Singapore banks ranked safest in Asia, but can they maintain their status?
The Global Safest Banks listing was released in the last quarter of 2017, with Singapore banks dominating the rankings. DBS came in 1st in the region, followed by OCBC and UOB who came in 4th and 5th respectively. This is a milestone for the banking sector in Singapore as much efforts have been put in place to ensure that criminal activities such as money laundering and terrorism financing are guarded against with sophisticated software.
Nevertheless, cyber risk is still the least known of all major risks that banks face. As traditional banks are generally more risk adverse, the framework to track, manage and mitigate these risks are hence not as well developed as it should be.
What are a few of the security challenges faced by banks?
Complexity of new technologies
The growing volume of sophisticated technologies have allowed fintechs and IT organisations to carve a competitive edge against banks. While our local born and bred banks are lauded for their ability to become increasingly digital, these efforts also need to meet the needs of our tech-savvy society with privacy and security kept in mind. In addition to this, the speed to pick up new technologies.
Banks are becoming overly focused on creating a ‘smart’ journey for their customers due to growing expectations that enhancements of its cybersecurity systems have taken a back seat.
Integrating offline and online banking services
In today’s ever changing world of technology, banking and financial organisations are facing increased data theft and unauthorised access. Currently, there are both internal and external threats with increased adoptions of ATMs and online banking solutions. For instance, the increasing use of online applications raises the volatility and unpredictability of how respective IT systems behave. This is one of the reasons why the establishment of a cybersecurity bill is difficult to configure and enforce, resulting in its delay to launch in early 2018.
Nonetheless, the Singapore government and the Monetary Authority of Singapore (MAS) have been paving the way for local banks to prioritise cybersecurity while digitising its services.
What are some of these government initiatives?
The MAS has been raising the level of expected standards for cyber risk-management. With the launch of Financial Services Information Sharing and Analysis Centre (FS-ISAC), it will provide a 24/7 coverage of threat information, actionable intelligence, as well as tools and resources to respond to incidents locally and globally.
MAS is also currently working closely with local and foreign banks to explore a Banking Know-Your-Customer (KYC) Shared-Services Utility that will streamline end-to-end KYC. This translates into a centralised process that leverages on existing MyInfo – an application for customer identification and verification. MyInfo would collect and validate KYC documents before screening them against sanctions and blacklists to prevent any types of financial cybercrime or breaches of privacy.
Key initiatives by local banks
DBS investments within cybersecurity
DBS has invested massively into cybersecurity in terms of its talent search and adoption of new technologies as it regards money laundering and financial terrorism as a serious threat. It has hired (and are still hiring) niche talent for its security team, along with the adoption of software that can combat malwares and attacks. In addition, DBS has set up innovation labs that aim to educate and promote ideation amongst its employees and public. By positioning itself as a leader within cybersecurity in the early days, it has allowed them to gain an edge against rival banks internationally.
OCBC’s partnership with ThetaRay
OCBC has partnered with Israel-based cybersecurity company, ThetaRay, to manage cyber financial crime. ThetaRay uses machine learning-based algorithms to analyse big data and detect system behaviour anomalies and threats such as ATM hacking, insurance fraud and SWIFT-based attacks.
UOB talent hiring within IT
UOB is looking to bolster its technology team in Singapore by targeting firms like Google and Facebook to attract some of its new talent. With security being one of their core banking objectives, UOB is confident that niche IT talents with minimal or no experience in banking and finance can also add value to its technology team as its focus skew towards the safety and security of its customers.
Is Artificial Intelligence (AI) security for the future?
Although sophisticated technology can bring about greater security concerns due to its complexity, AI can also hold a promising future with suitable defences against cyberattacks. As cyberattacks become highly advanced, it becomes increasingly difficult to spot patterns and anomalies in order to identify new types of malware as it requires sifting through volumes of data from multiple sources. These sources include threat intelligence reports, IP addresses, white- and blacklists, and other millions of endpoints. It is impossible for humans to scour through especially during a crisis when immediate action needs to be taken.
Hence, AI is a solution that can help to supervise and train itself in managing the algorithms. Chief Information Security Officers (CISOs) and employees would thus be able to gain a straightforward way to review data and act on it immediately, reducing time lags significantly.
Ultimately, the ability for our local banks to maintain its position as a country with the region’s safest banks is still dependent on our willingness and receptiveness to take preventive measures in curbing cyberattacks. In relation to this, the demand for IT talents have also been picking up its pace while the supply for the right talent is slowly stagnating. This is especially true for those with expertise within cybersecurity.
If you would like to find out more about the limited talent available in the market, or those with transferable skillsets and experiences that can add value to your organisation, do follow us on our LinkedIn page for more industry related insights. Please do not hesitate to contact me if you’re working within the sector and would like to connect with your peers in the industry too.