For a number of years now, financial institutions have been embracing digital but some customer demographics have been resistant to change. The pandemic has led many more customers, including those who were traditionally wary, to embrace digital out of necessity during lockdown or self-isolation. A recent survey of regulators around the world had 60% reporting strong increases in the use of digital payments and remittances and 20% reporting strong increases in the use of digital banking services and digital savings platforms. COVID-19 has forced a rapid acceleration of a trend that would ordinarily have taken many years to reach this point.
While this may be good news for institutions looking to drive down costs, and good news for customers who learn to embrace the benefits that digital channels can bring, it also comes with a potential threat. Cybercriminals are also aware of the shift and are keen to exploit the opportunities that digital channels can bring for the unwary. These attacks can take many forms from simple phishing emails seeking to exploit confusion about COVID-19 in an attempt to uncover login details, to more sophisticated impersonation fraud, to ransomware attacks.
Against that backdrop, what should institutions be thinking about to counter this threat? Some key steps include:
- Consumer and employee education: What steps can you take either alone or on an industry basis to keep consumers and employees educated about the latest scams and help them protect themselves and the organization?
- Fraud prevention: Are your fraud controls sufficient to mitigate fraud? Is the balance between fraud prevention and frictionless customer experience set right? Is management information monitored to alert you to the need for possible changes at an early stage?
- Be prepared: Make sure you have a robust cybersecurity incident plan so you know how to respond. And test that plan in a fully-remote working environment. Do you for example know who needs to be involved in the response and who to contact in law enforcement and at regulators? Does your plan reflect the latest U.S. government advisories on the financial crime implications that could apply if you choose to make a ransomware payment to end an attack?
- Focus on the future: Don’t just focus on being good at the things you’re currently aware of. Be aware that your adversary is working on new ways to attack and try to stay a step ahead. Any new innovations bring about new threats and risks, so seek to understand and monitor those risks.
- Consider the weak links: As the financial ecosystem becomes more collaborative and interdependent, bad actors will look for the weakest link. This may be a less mature startup who may have prioritised getting up and running over the state of the art security. Consider whether there are any such weaknesses in your supply chain and broader ecosystem and what impact that could have on you if they were compromised. What mitigants could be put in place to limit the impact?
Whatever the risks that exist for a particular business, it is unfortunately increasingly a case of “when” not “if” an incident will occur. Taking some practical steps now will help businesses counter the increasing risks that exist in the digital world.
Authored by Jonathan Chertkow and Peter Marta.
