Fortinet, a global leader in high performance cyber security solutions, recently invited the Rizal Commercial Banking Corporation to its ‘Security 361°: Secure Critical Business Assets Inside Out Symposium’ at the SM Aura, Taguig City to provide an overview on the rising cyber challenges in the financial services industry.
Banking and financial institutions are exposed to cyber attacks that can compromise both their customers’ trust and their financial stability. In fact, the Department of National Defense (DND) noted that this sector is one of the industries that are vulnerable to cyberattacks, along with the utilities industry. The same goes with the United States, where a report by the Financial Stability Oversight Council emphasized that cyberattacks remain a growing threat in the U.S. financial system.
According to Mark William Despi, head of RCBC’s IT Infrastructure Security office, financial services institutions already face security challenges that include evolving industry, national and international regulatory compliance requirements and reliance on third-party vendors for critical banking functions. However, he noted that new security breaches may surface if these challenges are not addressed immediately.
“Financial organizations have to defend themselves against cyberattacks to protect its data and the data of its customers,” Despi said. “Some of the most common cyber threats that the financial industry faces today are the existence of advanced persistent threats (APTs), and Distributed Denial of Service (DDoS)—all of which are may only be addressed through sophisticated layers of protection.”
In an APT attack, an unauthorized person gains access to a network and stays there for a long period of time. The primary intent for this form of hacking is to steal data rather than cause damage to an organization or its systems and usually targets sectors with high-value information such as the banking and financial sector.
Meanwhile, in a DDoS attack, a botnet is commanded to flood bank servers with overwhelming number of alerts or requests through several thousand ‘zombie’ computers. When this happens, the bank’s server will go down due to heavy traffic volume.
“Banking institutions need to adapt to current requirements of data security to protect customers from cyberattacks. How do we do that? RCBC latches its security on the ‘defense in depth’ principle, which involves a number of mutually reinforcing security layers to potentially slow down—if not prevent—the progression of attacks,” Despi explained.
He added, “While a firewall may block a cyber attack, it will only protect one part of the company. But with an in-depth defense system in place, you can have multiple methods cooperating and providing many layers of protection.”
Despi further explains that cybersecurity should be a collaboration between financial services firms and cybersecurity solution providers to address common enemies.
“This is why we engaged in a strategic partnership with Fortinet. While we do our best to keep abreast of the development in technologies, we also need the help of major security vendors like Fortinet. They have a local presence in the Philippines that CEOs can trust—even top banks and insurance companies rely on Fortinet’s technologies,” Despi said.
Despi concluded, “As a member of the banking industry, we have to get the best security technologies and anti-fraud systems. Even with the most robust security infrastructure, however, the weak human link still exists. That's why we will continue to educate users on security best practices, and encourage them to use automated systems as far as possible to secure their data.”