Banking cybersecurity in times of COVID-19

Melissa López
April 16, 2021

In a world that is increasingly digitized and therefore more sensitive to cyber threats, cybersecurity has become a priority and challenge for financial institutions where they no longer only have to worry about taking care of their clients' money, but also about the privacy of their data.

During 2020 the banking industry has suffered significant attacks around the world, according to the findings of IBM Secuti and the cost of cyber data breaches amounts to $ 8.2 million.

And it is that with the simple use of a computer and Internet access, cybercriminals can cause damage from anonymity, targeting mainly financial institutions in Latin America.

In this regard, FinTechs have tried to stay at the forefront with the implementation of biometric security in the architecture of their applications, as well as sophisticated identification and authentication systems.

Antit is a company focused on FinTech development that stands out in this regard, its applications are certified with Deloitte security audits .

This company has been named a world leader in cybersecurity services for the implementation of appropriate controls for risk and threats.

Antit currently has four Neobank in the market where it has made use of user data encryption, identity validation processes through biometric technologies, facial recognition and artificial intelligence , so it protects your payments or shipments with FaceID, touch ID or PIN of security.

Cybersecurity risk assessment

Currently, banks must maintain constant risk monitoring and invest in the use of more robust cybersecurity technologies, An investment that must be even greater and include a risk diagnosis and a maturity assessment, with the intention of using the solutions that best suit the needs of the company.

Cybercrime evolves every day, therefore banks and companies in general must evolve in the detection mechanisms of these cybercriminals. Online crime already accounts for approximately half of all property crime in the world.

"It is estimated that damages from cyber breaches will reach $ 6 trillion by 2021, which is equivalent to the Gross Domestic Product (GDP) of the third largest economy in the world.", Reported the Inter-American Development Bank (IDB) in its report " Cybersecurity: risks, progress and the way forward in Latin America and the Caribbean ”2020.

Costa Rica is in fifth place in America in Cybersecurity according to the National Cybersecurity Index , which includes 160 countries, our country is only preceded by the United States, Paraguay, Chile and Canada.

Even staying at the forefront of cybersecurity will allow you to protect your brand and reputation, giving you a competitive advantage in the marketplace.

Likewise, it is essential to develop a continuous evolutionary penetration and hacking strategy to detect possible threats, combining technology with risk analysis at all levels determined to find its own vulnerabilities.

Main risks

Database theft: for financial entities, their databases are one of the most important parts of their system, since their theft would put their users' accounts at risk.

In the case of our country, an important case of cyberattack was the one suffered by the Bank of Costa Rica (BCR) by the group of hackers ransomware Maze, who after repeated intrusions in their systems decided to request a ransom payment in exchange for the data of Your clients.

Faced with the refusal of the entity, the hackers release 2 GB in a spreadsheet with the numbers of the Visa and Mastercard bank cards of numerous BCR clients.

Ransomware is a type of malware that hijacks data to extract financial resources or information, valuable for the black market and that is often used to extort money from the attacked entity.

Phishing, one of the most used methods that refers to computer fraud through email, is a fraudulent process of the branch of social engineering that seeks to obtain passwords or financial information through deception.

Similarly, banking Trojans operate through spam campaigns that pretend to be legitimate emails and impersonate companies or government agencies. Therefore, digital banking should be concerned with creating a correct digital culture for both its employees and customers .

This since a large percentage of cyber vulnerabilities are directly related to the behavior of employees or users.

Therefore, they must look for strong authentication methods, the human fails to click where he should not, the banking staff must be able to identify phishing emails that can cause damage to the entity.

During 2020, these types of attacks have had a greater boom using information related to Covid-19, with the intention of planting malware intended to obtain data, spyware (spyware) or banking Trojans.

Likewise, during the year an application was detected in the Play Store that offered interactive maps on the progress of the Coronavirus, which, when downloaded, hijacked the user's mobile device.

This last case was presented in our country under the name " CovidLock " and they demanded $ 100 in bitcoins, in exchange for a password that unlocks the screen to return control of the device to the owner, otherwise they proceed to erase all the stored information.

The accelerated pace of digitization has caused cybercriminals to modify their strategies according to current circumstances , so that at the same rate, banks will have to forget their bureaucracy and learn to respond proactively to these threats.