Although transactions are super easy to make these days and bring us a step closer to cashless society, the convenience carry risks. That is because a gap in data transfer may leave the transactions open for cyber-attack at any time. More importantly, this new threat is harming all types of business, especially large corporates, which become the target of attack.
One of major industries that is the key target and faces the highest risk is financial and banking industry. There are many cyber-attack patterns frequently found. First, Distributed Denial of Service Attack (DDoS Attack) attempts to make an online service unavailable by overwhelming it with traffic from multiple sources at the same time in a short period of time. Second, Phishing is a disguise or information change on the web page to cause mislead or damage. Third, Malware installed to steal data and money in the account.
When the data means value, the financial institutions need to invest in digital infrastructure development to enhance the security system.
Let’s see the examples of damage caused to banks by cyber-attack. In 2014, one of the world’s largest financial service providers in banking, investment, and asset management like JPMorgan Chase was under cyber-attack, which stole some parts of data from more than 83 user accounts. This attack was one of the most outrageous intrusion that took the data from US entity. Moreover, it was the largest data theft in the history because the hacker attacked the system to steal the data of account users. From this attack, JPMorgan Chase lost confidence of numerous customers.
In 2013, South Korea was attacked by DarkSeoul Malware so badly that ATM and mobile payment was inoperable. Many banks in South Korea were severely impacted. Their Internet banking servers were blocked, the operating system in some branches suddenly froze after Malware attack, and all files were deleted. In addition, this Malware damaged the broadcast system of television stations.
To deal with the attack that causes inestimable damage, financial entities and institutions must create a clear risk management system and policy. This leads to a new service like cyber insurance, which protects the data security on website and personal server. This market is expected to enjoy growth worth over five billion dollars a year within 2018. In 2020, the value will increase to 7.5 billion dollars a year.
Paul Delbridge, PwC partner, said, “Sustaining credibility in the cyber-risk market is crucial when looking to become a leader in this fast-growing market. If this trust is compromised, and with innovative competitors knocking on the door, it would be extremely difficult to restore brand reputation.” https://letstalkpayments.com/cyber-insurance-the-most-important-type-of-insurance-in-2017/
Currently, most entities allocate more budget to prevent cybercrime, especially data breach, as indicated in 2017 Thales Data Threat Report by Thales e-Security. However, they lack strategic planning and employee capacity building, which will help them to outsmart the attack and prepare them for pre-attack and post-attack period.
Another important mechanism to prevent this new threat is laws and regulations. Europe, as one of the first groups being aware of this, gears toward formulating EU Cybersecurity Strategy and EU Network and Information Security Directive to secure the cyber world. The key objective is to ensure that the government and business sector can use the digital network and infrastructure to confidently and safely provides necessary services for the local and international public and consumers.
Similarly, the United States is not complaisant about this issue. American National Standard Institute (ANSI) defined cybersecurity framework for agents, businesses, and institutes. Adapted to fit each purpose, it will support critical infrastructure. The strengths of this framework include flexibility, repetition, and cost efficiency. This will serve as a guideline for business owners or operators to practically prevent the attack.
Even though Thailand does not formally have laws on this, the Ministry of Digital Economy and Society are considering the draft of Cyber Security Act. This reflects the public sector’s effort to improve the related laws and regulations to prevent the risk in cyber world. Agents directly in charge like the Bank of Thailand need to set the universal safety standard and cooperate with other commercial banks to find the preventive measures against cyber-attack. This will build trust and confidence among the users