the main learnings of the 2008 crisis was that the industry needed to be more responsible in its approach to risk.
• Although DDoS attacks remain prevalent across industries, their effectiveness relies on the organisation paying up the ransom.
• Many organisations are looking to outsource their security services in order to ensure they have around the clock coverage.
• Investment in security operation centres is on the rise.
• Attacks that lead to systematic leakage of data over time do not have the immediate shock effect of a swift attack.
• An additional layer of complexity is that there will soon be more and more channels in which hackers can access the systems.
• Securing all channels will only get more difficult for the industry as the way we bank continues to evolve.

Possible losses from cyberattacks are rising and security operation centres are an added layer of protection, explains Srinivasan CR at Tata Communications.