Connect with us

Banking

Building ASEAN Banking Cybersecurity resilience

Technological revolutions come with their own form of risk: cyber risks. The more “digital” banks become, the more channels for potential points of attacks from cyber criminals, who are constantly evolving to exploit new loopholes.

Boris Sullivan

Published

on

Technology and the internet have undeniably become integrated into our daily lives. Customers’ behaviors continue to evolve and adapt to the technological progresses. In response, new technologies are developed to serve and accommodate customers’ ever-evolving needs.

A prime example is the invention of smartphone over a decade ago, which has completely transformed our ways of lives and increased people’s connectivity to unprecedented levels.

The banking industry, too, is undergoing massive digitalization, from the user-facing tools like mobile banking apps to backend infrastructure and essentially everything in between. These developments are the key drivers behind the convenience and productivity that we all enjoy today.

But, inherent to any invention, these technological revolutions come with their own form of risk: cyber risks. The more “digital” banks become, the more channels for potential points of attacks from cyber criminals, who are constantly evolving to exploit new loopholes. Even when these loopholes are identified and patches are issued, delayed updates could also pose potential risk.

Financial Institutions Hacking and Social Media scams

We have repeatedly witnessed that the various—and many times severe—cyberrelated incidents often revolve around financial institutions.

Some infamous examples include the Bangladesh Bank incident, the hacking of ATMs in Taiwan and various other countries, Target’s credit card data breach which resulted in data of 2 over 70 million credit cards stolen, Equifax’s data leakage in which the company was fined 700 million USD, and more recently the case of Capital One Bank in which over 100 million customers’ data were leaked. Thailand is also not immune to these cyber threats.

A state bank’s ATMs were hacked, customers’ data from 2 large banks were leaked on the Dark Web, and the WannaCry ransomware outbreak. In addition to attacks on financial institutions, customers’ behavior and lack of cyber threat awareness also pose significant cyber risks as well.

Social media scams through LINE or Facebook Messenger in which attackers pretend to be the victim’s acquaintance, asking for a favor to transfer money; or users’ submitting their bank account information to questionable, illegal gambling website from which their data eventually got leaked a few weeks prior are some examples of cyber-attacks that hinge on the user’s inexperience or lack of awareness of online threats.

Cyber-attacks not a matter of “if” but rather “when”

In addressing these threats, it is important to operate under the assumption that it is not a matter of “if” but rather “when” these threats will occur, and focusing solely on “protection” and “detection” is no longer sufficient.

In other words, cybersecurity alone is not enough, but we also need to proactively think about cyber resilience: how do we not only prepare, but also withstand and recover from disruptions. In the short time I have today, I’d like to highlight three key drivers for effective cyber resilience .

Cyber resilience should be an important organization-wide agenda

First, cyber resilience is not only the responsibility of a company’s IT department, but rather an important, organization-wide agenda. The board of directors and senior management must understand and endeavor to prioritize cyber risk management frameworks into the organization’s operation. This includes making sure that cyber resilience policies put in place are applied effectively, setting a clear organizational structure that includes the roles and responsibilities of staff across all levels, establishing a risk management process according to international practices, and ensuring that employees are always vigilant on cyber security issues.

The Bank of Thailand, for example, requires financial institutions to have at least one member with IT knowledge or IT-related experiences to be on the board of directors. We also organize regular capacity-building courses for board members and high-level executives from Thai financial institutions to provide them with the knowledge and 3 understanding of how to address cyber threats. In addition to tone from the top, staff members at the operational level must also be more vigilant of the cyber risks involved in their day-to-day tasks.

Improving response and recovery

Second, while in the past much efforts had been put on reinforcing protection and detection systems, we must now shift our focus towards improving response and recovery. Readiness in addressing cyber-attacks—preparing a response plan or a playbook—remains a common gap among financial institutions.

Frequent cyber exercises are also crucial, as vulnerability of response plans are often discovered during these exercises which allow organizations to continually improve their response processes. Regular practice is the best practice.

Not only should these exercises be done by individual firms, but also at an industry level. The financial sector, for example, has started these exercises within the banking sector and will soon expand to other parts of the financial sector.

As time goes by, our society becomes more interconnected, and eventually these cyber resilience exercises need to be done at the inter-industry level. For instance, the banking sector needs to have joint exercise with telecommunication companies for scenarios involving mobile banking attacks, or with the utilities sector for power outage scenarios.

Information sharing is crucial in strengthening the overall cyber resilience

Third, collaboration and information sharing are crucial in strengthening the overall cyber resilience. Cyber threats are becoming much more complex that an individual organization’s defensive technology may not be able to catch up.

Close cooperation and sharing of cyber threat information will help organizations better monitor the development of cyber threats, recognize unfamiliar threats, and develop more comprehensive plans for dealing with such issues. Cooperation is also more than just information sharing: whether it is cooperation in terms of supervision, development of standards, cyber exercises, or capability building.

These kinds of cooperation that would eventually create a “Cybersecurity Ecosystem” requires efforts from all sides, including governments, regulatory agencies, the private sector, and the education sector. It is very welcoming that today there are already a number of information sharing platforms available at the national, regional, and international levels.

Thailand’s finance, banking, capital markets, and insurance industries have established a Computer Emergency Response Team (CERT) for their respective industry. The teams share cybersecurity information on a daily basis. At the regional level, ASEAN has established the Cybersecurity Resilience and Information Sharing Platform (CRISP). The Central Banks, Regulators, and Supervisors (CERES) forum serves as a platform for the international community. These collaborations on multiple levels present opportunities for countries to learn from one another.

More recently, under our capacity as the 2019 ASEAN Chairman, Thailand has collaborated with the Bank for International Settlement (BIS) to organize the ASEAN Financial Regulators’ Program on Cyber Resilience, a series of training programs, the last of which concluded just yesterday. We envision that these Cyber Range collaborations will continue to be held for ASEAN members going forward.

Although the financial sector has made significant progress in terms of cyber resilience, the never-ending development of cyber threats means that we too must continue to improve our defenses. In this regard, there remains many issues which the Bank of Thailand, along with other central banks in the region, intend to drive forward, such as overseeing more comprehensive cyber resilience policies and promoting the development of human resources. In response to cyber-attacks that may target vulnerable customers, it is crucial that we strive to increase consumer technology literacy to nudge them towards safer cyber behaviors and ensure a sufficient level of Cyber Hygiene.

Edited from Opening Remarks by Veerathai Santiprabhob, Governor of the Bank of Thailand ASEAN at the Banking Cybersecurity Conference 2019

Continue Reading
Advertisement
Comments

Banking

Corporate debt market in Thailand well positioned for further growth

Brazil, China, South Africa and Thailand are best-placed for corporate debt market growth says Moody’s Investors Service in a report that analyzed trends in 35 emerging markets.

Olivier Languepin

Published

on

Corporate debt markets in Brazil (Ba2 stable), China (A1 stable), South Africa (Baa3 negative) and Thailand (Baa1 positive) are best-placed to achieve further growth in the coming years, Moody’s Investors Service said today in a report that analyzed trends in 35 emerging markets.

(more…)

Continue Reading

Banking

BOT relaxes rules to Curb Strong Baht

the Bank of Thailand (BOT) decided to relax regulations to facilitate capital outflows to help promote capital flow balance and lessen pressure on the baht.

Boris Sullivan

Published

on

The Thai baht has been under pressure due to imbalanced capital flows in the current environment of highly uncertain and volatile external conditions, the Ministry of Finance (MOF) and the Bank of Thailand (BOT) decided to relax regulations to facilitate capital outflows to help promote capital flow balance and lessen pressure on the baht.

(more…)

Continue Reading

Banking

Bank of Thailand cuts rate by 0.25% to 1.25 per cent

The latest cut brings the Bot’s policy rate to an historical low, which the bank maintained from April 2009 to July 2010 during the subprime global financial crisis.

Bahar Karaman

Published

on

​On 6 November 2019, the MPC voted 5 to 2 to reduce the policy rate by 0.25 percentage point from 1.50 to 1.25 percent, effective immediately. Two members voted to maintain the policy rate at 1.50 percent.

(more…)

Continue Reading

Most Read

Upcoming Events

Jan 23

12th World Congress on Alzheimers Disease & Dementia

January 23, 2020 @ 9:00 am - January 24, 2020 @ 5:00 pm BMT
Feb 12

Future Energy Asia

February 12, 2020 - February 14, 2020
BITEC
Bangkok
Feb 19

13th World Congress on Nursing and Health Care

February 19, 2020 @ 9:00 am - February 20, 2020 @ 5:00 pm BMT
Phuket
Phuket city
Mar 11

Food science conferences

March 11, 2020 @ 8:00 am - March 12, 2020 @ 5:00 pm BMT
Mar 11

Food science conferences

March 11, 2020 @ 9:00 am - March 12, 2020 @ 5:00 pm BMT

Press Release

Subscribe via Email

Enter your email address to subscribe and receive notifications of new posts by email.

Join 11,937 other subscribers

Trending