Community
Introduction
This blog is based on an article co-authored along with Matthew Lamons, CEO of The Intelligence Factory and is an edited version of the same article. As a matter of introduction and context, we work closely together to enable strategic decisioning and risk mitigation through AI. We felt that the current global risk situation requires far more attention as to how AI and related data science capabilities can help reduce risks to banking in this part of the world. Since we wrote the original article(https://open.substack.com/pub/kaustuv/p/confronting-the-emerging-risks-to?r=9c5n&utm_campaign=post&utm_medium=web), Nikkei has published about the matter, validating our views. Here is a link to the Nikkei article, but you may need to subscribe and get beyond the paywall. Indonesian cyberattack signals growing threat in Southeast Asia - Nikkei Asia. Recent cyberattacks on Indonesia by the Lock Bit group are mentioned as is the lack of cyber readiness in the wider region. Data back-up is a key concern. We see proactive signalling, end-point security and scenario simulation as key requirements.
Emerging Risks to Banking in a Strategic Region
The digital age has transformed the banking sector, bringing both unprecedented convenience and equally unprecedented risks. As financial institutions increasingly rely on technology to manage transactions, store data, and engage with customers, they also become prime targets for cyberattacks. Recent high-profile incidents, such as the ransomware attack on Evolve Bank & Trust by the Russian hacker group Lock Bit, underscore the growing sophistication and frequency of these threats.
It is natural for payment infrastructure services and providers of advanced AI-based cybersecurity providers to align and help secure the transactional economy. ASEAN is at the heart of the Indo-Pacific region. It has a GDP of $3.6 Trillion(2022 estimates, last available in January 2024) and a population in excess of 670 Million. It straddles a key part of the world, sitting between India, China and Australia. The Northernmost part of ASEAN is very close to the Nicobar Islands of India while the Southernmost part is not far away from Australia’s Northern Territory and shares the same landmass with the country of Papua New Guinea. The Straits of Malacca is a major shipping channel. The eyes of the world are upon this region. Against this backdrop, it is not surprising that cyber-attacks and cyber espionage constitute a particular concern for governments, industry and people. In this piece, however, we look only at the specific issue of cyber attacks on banking and financial services.
The Synapse Incident: A Wake-Up Call
The attack on Evolve Bank & Trust, which serves numerous high-profile fintech partners including Mercury, Stripe, and Affirm, has been a stark reminder of the vulnerabilities that even the most advanced financial institutions face. The hackers claimed to have exfiltrated 33 terabytes of sensitive data, including end user Personally Identifiable Information (PII) such as Social Security Numbers, card Primary Account Numbers (PANs), wire transfer details, and settlement files. The breach not only exposed critical data but also highlighted significant deficiencies in Evolve's IT security practices, which had already attracted regulatory scrutiny from the Federal Reserve Board.
This incident, coupled with the collapse of Synapse, a once-prominent fintech partner of Evolve, serves as a potent illustration of the cascading risks that can ensue from a single security failure. As banks and their fintech partners are intricately linked, a breach in one entity can reverberate across the entire ecosystem, compromising the integrity and trust upon which financial services depend.
The Rise of Real-Time Payments and Open Banking: A Double-Edged Sword
The advent of real-time payments and open banking has revolutionized the financial landscape, offering consumers faster and more flexible access to financial services. However, these advancements also introduce new vectors for cyber threats:
The Consent Framework in Open Banking and Attendant Risk
A consent framework is key to Open Banking being truly what it is called. The interplay between third party service providers, banks and account holders is central to Open Banking. The implications go much deeper than just the transaction itself. A robust framework in practice means that consumers will be able to access multiple service brands from one app, including one bank service app or fintech app. In addition, merchants and service providers will no longer need to go looking for time-consuming tie-ups with multiple banks. APIs will be sufficient for all players within a permitted band of activities and compliance checklists to access a large, universal base of users. The risk intensity is particular when a consumer seeks to use a third-party provider and that provider approaches the consumer’s bank for data. This is where particularly sophisticated levels of fraud can play out. It is possible for the permissioning process between the bank and the consumer to be strong and secure. But there needs to be place a process-and tools-that are always able to sense if a third player is a bad actor. Further, it is also possible that another party may be able to take over a session and capture data for it’s own purposes.
Emerging Online Risks to Financial Institutions
The Evolve Bank & Trust incident is just one example in a broader landscape of emerging online risks facing financial institutions. Some of the most pressing threats include:
How AI is Transforming Cybersecurity for Financial Institutions
To combat these sophisticated threats, financial institutions are increasingly turning to Artificial Intelligence (AI) and Machine Learning (ML). These technologies offer several advantages in enhancing cybersecurity:
Practical Applications of AI in Financial Cybersecurity
AI-driven cybersecurity solutions are already being implemented across the financial sector, providing tangible benefits:
Enhancing Financial Cybersecurity
AI-led real-time threat detection, historical trend analysis, and comprehensive compliance reporting are key steps in this matter. By analyzing log files and monitoring user behavior, it is possible to identify and respond to threats quickly and effectively. Complementing this, an immersive 3D visualization and dynamic simulations enable financial institutions to visualize potential threats, simulate various scenarios, and make informed decisions to enhance their security posture. A configurable framework platform that delivers a full digital infrastructure to banks and other financial institutions, inclusive of the above, helps these institutions safeguard their digital assets, maintain regulatory compliance, and build trust with their customers.
Leveraging the power of AI and advanced analytics, financial institutions can stay one step ahead of cybercriminals. The recent ransomware attack on Evolve Bank & Trust serves as a stark reminder of the importance of robust cybersecurity measures. In an era where cyber threats are continually evolving, proactive and intelligent cybersecurity solutions are not just an option—they are a necessity. Fortifying your defenses and ensuring the security and integrity of your financial operations are key to a resilient economy and society.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Roman Eloshvili Founder and CEO at XData Group
02 August
Konstantin Rabin Head of Marketing at Kontomatik
Denys Boiko Founder at Erglis
01 August
Michael Zetser CEO at Flyfish
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.