Information and communications technology security represents a fundamental pillar in today’s banking environment, as banks deal with issues such as identity theft, account fraud, hacking, phishing and a slew of other malicious internal and external criminal threats.
Banks have to be on the ball when it comes to protecting corporate networks and data, their clients and their clients’ personal information and assets. In addition, risk management and compliance must continuously be top of mind as they resound through and affect all aspects of banking security. How is the local banking fraternity treating these security threats? Are they allocating enough of their technology budget to put in place a more secure banking environment?
Centralising security at enterprise level
PLAYERS in the local banking and financial industry have yet to seriously invest in information security in a cohesive manner to ensure that their business is safeguarded against threats brought on by the convergence of information and communications technology.
According to Financial Insights’ senior research analyst Abhishek
Kumar, Malaysia, like many other countries in the Asia-Pacific, is not spending enough on IT security.
“Over the years, many Malaysian financial institutions have lacked a cohesive IT security strategy. As a result, many chief security officers have to manage multiple security applications, firewalls and monitoring systems across the numerous departments in their organisation. The simple task of updating, patching and maintaining these systems in order to ensure their effectiveness can be exhausting and very time- and resource-consuming.
“Expenditure at the moment is driven by new regulations on Internet banking security such as dual factor
authentication. Other than this, banks are investing in upgrading their network security and hiring know-ledgeable and competent IT security staff. IT security is too reactive and not proactive in that institutions wait for a breach or security incident to occur
before they invest the necessary funds.”
Kumar shared that in a Financial Insights IT security study carried out last year covering 19 major banks across seven countries in the Asia-
Pacific, it was found that Malaysian IT security expenditure (approximately five to six per cent of total IT spending) was almost half of the average IT security spending in the region (approximately 10 per cent of total IT spending).
In the study, chief security officers said they did not expect security budgets to significantly increase in the near future, citing difficulty in justifying security investments to the upper management.
“Malaysian banks should definitely focus on a centralised security infrastructure on an enterprise-wide level. Such an infrastructure will allow financial institutions to effectively and efficiently react to security incidents. Managing and maintaining security systems will also be significantly easier as a result. Now is a good time to consider such a change, especially since banks are making upgrades and changes to their core banking systems and other such major overhauls,” Kumar said.
Meanwhile, Frost & Sullivan’s Asia-Pacific smartcard and auto ID group industry manager Jafizwaty Ishahak said despite being among the first to migrate to chip-based/smartcards for all banking cards in Asia in 2004, thus reducing actual card present fraud rates in the country, Malaysia is still facing other threats from the back-end.
“Malaysian banking and financial institutions need to increase the level of security, both physical and logical security. Education and awareness, too, needs to be undertaken both internally and externally to the public. They need to be one step ahead of the fraudsters because the fraudsters are very innovative and aggressive.”
————————————————————————-
Keeping security costs in check
LOCAL banking and financial institutions must balance the cost of security counter-measures against the cost of security in the organisation, said Deputy Finance Minister II Datuk Dr Awang Adek Hussin.
According to him, the impact of breaches is not only felt by banking and financial institutions, but also can result in a ripple effect that can lead to a systemic reach which can affect market confidence and the image of the country among the international community.
“Although technology revolution in financial services promises better decision-making, shorter cycle time and increased productivity and efficiency, it has at the same time created a new computing paradigm. In this new environment where there is a constant need to connect to the Internet, organisations are exposed to a whole new set of security threats either from the Internet or external to the organisation.”
While banking and financial institutions are facing other issues such as mergers, faster turnaround time of new products, increasing cost of doing business, lowering profit margins and global competition, senior management must not be distracted from the importance of implementing information security.
“The complexities of IT increase by the day and dramatically amplify the challenge to satisfactorily maintain an information security system. The cost is high, but the cost of breaches is also exorbitant that companies can be exposed not only to financial losses but also to compliance, legal and reputation breach,” Awang said.
Awang had earlier delivered a keynote address and officially opened the International Conference on Information Security Convergence in Banking and Financial Institutions, which was organised by Institut Sultan Iskandar, Universiti Teknologi Malaysia and Worldwide Corporate Resources Sdn Bhd.
(Source: NST)