We need to talk about Dave - Editor's Blog -

It’s one thing to protect your bank from a cyber attack by a foreign government, but is your security Dave-proof?

The cyber attacks that hit the headlines are those external ones perpetrated by foreign governments, organised crime and rogue hackers. But as every bank knows, the more common threat is the internal one from employees and these are more likely to be accidental than malicious.

However good your bank’s security procedures, there is in every organisation an employee ('Dave' as he was tagged at a Sibos panel discussion) who insists on clicking on an unknown file sent by e-mail or responding naively to a phishing attack. Your security is not sufficient unless it can deal with situations like this.

Smart banks must ensure that their security procedures are clear, well communicated to staff and supervised as a minimum first step. Most critically of all is network segmentation and strong firewalls so that a breach in one area of the bank doesn’t spread.

The bad news is that on the wider security front the challenges in keeping banks safe are getting tougher for several reasons. One is the move to do everything faster – open bank accounts, instant payments, etc – which means mistakes are not discovered until after the event. The second is the use of artificial intelligence and the Internet of Things for collecting data and measuring such things as footfall in branches. These create their own security risks.

On top of this, in some markets such as the UK, when customers give away critical data the bank is being asked to compensate for the losses anyway. Now you can’t blame Dave for that. Banks' security arsenals have to be able to stand up to all these different kinds of threats.

Brian Caplen is the editor of The Banker. Follow him on Twitter @BrianCaplen

Register to receive my blog and in-depth coverage from the banking industry through the weekly e-newsletter.

Top 1000 World Banks 2020: the biggest and the best

Top 1000 World Banks ranking

Request a demonstration to The Banker Database

Global Risk Regulator

The Banker on Twitter

Join our community