Confronting The Emerging Risks to Banking and Financial Services in Asia
BY
Kaustuv Ghosh, CEO, Nxtgen Payment Infra / Matthew Lamons, CEO, The Intelligent Factory
Emerging Risks to Banking in a Strategic Region
The digital age has transformed the banking sector, bringing both unprecedented convenience and equally unprecedented risks. As financial institutions increasingly rely on technology to manage transactions, store data, and engage with customers, they also become prime targets for cyberattacks. Recent high-profile incidents, such as the ransomware attack on Evolve Bank & Trust by the Russian hacker group LockBit, underscore the growing sophistication and frequency of these threats.
It is natural for payment infrastructure services and providers of advanced AI-based cybersecurity providers to align and help secure the transactional economy. If Belgium is known as the cockpit of Europe, ASEAN occupies the same position in the APAC region. It has a GDP of $3.6 Trillion(2022 estimates, last available in January 2024) and a population in excess of 670 Million. It straddles a key part of the world, sitting between India, China and Australia. The Northernmost part of ASEAN is very close to the Nicobar Islands of India while the Southernmost part is not far away from Australia’s Northern Territory and shares the same landmass with the country of Papua New Guinea. The Straits of Malacca is a major shipping channel. The eyes of the world are upon this region. Against this backdrop, it is not surprising that cyber-attacks and cyber espionage constitute a particular concern for governments, industry and people. In this piece, however, we look only at the specific issue of cyber attacks on banking and financial services.
The Synapse Incident: A Wake-Up Call
The attack on Evolve Bank & Trust, which serves numerous high-profile fintech partners including Mercury, Stripe, and Affirm, has been a stark reminder of the vulnerabilities that even the most advanced financial institutions face. The hackers claimed to have exfiltrated 33 terabytes of sensitive data, including end user Personally Identifiable Information (PII) such as Social Security Numbers, card Primary Account Numbers (PANs), wire transfer details, and settlement files. The breach not only exposed critical data but also highlighted significant deficiencies in Evolve's IT security practices, which had already attracted regulatory scrutiny from the Federal Reserve Board.
This incident, coupled with the collapse of Synapse, a once-prominent fintech partner of Evolve, serves as a potent illustration of the cascading risks that can ensue from a single security failure. As banks and their fintech partners are intricately linked, a breach in one entity can reverberate across the entire ecosystem, compromising the integrity and trust upon which financial services depend.
The Rise of Real-Time Payments and Open Banking: A Double-Edged Sword
The advent of real-time payments and open banking has revolutionized the financial landscape, offering consumers faster and more flexible access to financial services. However, these advancements also introduce new vectors for cyber threats:
The Consent Framework in Open Banking and Attendant Risks
A consent framework is key to Open Banking being truly what it is called. The interplay between third party service providers, banks and account holders is central to Open Banking. The implications go much deeper than just the transaction itself. A robust framework in practice means that consumers will be able to access multiple service brands from one app, including one bank service app or fintech app. In addition, merchants and service providers will no longer need to go looking for time-consuming tie-ups with multiple banks. APIs will be sufficient for all players within a permitted band of activities and compliance checklists to access a large, universal base of users. The risk intensity is particular when a consumer seeks to use a third party provider and that provider approaches the consumer’s bank for data. This is where particularly sophisticated levels of fraud can play out. It is possible for the permissioning process between the bank and the consumer to be strong and secure. But there needs to be place a process-and tools-that are always able to sense if a third player is a bad actor. Further, it is also possible that another party may be able to take over a session and capture data for it’s own purposes.
Emerging Online Risks to Financial Institutions
The Evolve Bank & Trust incident is just one example in a broader landscape of emerging online risks facing financial institutions. Some of the most pressing threats include:
How AI is Transforming Cybersecurity for Financial Institutions
To combat these sophisticated threats, financial institutions are increasingly turning to Artificial Intelligence (AI) and Machine Learning (ML). These technologies offer several advantages in enhancing cybersecurity:
Practical Applications of AI in Financial Cybersecurity
AI-driven cybersecurity solutions are already being implemented across the financial sector, providing tangible benefits:
The Role of Thresher and Derive in Enhancing Financial Cybersecurity
At The Intelligence Factory, we have developed advanced solutions like Thresher and Derive to address the unique cybersecurity challenges faced by financial institutions. Thresher leverages AI to provide real-time threat detection, historical trend analysis, and comprehensive compliance reporting. By analyzing log files and monitoring user behavior, Thresher can identify and respond to threats quickly and effectively.
Derive complements Thresher by offering a holistic view of the enterprise's operations through immersive 3D visualizations and dynamic simulations. This combination enables financial institutions to visualize potential threats, simulate various scenarios, and make informed decisions to enhance their security posture.
Conclusion
The digital transformation of the banking sector brings with it a host of new cybersecurity challenges. However, by leveraging the power of AI and advanced analytics, financial institutions can stay one step ahead of cybercriminals. The recent ransomware attack on Evolve Bank & Trust serves as a stark reminder of the importance of robust cybersecurity measures.
The Intelligence Factory and Nxtgen Payment Infra are committed to working with financial institutions in the Asia region to navigate this complex landscape. Intelligent Factory’s AI-driven solutions, Thresher and Derive, provide the tools needed to detect, prevent, and respond to cyber threats effectively. The financial service infrastructure designed and built by Nxtgen Payment Infra to your needs will integrate Thresher and Derive to provide you the assurances of running safe services In the future. We seek to ensure that financial institutions can safeguard their digital assets, maintain regulatory compliance, and build trust with their customers.
In an era where cyber threats are continually evolving, proactive and intelligent cybersecurity solutions are not just an option—they are a necessity. Fortifying your defenses and ensuring the security and integrity of your financial operations are key to a resilient economy and society.
As the threats to banking and financial services grow and become more complex and sophisticated, we are here to work with you to address these. Matthew Lamons