9 minute read
Double Edged Sword and Shield
from October 2022
by MEA Business
Customer data can be a map helping banks navigate toward success and a potential vulnerability to material and reputational loss if not protected, so regional banks are gearing-up to ensure they are fully shielded
The financial services sector is in the midst of a profound digital transformation journey and banks in the Middle East are preparing for the next major phase of digitalisation as custom er experience is emerging as the new point of sale. McKinsey said that the shift to digital banking has happened quickly and is being accelerated by existing trends such as the increased use of digital channels for diverse transactions that have intensified over the last two years.
Advertisement
The outbreak of the pandemic created unique opportunities in the financial service sector by accelerating and strengthening the transition towards digital banking at unprecedented speeds, but it also created some exceptional challenges for the industry including cyberattacks.
The FS-ISAC, an industry group dedicated to reducing cyberattacks in the financial services sector, warned in March that banks should expect more or even worse cyber threats this year as statebacked hacking campaigns are expected to mirror geopolitical tensions amid Russia’s war in Ukraine.
The banking group also cautioned that ransomware gangs are retooling to dodge increased scrutiny after an unrelenting year of fighting off cyber threats in 2021. Cybercriminal activities which include fraud, e-commerce data seizure and phishing attacks have increased as banks in the Middle East swing to digital-only models amid new models of operations such as remote working.
However, it is imperative for financial institutions to respect customers’ privacy and secure their data, which in turn can build trust.
Customer data is the linchpin behind digital transformation in the banking sector and financial institutions are responsible for managing the data they collect. Big data is key to bankers. It is the manual that helps them meet customers’ preferences and expectations as well as
explore new avenues of growth or new business models.
Leveraging customer data
The unprecedented global adoption of digital banking services in the past two years widened financial institutions’ data collection and storage tools and as such, banks have amassed troves of consumer data and mines more every day.
Financial institutions are increasingly collecting significant amounts of data as technological innovations have reshaped customer expectations and banks in the Middle East need to understand the clear shift that has happened in customer behaviour.
Data plays a critical role in product development, product management and ultimately enhancing customer experience. McKinsey said that the rapid advancements in financial technologies, the recognized value of data and increasing data literacy are changing what it means to be “data-driven.”
Banks should cultivate the mythical 360-degree view of clients—one that accounts for their current value as well as their potential lifetime value to stay competitive in an overbanked market.
Given how the financial services sector is generally ahead of the curve when it comes to possessing insight into customer expectations and requirements, the ability to spot and iron out any glitches is key to making self-service banking effortless and avoiding reputational damage.
Data’s worth depends on its accessibility and application as customer insight plays a critical role in product development and customer communication in the banking sector. “The cloud is the only place where customer data gains scale, agility, and the power to drive reinvention so a business can soar,” said Accenture.
The use of cloud computing has been an enabler of advanced analytics, as these computer system resources provide a space to both store and analyse large quantities of data in a scalable way, including through easy connectivity to mobile applications used by customers.
Cloud technology such as the software as a service (saas) model offers financial institutions myriad opportunities including easier customer data analytics and sharing, improved marketing time, cost reduction and enhanced flexibility and operational efficiency.
Data is the new gold. Managing data proficiently can also boost banks’ security systems through the detection of fraud signals and analyzing them in real-time using
artificial intelligence (AI) and machine learning (ML) to flag suspicious activities before they corrupt the entire banking system. both customers and financial institutions to deliberate cyberattacks, inadvertent security lapses and vulnerabilities of a relatively immature and unregulated global internet.
KPMG stated that the proliferation of digital channels following the outbreak of the pandemic has also led to increased cyber risk exposure. Cybercrime and malicious hacking cases have intensified since the outbreak of the pandemic.
Global financial institutions are finding
– S&P Global
Data & privacy concerns
C-suite executives in financial institutions faced a challenging and dynamic environment prior to the outbreak of the pandemic as they sought to protect their institutions from cyberattacks, without upending their ability to innovate and extract value from technology investments.
The coronavirus crisis accelerated some of the transformative forces that were already well underway in the Middle East as banks are implementing new digital features including fully digitalising account opening, Know Your Customer (KYC) as well as verification and digital payments.
However, it is worth noting that just like any other financial service or department, digital banking and contactless payments expose themselves a step behind as their existing approaches to combat cybercrime cannot adequately handle the many threats and burdens they encounter. Cyberattacks are getting more sophisticated by the day. The evolution of fraud and financial crime moves in tandem with the developments in the domains they plunder.
According to IBM, banks can reduce their risk assessment with a digital transformation built on the cloud environment that offers financial institutions unprecedented agility and protection in reducing cyber risk.
Cybercriminals have become more imaginative and infusing information security into an institution’s infrastructure safeguards data and assets. It also supports stabilise banking regulations and compliance program activity. Hackers are using AI, ML and other innovative technologies to unleash increasingly sophisticated cyberattacks
McKinsey said that the stereotypical hacker working alone is no longer the main threat, but cyber attacking has evolved into a multibillion-dollar enterprise, complete with institutional hierarchies and research and development budgets. Considering these developments, financial institutions in the Middle East should leverage new technologies and constantly change their operating models to obtain a holistic view of the evolving landscape of financial crime.
Similarly, with digitalisation at the core of the Middle East economic recovery strategy and retailers’ shift to costeffective models, the use of e-commerce has become paramount. KPMG said that customers are spending on average 10 to 30% more online with e-commerce consumer sales jumping 28% at the height of the pandemic.
Staying ahead of the curve
Data security has always been a neverending race, but the rate of change has accelerated in the last two years. As financial institutions are boosting their investments in new financial technologies to enhance customer experience and generate value, new vulnerabilities are emerging.
Industry analysts say mitigating the cyber risks of on-demand access to ubiquitous data requires four cybersecurity capabilities including zero-trust capabilities, behavioural analytics, elastic log monitoring and homomorphic encryption.
A zero-trust architecture (ZTA) shifts the focus of cyber defence away from the static perimeters around physical networks and toward customers, assets and resources, thus mitigating risks such as ransomware attacks from decentralised data.
Bankers have increasingly become a key vulnerability for financial institutions as businesses have accelerated the approval of new technologies and processes to cope with the new working model in the ‘new normal’. Behavioural analytics solutions support banks by monitoring attributes such as access requests or the health of devices and establishing a baseline to identify anomalous intentional or unintentional user behaviour.
Meanwhile, the elastic log monitoring solution is based on several open-source platforms that allow financial institutions to pull log data from anywhere in the organisation into a single location and then search, analyse and visualise the data in real-time.
Banks in the Middle East must bolster their cybersecurity capabilities with technical and operational changes as sophistication, frequency and range of ransomware attacks increase. The increase and sophistication of cyber-criminal activities also call for both customers and financial services providers to consider the cybersecurity protocols of their suppliers and other third parties.
Cybercriminals are adopting the latest technological innovations and are forever changing techniques to make attacks more effective, faster and adaptable to current safety measures. Globally, banks that effectively leverage their digital assets, strengthen their cyber resilience and manage third-party risks are poised to reap the benefits of increased revenue streams, regulatory compliance as well as enhanced operational efficiency.
Middle East trends
Significant amounts of data are being generated as regional governments and corporates—especially banks and the retail industry—swing more towards digitalised economies. Technological innovations bring great opportunities, but also create a breeding ground for potential security breaches and potentially devastating cyberattacks.
Though cyber risks are a growing threat to the operations and credit profiles of financial institutions, there have not been any major interruptions to the operations of banks in the Middle East. “GCC banks laid the foundation for success over several years by investing in infrastructure and systems, including equipment and software, to minimize their exposure to cyber risk, while also benefiting from supportive regulatory frameworks and cyber risk requirements,” said S&P Global.
Dubai’s Mashreq Bank joined forces with Israeli technology firm ThetaRay to roll out AI-driven solutions to help the Emirati lender detect financial cyber threats such as money laundering or fraud during cross-border payment transfers so that customers can act against suspicious transactions. Last November, Mashreq was hit with a $100 million fine by US regulators for violating American sanctions.
Saudi Arabia and the UAE are revered in the region for their extraordinarily strong regulatory compliance requirements across all businesses, which further acknowledges data as a key asset and reinforces their commitment to ensuring that cybersecurity is not only the best in the region but globally.
GCC central banks have in place regulatory frameworks and requirements centred on cyber security. Saudi Central Bank issued its cyber security framework in 2017, the Central Bank of Qatar published a circular outlining cybersecurity regulatory requirement in 2018 and the UAE central bank established a networking and cyber security operations centre to better protect the local financial system against cyberattacks last year.
The Dubai Financial Services Authority (DFSA) also launched the DFSA Cyber Threat Intelligence Platform which offers enriched cyber threat intelligence information to users and financial institutions in 2019. Mastercard became the latest financial services provider to join the platform last December. The platform allows companies to share information about current cyber threats to stay ahead of cybercriminals.
Banks are modernising every facet of their operations in an era of dizzying technological innovation while working on becoming more trusted by their customers. The relentless rate of change in the operating environment calls for progressive institutions to recognise that cybersecurity and data security is not merely a ‘technology problem’ but a wider business challenge that requires ownership and strategic development.
