The online magazine of the Swiss Bankers Association
September 21, 2016


Digital transformation and protecting our data

Digital transformation and protecting our data

Alleged cyber criminals were recently indicted for the first time in Switzerland. The Office of the Attorney General has accused the defendants of stealing data from over 130,000 credit cards, which they accessed through phishing attacks. In the end, however, the only thing that helps in the fight against cybercrime is to ensure that customers and bank employees have the proper security awareness.

The penetration level of digital solutions in society also means that the importance of data security is increasing. The more “analogue” tasks become digitalised, the more potential gateways there are for potential attacks. Such attacks are common in today’s financial world and cost the economy millions. Although the banks have always attached great importance to fighting against internet crime, technology alone cannot guarantee security.

Digital code of conduct – a dynamic transformation

People who use the internet and social media leave behind countless data trails that are almost impossible to control for ordinary people.

Dealing with gaps in security is a particular challenge.

Once they have been saved, the data remain on the internet for a very long time and can be used for purposes that do not correspond with the wishes of the user; data protection is often not effective here. Dealing with gaps in security is a particular challenge. Those who detect security gaps have the choice of informing the software manufacturer, publishing the gaps, or selling the information to the highest bidder. This creates an incentive for criminal behaviour. A growing number of businesses are therefore making efforts to close security gaps by taking preventative measures.

The digital transformation of financial markets – and white-collar crime

Data security has always been an important characteristic of the business activities in the financial world. Banking is trust – both in the analogue and the digital world. Business processes in the financial world are changing fundamentally with the digital transformation, which also results in the rise in internet crime.

Banking is trust – both in the analogue and the digital world.

The banks are trying to identify these new risks and limit them. As a result, issues such as information security and cyber defence are therefore increasingly being discussed at the highest echelons. The reputational damages incurred in the case of data loss, espionage or infection are too great.

Disruptive technologies and security awareness

One example of how new technologies and security concerns are transforming the financial sector are cryptocurrencies such as Bitcoin, which uses blockchain technology. Because data is divided between numerous databases in a blockchain, and are therefore mutually secured, manipulation by unauthorised persons is significantly more difficult. However, like for all decentralised systems, monitoring also becomes more difficult.

In order to increase protection, a two-step solution is required.

It continues to be seen time and again that the protection offered by conventional virus scanners often lags behind the hackers. This is most reflected in the threat posed by so-called ransomware, which has been rising for some time. There is no cure-all for ransomware. Virus scanners often have low to zero recognition rates for ransomware. In order to increase protection, a two-step solution is required: a virus scanner combined with the new customer solution (sandbox) that operates on the basis of isolation instead of recognition. E-mail attachments, websites and data are saved to PCs in a secured environment that is fully transparent and creates no restrictions for the user. This can be applied both in the everyday work conducted at banks as well as for personal PCs.

Sensitising employees and customers

But what use is the best technology if there is low user awareness of the risks? In the age of mobile banking and payment apps, many bank customers access their account or credit card data on their smartphones on a daily basis. Only very few of these individuals use a virus scanner on their smartphones for this – they may not even be aware that such a thing exists for these devices. Careless smartphone use can lead more rapidly than one might think to catching a virus or trojan, giving cyber criminals access to account data in an instant.

Careless smartphone use can lead more rapidly than one might think to catching a virus or trojan.

So in addition to the latest technology, sensitisation of bank employees and customers is especially necessary, because people are the biggest security risk when it comes to data protection. Effective security requires ongoing learning and the improvements that can be achieved as a result. The Swiss banks have been informing employees and customers about the potential risks of the internet and how to use any online banking activity securely.

Cybersecurity initiatives

There are many private and public sector initiatives in place to fight against internet crime. Collaboration between the important institutions is vital in order to achieve synergies and ensure the highest possible data security. The nucleus for this could be the Federal Council’s national strategy for Switzerland’s protection against cyber risks (NCS). Ultimately, however, the issue requires global collaboration.

The world of information technology is comparable to an ecosystem, which must be stable, flexible and capable of development. One hundred percent data security will never exist – but a high level of security must always remain the objective.