Digital disruption continues to be a pre-occupation for financial services institutions in Asia. China may have led the region in terms of the digitalization of certain elements of financial services, for example lending, insurance and payments, but the ASEAN countries are not far off.
The COVID-19 pandemic has accelerated this race to transformation and in the process changed the way people work, shop and bank.
With the region racing to embrace financial inclusion, the relative immaturity of consumers when it comes to the darker elements of digital disruption are showing up.
In the ASEAN Cyberthreat Assessment 2021 report by Interpol, Craig Jones, director of Cybercrime noted that accelerated digital transformation is giving cybercriminals new opportunities to attack consumers and organisations. The work from home initiative has further increased the attack surface.
Michael Tan, regional director for Asia at IntSights, noted that many financial institutions (FIs) depend on traditional threat intelligence reports that sometimes contain outdated intelligence, and in many cases little by way of contextual information.
He suggested that these organisations formulate and implement effective threat intelligence that offer complete visibility and protection in a continuous manner with effective mitigation processes.
Top FIs that have invested heavily in strengthening their cyber defence capability in the years before 2020. “With the current pandemic situation however, most organisations face huge pressure from their management or HR to trim down their team and make them more productive,” said Tan.
ASEAN FIs’ security posture in 2021
Tan was quick to praise the FIs in the mature markets of Singapore and Hong Kong where industry players have strong resources, including threat hunting teams, in place and structured processes to enforce security policies.
The same could not be said of players in markets like Malaysia and the Philippines. With limited resources and less structured cybersecurity practice, customers have become the unwitting targets, both as victims and channels, for attacking the institutions.
Complicating the challenge for FIs in the developing markets of ASEAN is the high social media usage among consumers in these markets.
“Many of these mobile users tend to have low awareness of security, making them a good target for hackers and scammers to launch their attack campaigns on,” commented Tan.
“For example, threat actors and scammers are leveraging social engineering tactics to obtain banking credentials from users.”
Tan suggested that CIOs and CISOs draw up a clear strategy of what they want and need to do for their organisations. They then need to prioritise which are important and urgent, and address the current trends impacting their markets today,” he continued.
Click on the PodChat player above to listen to the full dialogue with Tan.
- In 30-seconds what is IntSight?
- What are the key findings of the 2021 banking and financial services industry cyber threat landscape report?
- The report cites examples of the North Korean Lazarus group and the activities that the group is doing. Why is there a highlight on the Lazarus group?
- The Cornerstone Advisors’ What’s Going On in Banking study (US) reported that nearly half of bank executives put cybersecurity on their list of top three concerns for 2018. That percentage declined to 36% in 2019 and dropped even further to 21% in 2020. Why do you think cybersecurity concerns are going down in the US? In Asia, is it the same trend?
- For ASEAN banks, what is your assessment of their security posture?
- Can consumers rest comfortably thinking that their banks and regulators have measures in place to protect their assets today?
- Given the current state of lockdown in ASEAN and prospects of the vaccination likely not reaching critical mass until 2022, how should both banking customers and banks do to protect their data and their monies?
- Given that there are many security vendors and solutions in the market, how should CIOs and CISOs approach their cybersecurity strategy?