Table of Contents
It’s all hands-on deck for ADIs in the war against cybersecurity
From shareholder-governed big banks to Mutual ADIs and Credit Unions, the financial services industry has survived several crises in the past. Right now, however, it faces its biggest challenge yet—rampant cybercrime.
In the face of brazen attempts at undermining financial institutions’ security efforts, ADIs will need to work harder than ever to protect their member’s investments and, most importantly, trust.
If there’s one thing all industry leaders can agree on, it’s that strengthening their security posture is an immediate focus. To this end, devoting adequate resources, whether internal or through strategic partnerships, will be key. Leadership will largely pave the way in the battle against cybercrime, but every single individual has a role to play. Additionally, with cybercriminals looking for the smallest of vulnerabilities in an organisation’s cyber defence, ADIs will also need to ensure that there are no chinks in the armour when it comes to the wider ecosystem of suppliers and cloud-based applications.
Continuing to drive strong member outcomes in an increasingly digital world will require a cybersecurity strategy that is not only technically sound but also accounts for the ‘human’ element of cybercrime.
The three pillars of cybersecurity responsibility
At our recent industry roundtable on securing the future of mutual ADIs, leaders and decision-makers from across the sector agreed that cybersecurity was a top priority that needed to be treated as a shared, company-wide responsibility. These are the three pillars of cybersecurity responsibility as the industry sees it.
1. Leadership: Setting the tone for organisational security
While accelerated digital transformation thrust the CIO role into the spotlight, increasing cybercrime is putting unprecedented pressure on them today. Trust is currency in highly regulated sectors and upholding this trust will see security leaders working more strategically than ever before. This includes aligning with CEOs, CFOs, and HR leaders on security policies and exploring partnerships with technology vendors for more robust cybersecurity solutions.
2. Your people: Your first and best line of defense
For ADIs, cybersecurity is no longer just the purview of the IT team. Everyone in every department has a personal stake in ensuring that security best practices are upheld. Not just because financial assets and members’ personal data are on the line, but also members’ trust Whether it’s rolling out well-designed awareness programs or providing regular and incentivised training, empowering staff at every level to play their part in preventing cybercrime will be critical.
3. The wider ecosystem: Avoidable blind spots
While financial institutions can implement controls and mitigation strategies to cover the systems and equipment they manage, vulnerabilities may still be present within the wider ecosystem of partners, third-party providers and applications being used every day. These risks tend to be out of sight and out of mind. Qualifying third-party suppliers based on their approach to security can help protect against such blind spots down the line. And while it can create additional legwork for resource-strapped teams, engaging specialists that offer these services can be a reliable workaround.
Key considerations when building a resilient cybersecurity strategy
Like a well-designed product or exceptional customer service, robust cybersecurity can be a USP. In an increasingly digital world where threats always loom, ADIs will need to implement tailored cybersecurity solutions that draw upon advanced technologies and factor in human psychology. Let’s unpack these key considerations.
Ensure technical soundness
An ‘always on’ cybersecurity strategy requires 24×7 monitoring, advanced threat detection as well as the ability to respond instantly in the event of a cyberattack. ADIs need to review their existing security infrastructure for gaps and seek expert advice on the best course of action, whether that’s doubling down on endpoint security or integrating ‘edge’. A review of their integration capabilities can reveal the extent to which their current security solution can integrate with future technologies. Getting an unbiased view of incident response and recovery policies can be helpful too. Finally, leveraging cloud capabilities can ensure that a security strategy can be scaled dynamically and will keep up with growing organisational demands.
Factor in human psychology
When they cannot penetrate networks, cybercriminals resort to psychological manipulation in the form of social engineering and phishing attacks. In fact, some 9 out of 10 data breaches are caused by an unsuspecting employee clicking a link in a seemingly normal email. Well-designed cybersecurity training and awareness of cybercrime will decide whether individuals are your best line of defense or your weakest link. Having conversations with cybersecurity experts today about how training and awareness will need to evolve as technologies like AI and deepfakes emerge can help ADIs avoid costly and unfortunate security incidents.
Develop an industry-leader mindset
For more organisations, security and compliance have gone from being a box-ticking exercise to taking centre stage in everyday operations. Staying up to date with the latest cybersecurity trends and proactively investing in technologies and practices to safeguard operations is one thing, but developing an industry-leader mindset allows organisations to share their learnings and best practices with other ADIs to help the sector become collectively more resilient in the face of cybercrime.
The last word on cybersecurity
At the recent industry roundtable event we hosted, leaders agreed that strengthening cybersecurity will be key as ADIs continue to drive results for their members – especially in light of heightened scrutiny over data handling and upcoming privacy reforms. The event was attended by eminent figures from the Customer Owned Banking Associations (COBA) who discussed the real-world cybersecurity challenges being faced by mutual ADI leaders right now.
We have compiled all the insights shared by the panel in our discussion paper Securing the digital future for Mutual ADIs and their members through a human-centred approach.
The discussion paper looks at the factors shaping the sector today and makes cybersecurity recommendations for member-based ADIs of all sizes – from organisations with one-person IT teams to those considering partnering with managed service providers. Providing practical advice on securing executive support, minimising vulnerabilities along the ecosystem, and embedding security deep into an organisation’s culture, the discussion paper is a must-read for leaders at financial institutions in an age of rampant cybercrime.
You can find our discussion paper here.
References:
https://www.grantthornton.com.au/insights/blogs/8-EOFY-considerations-for-adis/
https://assets.kpmg.com/content/dam/kpmg/au/pdf/2023/cost-of-cyber-attacks-australia.pdf
https://cisomag.com/psychology-of-human-error-could-help-businesses-prevent-security-breaches/
