The rapid growth of technology worldwide has made it extremely crucial for businesses of today to embrace the tidal-wave of digital transformation to swiftly respond to emerging customer demands. One way of responding to such demands and providing digital business experience to customers is through the development and enhancement of technologically innovative products and services. Not only is digitisation advantageous to businesses, but the interconnected digital environment is also posing serious threats to them.
The integration of business systems is creating opportunities for potential perpetrators to instigate cyber-attacks, and thus exposes businesses to various cybersecurity issues. These issues are increasingly becoming of great worry and concern to individuals, businesses and governments around the globe.
Having been found to be the target of most cyber-attackers, retail and commercial banks need to pay more attention to this global phenomenon in order to control the rising cost associated with security breaches within the banking industry. Today’s retail and commercial banks are more reliant than ever on technology, and deploying public-facing electronic products and services.
These digital products and services are strategic enablers for business process automations, and lead to electronic data interchange between the banks and partner entities such as telecommunication companies, fintechs and other financial institutions. The result of these interconnections and complexities is the increase in operational and technology failures with potential exposure to cyber frauds.
No wonder various central banks globally, in a bid to minimise the high incidence of cyber-fraud within the industry, are working from a policy perspective and employing regulatory approaches to enhance cybersecurity frameworks of financial institutions. Cyber security has thus become a key strategic priority for today’s digital businesses, especially the financial institutions – regardless of size, structure or sector.
It is noteworthy that cybercriminals are driven by a myriad of motivations – monetary and financial gains, industrial espionage, and intellectual challenge among others. These criminals are employing all possible means and available tools to achieve their objectives. Therefore, businesses need to ensure their cybersecurity readiness in order to mitigate cybercrimes. With the rising threat of these crimes and the increasing sophistication of cyber-attacks, banks are heavily investing in world-class cybersecurity solutions and technologies.
It is a false impression, however, that cybersecurity issues and associated investments are all about technology. The truth is that cybersecurity issues are not just information technology problems, but also business-risks likely to result in serious loss of profits – or even bankruptcy. As long as human factors are essential contingencies to a successful risk management plan, the relative importance of people in creating a secure, robust and resilient cybersecurity environment cannot be overemphasised. This is not to depreciate the importance of information technology in controlling cybercrime.
In reality, information technology plays a central role in preventing unauthorised access to critical information assets such as data, networking devices, servers, computers and other peripherals. Nonetheless, with the seemingly remarkable deployment of technical controls to protect and automatically respond to cyber-attacks, businesses still feel more exposed to these attacks than ever.
This can be attributed to the human element, generally perceived as a key contributory factor in cybersecurity incidents. It is worth noting that these human factors may not necessarily be deliberate actions, but can be inadvertent errors and mistakes. It is against this background that the following realities have been highlighted:
- Combatting cybercrime requires a collective and collaborative effort. For instance, due to the potential effects of cybercrime across financial institutions, banks cannot rely solely on their internal capabilities to combat such crimes. As a matter of fact, cybersecurity is a shared responsibility and not the preserve of selected professionals, a group of employees in an organisation or specific banks within an economy.
- Investments in world-class technical protection mechanisms alone do not guarantee complete safety. This is because, technical controls may be used to restrict user-accesses but cannot be used to change people’s perceptions, understanding and consciousness regarding rules of behaviour within a cyberspace.
- Cybersecurity involves a continuous process and not just a one-time deployment of technological solutions. It is therefore not feasible to achieve a 100% cybersecurity because cyber-threats are evolving, and the present defense mechanisms may fail to withstand future threats and attack techniques.
In view of these realities, employees are generally considered as the first line of defence against cyber-attacks. Judging from this, their actions and inactions become crucial to promoting cybersecurity. As a result, retail and commercial banks need to conduct criminal background-checks for every potential employee. Thus, it is recommended for organisations to complement cybersecurity technologies with alternative defence methods.
One such alternative is consideration of human factors in the formulation, establishment and implementation of cybersecurity strategies. This can be achieved with the creation of a resilient digital culture through continuous security-awareness programmes, trainings and education in order to reduce the risk of financial loss, reputational damage and loss of trust. With this said, the least expected of employees in contributing to and promoting a safe and secure cyber environment is to comply with basic cybersecurity measures, which are not necessarily limited to the following:
- Adopt good password practices – choosing strong passwords that cannot easily be guessed by third parties; using different passwords for different accounts; regularly changing passwords, and avoiding password-sharing.
- Avoid visiting and downloading from untrusted websites. These sites mainly host malwares (viruses) designed to automatically compromise electronic devices, and thus expose users to various attacks.
- Avoid clicking on pop-up advertisements and suspicious links in e-mails. This may give access to users’ personal information or redirection to fake versions of legitimate websites for data theft. More importantly, users need to recognise phishing, spam or unsolicited e-mails and avoid responding to them.
- Maintain updated threat mitigation tools, such as antivirus software, and regularly scan electronic devices for viruses.
- Carefully and critically read end-user agreements, mostly during software installations. These agreements often highlight information that can expose an electronic device to security risks and put a user’s privacy at risk.
Having firmly established that the human factor is critical to strengthening a safe and secure cyber environment, it is essential for enterprises – particularly financial institutions – to strike a balance between technology and human factors in promoting cyber security, and to ensure privacy and compliance in today’s digital ecosystem.
The writer is an ICT Management Professional
Disclaimer: The opinions expressed in this article are the writer’s own and do not reflect the view of any organisation(s) the writer may be affiliated to.