APAC Banks Say No To Suppliers Who Fail Cybersecurity Audits

by CXOtoday News Desk    May 12, 2017


Banks around the world face threats from phishing, malware and penetration attacks each day. It experiences the highest number of serious cyber breaches than any other sector. Banks also has certain clientele which do even have proper cybersecurity audits in place and this heightens the cyber-threat vulnerabilities of banks further.  

According to a recent poll by data analytics company FICO, banks across the Asia Pacific region will stop doing business with suppliers that fail cybersecurity audits. Three in four senior fraud managers surveyed said that they would be concerned enough to stop working with a partner, while another 16 percent said they were not sure if they would continue working with them. Only 8 percent of fraud managers said they would definitely continue doing business. While the auditing of business partners and their security capabilities is a relatively new practise, four in ten respondentsconfirmed they were already actively engaged in the process.

“We expect cybersecurity audits to become commonplace in 2017,” said Dan McConaghy, president for FICO Asia-Pacific. “High profile fraud cases, such as the Bangladesh Bank heist where US$81 million was stolen, illustrate the importance of banks running audits on their own networks as well as those of their partners. However, due to the complex ecosystem of relationships with other businesses that banks have we are seeing the audit tools evolve. While formal audits remain important, they can be lengthy, intrusive, and expensive. They also only offer a snapshot of the cybersecurity picture for a moment in time. We are seeing a need for monitoring tools that allow for ongoing assessment between these audits to strengthen the IT ecosystem and make a substantial impact on the cyber breach problem.”

“The score was created by analysing networks that have been victimized by a cyber-attack,” explained McConaghy.“This allows FICO to understand the conditions and behaviours that are precursors to impactful security events. Company networks can then be measured against the indicators that are most predictive of an increase to the likelihood of a material data breach.”

FICO’s poll revealed that bankers nominated large retailers as the greatest data breach risk (84 percent) in 2017, with telecommunications companies ranking second (70 percent). These numbers were up significantly on last year’s poll, showing some consensus on which industries remain the largest targets for cybercriminals.

E-commerce has created low hanging fruit in the form of vast stores of unprotected sensitive personal data that can be used to steal identities,” explained McConaghy. “In Asia Pacific the problem is compounded by the huge growth in sales, poorly protected companies and a lack of disclosure.”

Respondents to the survey were anxious to prevent cybercrime at their banking institutions, with 65 percent saying that it will be their key focus in 2017. The biggest obstacle identified by the fraud executives in fighting cybercrime was that siloed operations prevented the flow of information and worked against a coordinated response. Nearly half of respondents identified cybercrime as having the largest potential financial impact on their organisations, and said they had already increased their cybersecurity budget at least 10 to 25 percent over the last 12 months.

“APAC banks want to ensure that the digital economy will continue to thrive,” said McConaghy.FICO is bringing its proven self-learning analytics from payment card security over to protect the enterprise from unknown breaches in real time. In addition to protecting themselves, we’ll see more banks initiate cybersecurity audits, and as they become more selective avoiding to do business with vendors and suppliers that return ‘fail scores’ on cybersecurity.”

The survey was conducted at the annual FICO Asia Pacific Fraud Forum, where total of 37 executives from financial institutions across the region participated in the survey.