Connect with us

Hi, what are you looking for?

HEADLINES

Financial sector and intelligence-driven cybersecurity amidst digital revolution in SEA

Due to various social distancing restrictions, people from across the region now opt to avoid the brick-and-mortar bank branches deemed as a public space where coronavirus may flourish, in turn kicking off the increased use of the physically safer option – e-wallets and mobile payment applications.

Photo by Rodion Kutsaev from Unsplash.com

By Yeo Siang Tiong
General Manager for Southeast Asia at Kaspersky

Among the obvious effects of this pandemic is the rapid rise of online payment services and digital banking across Southeast Asia (SEA). Due to various social distancing restrictions, people from across the region now opt to avoid the brick-and-mortar bank branches deemed as a public space where coronavirus may flourish, in turn kicking off the increased use of the physically safer option – e-wallets and mobile payment applications.

It is, however, far beyond surprising. As early as late 2019, before COVID19’s massive effect across SEA, I’ve read an article which revealed that online financial transactions in the region will be a $1 trillion business by 2025 and the digital wallet segment is set to jump fivefold at $114 billion during the same year. 

I believe these two key sectors will go far beyond these predicted numbers as we try to minimize human contact for the sake of our physical health. In fact, a latest study noted that 40% of consumers in the region admitted to using e-wallets more than ever, Malaysia is leading the way when it comes to this area. On the other hand, cash is slowly being dethroned as king as lesser people use banknotes to purchase or trade goods and services. 

Advertisement. Scroll to continue reading.

Southeast Asia: fertile land for online payments and e-wallets

What makes the region a fertile land for digital banking and online payment systems is the fact that it houses countries with young population — millennials and Gen Z’s who are not used to physically visiting financial buildings, queuing for a long time to fill up forms with pen and paper, like how the generations before them have done. 

Another important factor is that there is still a significant percent of individuals who are unbanked or underbanked, which means those without any bank account or credit statements to begin with. This is particularly true in still emerging countries like Indonesia, Malaysia, Thailand, the Philippines, and Vietnam.

Going back home, here in Singapore, the public and the private sector are also doing an active campaign to improve the online financial literacy of the country’s older population. Several groups are hosting a series of training to drive the 54 and above age group in embracing payment apps and e-wallets. Basing on the recent survey I’ve come across with, the efforts are bearing fruit as the older Singaporeans are now agreeing to use these remote tools and apps to do their monetary transactions.

Financial sector’s digital transformation and growth pains

Advertisement. Scroll to continue reading.

At the center of this digital revolution is trust. Customers are using e-wallets, mobile banking, and web applications driven by necessity. Now more than ever, they need to trust financial institutions to secure their hard-earned and definitely much-needed money.

Digital transformation, of any sector, always present new challenges, especially for banks and for financial services. To put it simply, revolutionizing banks’ way of doing transactions means overhauling their legacy systems including people, process, and technology.

Humans remain the weakest link. Customers, especially those which are not digitally native, lack the proper awareness about the simplest risks like phishing and spam. Internal employees require new training and third-party services should also be assessed comprehensively.

Processes have to be adapted to the digital world. Data required a sophisticated level of encryption, access and data management should be reviewed and given intelligently, additional security also required additional security budget.

When it comes to security, endpoint should be the foundation and banks should have known this by now. Financial services, as they transform and carry more data behind their back, should be looking at adaptive approach in security which should be proactive rather than reactive – ready before an attack happens.

Advertisement. Scroll to continue reading.

Banks and e-wallet providers can pilot their way to the future, intelligently

The future may be foggy as different technologies continue to be developed, AI, 5G, Internet of Things, cryptocurrency, name it. But the past offers concrete lessons the financial sector could learn a lot from. 

The unfortunate answer to the questions why banks and e-payment service providers should take cybersecurity seriously is the $81M Bangladesh Bank Heist which rocked the world in 2016. This incident which started with a spear-phishing email clicked by an unsuspected employee ended up costing a lot of professional, reputational, and financial losses. 

Based on our telemetry, financial phishing is still being used rampantly with our solutions blocking more than 40 million financial-related fraudulent emails just from January to May of this year.

The cybercriminal group responsible for this incident, based on pieces of evidence gathered by our researchers as well as other investigators, is the infamous Lazarus group. It is the same cybercrime group responsible for the Sony Pictures attack in 2014 and even the Wannacry ransomware attack in 2017.

Advertisement. Scroll to continue reading.

Our very own Research and Development Team at Kaspersky which we call GreAT (Global Research and Analysis Team) has been monitoring Lazarus group closely for years. Through this intelligence, we can detect the possible tactics, techniques, and procedures (TTPs) they may use suppose they try to get into an enterprise’s or an organization’s system. We can block them, analyze, and alert the team on which TTPs to look out for based on the previous behavior of this actor. This is how critical threat intelligence is. It can supply enterprises with the essential data needed for you to combat future cyberattacks against your organization. 

At Kaspersky, we deliver threat intelligence in different forms but with one aim — to give enterprises and organizations a 360-degree view of the current threat landscape. For instance, our Threat Data Feeds provides actionable data, saving your IT workforce’s time spent dealing with false flags. We also have Financial Threat Intelligence Reporting which is specifically made for the financial sector, focusing on the threats and tools cybercriminals are using or selling to target banks, payment processing companies, ATMs and POS systems.

Threat intelligence, however, is just one part of a proactive approach to cybersecurity. Again, it’s people, process, and technology. Proper and effective training for all employees should be done regularly. Awareness matters as the biggest cyberattacks usually start with a simple human error.

Given the evolving nature of cyber threats that are expected to become more sophisticated, it is also important that financial institutions have the necessary tools that can help track threats that can evade regular endpoint solutions, even before they hit you. For example, solutions such as Kaspersky Anti-Targeted Attack can help you pre-empt what is out there and how it can affect you before such an attack commences. 

We are at the middle of a digital revolution and the use of online payment gateways and e-wallets are certainly here to stay and even increase. While it is a huge responsibility for banks and financial service providers to secure their virtual systems, I am certain they can pilot their way to the future as long as they build their cyber defenses intelligently.

Advertisement. Scroll to continue reading.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement