Banks have always been in the business of risk management, but the risks they face aren’t stagnant; they migrate with time.
Traditionally, banks have faced two types of risk: interest rate and credit risk. Today, however, given the growth of digital banking and transactions, these two risks have been supplanted by another: cybersecurity.
The biggest challenge when it comes to cybersecurity risk is that it constantly evolves, as the threats, actors and attacks increase in sophistication. Banks that prepare for one method of intrusion may find themselves the victim of a different strategy.
Earlier this year, H. Rodgin Cohen, a partner at Sullivan & Cromwell and one of the industry’s most trusted advisors, commented on this change.
“I think the biggest risk in the [financial] system today is a successful cyberattack,” Cohen said. “That is a very serious risk, but I think the more likely [danger] is that a single bank — or a group of banks — are hit with a massive denial of service for a period of time, or a massive scrambling of records.”
Banks of all sizes feel pressure to keep their systems secure from intruders, according to Bank Director’s 2019 Risk Survey, which found that cybersecurity concerns among bankers have increased over the previous year.
Twenty percent of survey respondents say they address cybersecurity as a full board rather than delegating it to a committee, and slightly more than a third say at least one director is a cybersecurity expert.
The concern is ever present, and for some banks, very real: 18% of respondents, excluding chief lending officers and chief credit officers, reported that their bank experienced a data breach or other cyberattack within the last two years.
Concerns like these are why Bank Director created the “Best Solution for Protecting the Bank” category for its 2019 Best of FinXTech Awards. Judges selected winners from the most innovative solutions found in the FinXTech Connect platform.
The finalists for this year’s award were Rippleshot, which helps banks to identify credit and debit card fraud; IDEMIA, which works to prevent card-not-present fraud; and Illusive Networks, which helps banks detect when their networks have been infiltrated.
This year’s winner was Illusive Networks, based in part on its work to secure the network of Israel Discount Bank, the third biggest bank in Israel.
Illusive approaches cybersecurity from a hackers’ point of view in order to beat them at their own game. Its strategy isn’t to stop an intrusion per se — a feat that seems increasingly impossible with the number of entry points into a system and the scores of malicious actors.
Rather, it detects and remediates an attack once it has happened. Intruders breaking into a bank’s system must persistently monitor the network for bits of information or credentials that will help them move from machine to machine and gradually close in on the data they want. Illusive plants false information across the bank’s network so that, when attackers act on it, the bank can catch them red-handed.
Illusive calls this “endpoint-focused deception.” The deceptive information is only visible to malicious actors and triggers an alert within Illusive. The technology then captures details about the bad actor directly from the machine they were using, which the bank then uses to track and stop the attack.
One of the main selling points of Illusive’s solution is the short implementation period. In Israel Discount Bank’s case, it took a matter of weeks to implement the solution. The net result is that, not only is the solution harder to detect for potential cyber criminals, but it’s also fast and easy to implement.