How to prevent cyber financial breaches
Living in a more digital world, the importance of safeguarding sensitive data against cybercrime, especially financial data, is critical for any business or financial institution. Just last December, companies such as Wells Fargo, RBC Capital, and RBS Securities were just some of the firms fined a total of US$14.4 million by the US Financial Industry Regulatory Authority (Finra) for failing to protect customer records against possible third party alterations.
Earlier last year, several hackers issued Swift messages intended to steal US$951 million from the central bank of Bangladesh. Despite the Federal Reserve Bank of New York blocking transactions worth US$850 million, around US$101 million worth of funds were illegally transferred to bank accounts located in Sri Lanka and the Philippines. Since then only US$31 million of the original US$101 million has been recovered.
In an attempt to prevent future payments fraud, a white paper from Swift last month suggested that back-offices should have a robust reconciliation process. “One area which is frequently overlooked is the need to examine message confirmations and end-of-day statements,” states the Swift white paper.
“Payment confirmations should be generated whenever a transaction is made. Checking that these confirmations reflect the relevant transactions is a simple process, which can help banks to avoid the risk of falling victim to fraud. Similarly, end-of-day statements should be checked for discrepancies,” according to the white paper.
Moreover, financial institutions are encouraged to recheck the payment information from counterparties to ensure that payment instructions are consistent. “It is good practice to check that the messages match the transaction which has been made, but in practice some banks do not perform this additional check. Some banks may simply assume that the information provided by their correspondents is accurate,” notes Swift.
Aside from financial institutions, companies themselves also need to be vigilant in protecting their financial information. According to EY’s Global Information Security Survey 2016-17, 45% of participants felt their organization was vulnerable to cyber-attacks aimed at stealing financial information. In addition, the survey reveals that 86% believe that their cyber security function does not fully meet the needs of their respective organization.
Although there is clearly a demand for cyber security measures, organizations still face obstacles. Some of these top challenges include budget constraints (61%) and lack of skilled resources (51%). In terms of prevention, EY recommends that companies take a holistic approach when looking at cyber threats and share information about any risky activities. “Sharing information about the risk and threat landscape of all the business functions allows the organization to understand their broader risk landscape and expose any security gaps,” explains the EY report.
6 Jan 2017