The widening scope of financial services also broadens the attack surface for cybercriminals to exploit. This is one of the key areas highlighted during Trend Micro’s 2022 BFSI Cybersecurity Summit Philippines held recently.
While it is already a given that any financial institution of any size is a target, what they are mandated to do now by the Bangko Sentral ng Pilipinas (BSP) to do is to speed up recovery from the attacks.
“You cannot recover from an attack by mere facilities,” said Manuel Regala, FVP, chief information security officer, and data protection officer of EastWEst Bank, during his presentation. “I encourage you to look for tools and we should also be digitally literate when we decide to move to the cloud.”
BSP had urged the banking, financial services, and insurance (BFSI) to beef up their cybersecurity measures as security incidents continue to rise especially during the COVID-19 pandemic.
Cybersecurity mesh, vendor consolidation, remote work, cyber-savvy boards, identity-first security, and breach and attack simulation are the top security and risk trends for 2022, based on Trend Micro’s data. The use of QR codes, which is becoming popular because of its of use, is also one of the emerging attack surfaces.
“It is important to protect the perimeter of the banks to protect our clients,” Regala said.
Social engineering, perhaps one of the oldest attack strategy still thrives today, what with scam texts proliferating since last year. Unsuspsecting recipients may click on the links included in the messages oblivious that these may be malicious software (malware) that can steal information in their smartphones and other devices.
One of the main challenges not only in BFSI but in other sectors as well is that manual identification of risks and threats is slow due to the massive amount of data to sort and filter. Citing an independent survey, Trend Micro said in one of the presentations that 5 million people (globally) have been a victim of identity theft and 25% of consumers find identity checks difficult and time consuming, which may have been a factor for them to stop using their bank account.
Trend Micro advises financial organizations to consider these factors when choosing cybersecurity partners. Vendors should have:
- unified cyber security platform
- strategy mindset rather than product mindset
- cloud-ready with open API network
- establish synergy with existing and future platforms
- help achieve consolidation and automation