Banks urged to boost guards vs cyber threats
BANKS MUST NOT let their guards down despite beefing up their cybersecurity measures as attacks get increasingly sophisticated, internet security firm Kaspersky said.
“They’ve (Philippine banks) tried to build up security operations but this is never enough because they (attackers) are always trying to catch up,” Kaspersky Southeast Asia General Manager Yeo Siang Tiong said in an online briefing on Tuesday.
“Every bank in this industry and every bank around the world can be a target even if they invested a lot of money [in cybersecurity]. They can be breached and become a victim to sophisticated threats,” said Seongsu Park, security researcher at Kaspersky.
The Bangko Sentral ng Pilipinas (BSP) said it received some 20,000 customer complaints last year. BSP Governor Benjamin E. Diokno said most cases were about unauthorized or fraudulent transactions by scammers.
Emerging trends in cybersecurity attacks go beyond Windows software and utilize mobile implants, supply chains, and exploit internet facing network devices, Mr. Park said.
“It is important that they (banks) seek help and not just try to do it by themselves. They need to have a basic level of defense which is intelligence driven and not just the first generation software most of them have,” Mr. Yeo said.
He added that it is also important for financial institutions to update their consumers on how culprits are changing their attack schemes.
Mr. Park said the global cyber threat landscape in 2020 mostly targeted governments, banks and financial institutions. He also noted that COVID-19 has been used by hackers for scams and social engineering schemes.
With the BSP looking to finalize an open finance framework that will allow customer-permissioned sharing of data among financial institutions, Mr. Yeo said regulators will play a vital role in ensuring cybersecurity while achieving the good intentions of the framework.
“Usually the regulatory agency will play a central role in defining the exchange of the data. This is important to make sure that APIs (application programming interface) and data are not open to breaches,” Mr. Yeo said. — LWTN