Connect with us
Thailand Business Directory

Banking

Building ASEAN Banking Cybersecurity resilience

Technological revolutions come with their own form of risk: cyber risks. The more “digital” banks become, the more channels for potential points of attacks from cyber criminals, who are constantly evolving to exploit new loopholes.

Boris Sullivan

Published

on

Technology and the internet have undeniably become integrated into our daily lives. Customers’ behaviors continue to evolve and adapt to the technological progresses. In response, new technologies are developed to serve and accommodate customers’ ever-evolving needs.

A prime example is the invention of smartphone over a decade ago, which has completely transformed our ways of lives and increased people’s connectivity to unprecedented levels.

The banking industry, too, is undergoing massive digitalization, from the user-facing tools like mobile banking apps to backend infrastructure and essentially everything in between. These developments are the key drivers behind the convenience and productivity that we all enjoy today.

But, inherent to any invention, these technological revolutions come with their own form of risk: cyber risks. The more “digital” banks become, the more channels for potential points of attacks from cyber criminals, who are constantly evolving to exploit new loopholes. Even when these loopholes are identified and patches are issued, delayed updates could also pose potential risk.

Financial Institutions Hacking and Social Media scams

We have repeatedly witnessed that the various—and many times severe—cyberrelated incidents often revolve around financial institutions.

Some infamous examples include the Bangladesh Bank incident, the hacking of ATMs in Taiwan and various other countries, Target’s credit card data breach which resulted in data of 2 over 70 million credit cards stolen, Equifax’s data leakage in which the company was fined 700 million USD, and more recently the case of Capital One Bank in which over 100 million customers’ data were leaked. Thailand is also not immune to these cyber threats.

A state bank’s ATMs were hacked, customers’ data from 2 large banks were leaked on the Dark Web, and the WannaCry ransomware outbreak. In addition to attacks on financial institutions, customers’ behavior and lack of cyber threat awareness also pose significant cyber risks as well.

Social media scams through LINE or Facebook Messenger in which attackers pretend to be the victim’s acquaintance, asking for a favor to transfer money; or users’ submitting their bank account information to questionable, illegal gambling website from which their data eventually got leaked a few weeks prior are some examples of cyber-attacks that hinge on the user’s inexperience or lack of awareness of online threats.

Cyber-attacks not a matter of “if” but rather “when”

In addressing these threats, it is important to operate under the assumption that it is not a matter of “if” but rather “when” these threats will occur, and focusing solely on “protection” and “detection” is no longer sufficient.

In other words, cybersecurity alone is not enough, but we also need to proactively think about cyber resilience: how do we not only prepare, but also withstand and recover from disruptions. In the short time I have today, I’d like to highlight three key drivers for effective cyber resilience .

Cyber resilience should be an important organization-wide agenda

First, cyber resilience is not only the responsibility of a company’s IT department, but rather an important, organization-wide agenda. The board of directors and senior management must understand and endeavor to prioritize cyber risk management frameworks into the organization’s operation. This includes making sure that cyber resilience policies put in place are applied effectively, setting a clear organizational structure that includes the roles and responsibilities of staff across all levels, establishing a risk management process according to international practices, and ensuring that employees are always vigilant on cyber security issues.

The Bank of Thailand, for example, requires financial institutions to have at least one member with IT knowledge or IT-related experiences to be on the board of directors. We also organize regular capacity-building courses for board members and high-level executives from Thai financial institutions to provide them with the knowledge and 3 understanding of how to address cyber threats. In addition to tone from the top, staff members at the operational level must also be more vigilant of the cyber risks involved in their day-to-day tasks.

Improving response and recovery

Second, while in the past much efforts had been put on reinforcing protection and detection systems, we must now shift our focus towards improving response and recovery. Readiness in addressing cyber-attacks—preparing a response plan or a playbook—remains a common gap among financial institutions.

Frequent cyber exercises are also crucial, as vulnerability of response plans are often discovered during these exercises which allow organizations to continually improve their response processes. Regular practice is the best practice.

Not only should these exercises be done by individual firms, but also at an industry level. The financial sector, for example, has started these exercises within the banking sector and will soon expand to other parts of the financial sector.

As time goes by, our society becomes more interconnected, and eventually these cyber resilience exercises need to be done at the inter-industry level. For instance, the banking sector needs to have joint exercise with telecommunication companies for scenarios involving mobile banking attacks, or with the utilities sector for power outage scenarios.

Information sharing is crucial in strengthening the overall cyber resilience

Third, collaboration and information sharing are crucial in strengthening the overall cyber resilience. Cyber threats are becoming much more complex that an individual organization’s defensive technology may not be able to catch up.

Close cooperation and sharing of cyber threat information will help organizations better monitor the development of cyber threats, recognize unfamiliar threats, and develop more comprehensive plans for dealing with such issues. Cooperation is also more than just information sharing: whether it is cooperation in terms of supervision, development of standards, cyber exercises, or capability building.

These kinds of cooperation that would eventually create a “Cybersecurity Ecosystem” requires efforts from all sides, including governments, regulatory agencies, the private sector, and the education sector. It is very welcoming that today there are already a number of information sharing platforms available at the national, regional, and international levels.

Thailand’s finance, banking, capital markets, and insurance industries have established a Computer Emergency Response Team (CERT) for their respective industry. The teams share cybersecurity information on a daily basis. At the regional level, ASEAN has established the Cybersecurity Resilience and Information Sharing Platform (CRISP). The Central Banks, Regulators, and Supervisors (CERES) forum serves as a platform for the international community. These collaborations on multiple levels present opportunities for countries to learn from one another.

More recently, under our capacity as the 2019 ASEAN Chairman, Thailand has collaborated with the Bank for International Settlement (BIS) to organize the ASEAN Financial Regulators’ Program on Cyber Resilience, a series of training programs, the last of which concluded just yesterday. We envision that these Cyber Range collaborations will continue to be held for ASEAN members going forward.

Although the financial sector has made significant progress in terms of cyber resilience, the never-ending development of cyber threats means that we too must continue to improve our defenses. In this regard, there remains many issues which the Bank of Thailand, along with other central banks in the region, intend to drive forward, such as overseeing more comprehensive cyber resilience policies and promoting the development of human resources. In response to cyber-attacks that may target vulnerable customers, it is crucial that we strive to increase consumer technology literacy to nudge them towards safer cyber behaviors and ensure a sufficient level of Cyber Hygiene.

Edited from Opening Remarks by Veerathai Santiprabhob, Governor of the Bank of Thailand ASEAN at the Banking Cybersecurity Conference 2019

Comments

Banking

Bank of Thailand to end debt moratorium for SMEs

According to a press release from the Bank of Thailand, the concern is that while most businesses can now continue payments, an extension of the assistance measure could impact the long-term stability of financial institutions.

Avatar

Published

on

BANGKOK (NNT) – The Bank of Thailand (BoT) has decided not to extend a general order to suspend debt repayment by SMEs to commercial banks set to end this October 22, instructing the institutions to consider such aid on a case by case basis instead, to protect the sector from long term impact.

(more…)
Continue Reading

Banking

Covid-19 will cause long-lasting revenue losses for emerging market sovereigns

Almost all EMs will record budget deficits this year and face constraints in cutting spending amid the pandemic, amplifying the importance of revenue generation.

Pr News

Published

on

By

Coronavirus Asia

Emerging market (EM) sovereigns will suffer long-lasting revenue losses due to the coronavirus crisis, with governments’ ability to implement and enforce effective revenue-raising measures set to be a key credit driver over the coming years, Moody’s Investors Service said in a report today.

(more…)
Continue Reading

Banking

Bank of Thailand Launches First Government Savings Bond based on Blockchain Technology

In the past, the sale of government savings bonds was a complex, multiparty, time-consuming process that relied on a non-real-time system, with duplicated validation steps and manual reconciliation prone to data errors.

Pr News

Published

on

By

BANGKOK, Thailand, Oct. 5, 2020 /PRNewswire/ –SIBOS — IBM today announced that Bank of Thailand(BOT), the central bank, has successfully launched the world’s first blockchain-based platform for government savings bonds issuing a total of $1.6B USD within two weeks.

(more…)
Continue Reading

Cart

Most Viewed

Events Calendar

« October 2020 » loading...
M T W T F S S
28
29
30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
1
Wed 28

Vend ASEAN(Bangkok)Vending Machine & Self-service Facilities Expo 2020

October 28 @ 8:00 am - October 30 @ 5:00 pm BMT
Wed 28

Vend ASEAN 2020

October 28 @ 10:00 am - October 30 @ 6:00 pm BMT

Subscribe via Email

Enter your email address to subscribe and receive notifications of new posts by email.

Join 13,037 other subscribers

Latest

Trending