Cybersecurity in Asian banks: what’s in place and what should be

Financial organizations in the Asia Pacific region are more vulnerable than those in other parts of the world when it comes to data breaches – that’s according to a 2017 report from cybersecurity firm Kaspersky Labs.

“Financial threats vary, from online fraud and banking Trojans that affect PCs, tablets and smartphones, to attacks on financial organizations, ATMs and even point-of-sale terminals,” said Vitaly Kamluk, Director of Global Research and Analysis Team in APAC at Kaspersky Lab in a statement. “Analyzing our statistics, we see that the financial sector in Asia-Pacific countries is developing fast and cybercriminals are increasingly looking for ways they can profit from it.”

Asian banks are realizing this issue and making an effort to improve the situation. Ken May, VP of APAC Sales for Tyco Security Solutions at Johnson Controls, said the ability for banks to remain safe was dependent on the industry’s willingness and receptiveness toward taking preventive measures to curb cyberattacks. Research indicates that cyber defenses for biometric databases and applications will become a top priority across Asia. In addition, organizations are looking to create holistic platforms to defend against insider threats.

“Increasingly, banks will be turning to partner technology companies who can provide comprehensive security solutions to secure physical facilities, staff, assets and data,” May added. “Cybersecurity is not the core business of many banks, which means additional costs and manpower have to be incurred to boost that function. Another cost is the keeping up with the latest security technologies, which requires significant capital expenditure. Banks need holistic cybersecurity solutions that are customizable to their needs, instead of piecemeal, product-centric approach that are riddled with gaps.”

An integrated access control approach, for instance, may comprise access control software, proximity card readers, controllers and video surveillance. With such an approach, changing the software used to control all the doors within a facility could be as easy as updating the firmware directly. If an employee loses his or her badge, the proximity card can be deactivated to prevent unauthorized access. The bank can also apply video analytics to detect unusual activity during off-hours and notify the appropriate parties of suspect behavior.
 

An interesting point made by Joon Jun, President of IDIS’s Global Business Division, is that many security incidents are initiated by staff inside a financial institution. The 2016 Bangladesh central bank heist, for instance, was a coordinated effort between a bank employee and a group of outside hackers.

“IT security technology can help keep data secure and physical security measures can protect assets,” Jun said. “Yet banks are now more likely to consider combining logical and physical security identities to track computer and data access as well as location. Combining logical and physical security processes and infrastructures makes it easier to detect and prevent security incidents and provides a platform to manage the response and recovery after an incident occurs.”

To make sure that banks take as many precautions as possible, there are certain measures that can be implemented. According to Ashish Dhakan, MD and CEO of Prama Hikvision India, these include:

• Hexadecimal passwords: A password using a combination of uppercase, lowercase, numeric and special characters makes it difficult for hackers to effectively employ brute-force attacks.
• Frequently changing passwords: This done as per the recommendations of cybersecurity experts and can help with security.
• Firewalls: These have always been part of a network, but sophisticated systems are increasingly being used by banks to prevent illegal logins and access to prohibited websites.
• Biometric Systems: These are necessary for protecting access to the server/ IT department.
• Breach detection: Banks should have a system in place to detect breaches early and a procedure to minimize the harm.