Convenience and personal touch are what customers across Asia have come to expect. Arguably, no sector is this truer than banking and financial services, where trust and confidence are integral. To thrive in this landscape, Singaporean financial services institutions (FSIs) must ensure they are primed to navigate any disruption to their efforts to deliver easier transaction methods and personalised digital offerings.
The degree to which organisations have harnessed emerging technologies — like integrated behavioural data and affective computing — will likely determine their future trajectory. A recent EY report, for instance, found that FSIs that did so could empower customers with new, effective ways to meet their financial goals.
However, trying to be more data-driven also means organisations must ensure they do not overlook access management as the volume of data they possess grows.
The looming spectre of cyber threats
While digitalisation has been a boon for FSIs striving for continual evolution, modernisation has also widened organisations’ attack surfaces. The spate of cyber attacks on FSIs worldwide also high- lights that many are still playing catch-up when building their security posture.
Ransomware, in particular, has quickly emerged as the top way to execute attacks. This is unsurprising considering the incredible growth of ransomware-as-a-service (RaaS), which enables cybercriminals without the skills and dedicated tools or infrastructure to carry out highly sophisticated attacks. CyberArk’s 2023 Identity Security Threat Landscape Report reveals that 76% of global finance organisations experienced at least one ransomware attack that caused damage to their organisation.
See also: Conducting secure data movements in the cloud symphony
Another form of attack that organisations are vulnerable to is cookie hijacking. Most cyberattacks require some form of privileged access but not cookie hijacking. Now that web-based applications are ubiquitous, attackers and credential-stealing malware often go after browsers. By hijacking these cookies, an attacker can bypass the password and multi-factor authentication login prompts to mass-deleting existing files or live streaming a scam video, for example. CyberArk recently launched the industry’s first identity security-based enterprise browser to address this issue.
Then there is the growth of generative artificial intelligence (AI) tools. While it presents many new opportunities to improve business performance, AI’s many capabilities can also be exploited for malicious activity. We are already witnessing attackers using ChatGPT for more advanced social engineering techniques to steal user credentials.
Due to it still being nascent, generative AI is a double-edged sword with plenty of unknowns. For instance, while they can be a boon for productivity, tools like ChatGPT can also be used to help attackers become more targeted and disruptive, fuelling a new wave of attacker in- novation that surpasses many organisations’ detection and defence capabilities. In fact, 57% of global respondents from financial institutions in our survey indicated that chatbot security vulnerabilities — which include impersonating employees — ransomware, malware and phishing are the biggest concerns from AI threats.
See also: 80% of AI projects are projected to fail. Here's how it doesn't have to be this way
Besides employees, organisations must also ensure that third-party access for vendors and partners is not compromised. Unsecured de- vices can act as gateways for cyber attackers to gain entry to the wider IT infrastructure. This underscores the fact that, without adequate device monitoring and risk management, FSIs will be too vulnerable to withstand the threats from cyber attackers.
The International Data Corp (IDC) estimates that 92% of Asia Pacific banks increased spending on cloud technologies last year. With this growth of cloud adoption, FSIs are not taking security lightly. In particular, digital trust solutions have gained popularity. A report by SGTech finds that spending on these tools, including cybersecurity, digital identities and privacy-enhancing technologies are expected to nearly treble from $1.7 billion in 2022 to $4.8 billion by 2027.
However, these investments must focus on ensuring intelligent privilege controls in the cloud.
Identity: The starting point of a robust security posture
While security is integral to strengthening customer relationships for financial services providers, achieving it requires organisations to integrate zero trust. And with attackers increasingly leveraging unsecured identities to gain unauthorised access to networks, securing identities and protecting organisations’ assets is essential. In our survey, implementing ‘least privilege’ access on infrastructure that runs on business-critical applications emerged as the top measure that global finance organisations are expected to adopt in 2023 to manage sensitive access for humans and machines.
Identity audits are a good starting point to gain visibility over users and devices and the resources they can access. With the precise ability to identify which identities have excessive privileges, organisations can course correct, so to speak, and reduce the risk of identity theft and breaches.
However, organisations should also consider integrating their security tools. Streamlining security solutions into one centralised platform enables FSIs to onboard all identities for comprehensive session monitoring and access management. Not only does this ensure they are compliant with regulations, it also ensures seamless workflows that enable employees to bring greater value to the business.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
Prioritising security without sacrificing convenience
Cybersecurity does not have to create friction for end users. By raising awareness and creating a cyber-secure culture, FSIs can deploy new security tools that prioritise short-term profitability without sacrificing long-term resilience. Through consistent training, FSIs can continue to provide the best services, while minimising service downtimes.
Besides that, FSIs can secure themselves by adopting an “assume breach” stance. Employees can also secure workspaces by creating strong passwords that minimise the risk of credential theft. Meanwhile, security teams should integrate multi-factor authentication to prevent malicious users from compromising accounts. A cloud-based enterprise password management solution enables organisations to securely capture, store and manage password-based applications and other secrets.
With the tremendous benefits offered to customers and providers, digital banking will continue to grow in popularity. For FSIs, the onus is on them to ensure customers have positive and secure experiences. This is why zero-trust and least-privilege approaches are critical. Ultimately, they are integral to a security-forward identity and access management approach, which positions FSIs to secure sensitive data and infrastructure while leveraging the full power of cloud environments.
Vincent Goh is the president and general manager for Asia Pacific and Japan at CyberArk
