We have long passed the inflection point on the digital transformation. To be a bank in 2019 is to be a digital bank as well, period. Customers, especially younger ones, will be performing many of their transactions and asking for support on a device. Communicating with these customers across the web, social media, email, and mobile applications can increase engagement and open up new revenue opportunities – but also exposes your institution to new digital risks.
Unfortunately, any sort of online interaction with customers tends to bring the attention of cyber criminals seeking to hijack such communication for their own enrichment. International consulting firm Accenture recently estimated that cybercrime would cost businesses over USD$5 trillion in the next five years unless significant improvements were made to internet security infrastructure. With phishing at the root of 91% of all cyber attacks, it is clear that any plan to reduce cybercrime losses should make eliminating phishing threats a priority. Indeed, there is very little stopping a cybercriminal anywhere in the world from creating a social media profile, mobile app, similar domain, or phishing email imitating a bank’s branding with the aim of tricking customers into giving up their online banking credentials there. While threat actors seeking access to sensitive accountholder data contained within an organization’s infrastructure can be blocked at the perimeter’s edge, a different protection strategy is needed when attacks are launched on social media networks, application marketplaces, email servers, or similar domains that an institution doesn’t control.
Since organizations can’t prevent threats on external digital platforms, financial institutions must employ tools that give them the visibility to detect and respond to any threats that surely exist there. Essentially, the threat stance must shift from reacting to threats to proactively discovering and removing them before any customers can be victimized.
The enormity of searching the entire digital ecosystem for threats affecting a particular institution can seem overwhelming at first. However, there are a few critical qualities to be on the lookout for when evaluating digital risk protection solutions, which will make this task easier and much more efficient to carry out:
- Digital risk protection should collect and analyze data from an extensive array of sources. Ideally, a solution for reducing digital risk should be able to automate the collection of relevant data from a variety of different locations on both the open and dark web using technologies such as machine learning.
- The solution should have the ability to accurately and comprehensively map, monitor, and mitigate digital risk across channels. When a digital risk protection solution sends an alert, it’s imperative that the alert genuinely means risk is present and is not a false alarm. The solution should be able to prioritize the riskiest incidents for takedown and coordinate remediation responses that can disable attacks in as close to real time as possible.
- Digital risk protection should be able to leverage technology that allows it to proactively find attacks as soon as they are launched. By interrupting attacks at the launching stage, digital risk protection can drive up the cost of a successful attack for cybercriminals, ultimately reducing their ability to attack and motivating them to look elsewhere for easier targets.
With an effective digital risk protection strategy in place to neutralize threats as they are created, financial institutions can proceed apace with their digital transformations, increase their appeal to younger customers that are predominantly comfortable using digital channels, and avoid opening the door to more fraud.
For more information about how to protect your institution from phishing and other digital risks, click here.