Given that Asia is home to some robust financial markets representing trillions of dollars, the region has become an attractive target for cybercriminals. For instance, in India there has been a strong push for financial inclusion, to cover more people under the banking sector. This, coupled with the surge of e-commerce and introduction of digital wallets, presents new opportunities for the country’s financial services industry.
Government initiatives such as Digital India and Make in India further expand the scope of the financial services sector. However, this also makes the country an attractive target for cybercriminals.
What does this mean for the financial services sector in 2016 especially for the emerging economies that are more vulnerable to cyberattacks?
1. More calls for transparency when it comes to cybercrime.
Unlike the US and Europe, there is no uniformity in Asia when it comes to laws mandating the disclosure of cyber breaches. While sharing less with regulators may keep the heat off organizations in the short term, it increases the chances of additional attacks targeting similar organizations with similar techniques.
Last year, we witnessed the establishment of the Cyber Threat Alliance—a group of cybersecurity solutions providers coming together to share threat intelligence on attacks taking place across the region, including motivations, tactics and information on those responsible. We expect this trend to continue, as more organizations begin to realize the benefits of sharing knowledge as a means to unify efforts to fight cybercrime in Asia.
2. The level of investment in cybersecurity solutions will accelerate.
In a recent study by PwC, cybercrimes in India more than doubled in 2015 compared to the previous year. This trend also puts responsibility on the institutions to protect their customers from cyberthreats, which can lead these institutions to increase their security budget by over 70%. This point was echoed by Standard and Poor’s, which announced its decision to downgrade bank credit ratings, if they are found to have sub-par security standards, even if they haven’t been hacked.
3. International regulations on cybersecurity will serve as a model for Asian governments to evaluate and adopt.
Today cybersecurity is becoming a focus for policy in the US, most recently seeing the introduction of the Cybersecurity Information Sharing Act, which aims to help US companies to work with the US government to combat hackers.
While effectiveness of these regulations will be established over time, Asian governments should look to foster the sharing of cyberthreat information and ensure that there are responsible privacy protections in place, for the purpose of identifying, preventing, mitigating and responding to cyberthreats, vulnerabilities and malicious campaigns.
4. A more holistic approach to cybersecurity will be required.
In an age of electronic wireless payments and the adoption of Internet of Things-enabled devices, new vulnerabilities will be created, giving hackers more opportunities to carry out targeted attacks. The point solution approach adopted by many companies will not be enough to combat these attacks, and instead calls for companies to take a more holistic approach to security. Enterprises, governments and services providers will also have to re-architect their systems and networks—from legacy platforms to adopting next-generation technology to cover all bases, which include the network, endpoint and the cloud.
5. Boom in use of Big Data for cybersecurity insight.
Gartner expects over 25% of global firms to have adopted big analytics for at least one security and fraud detection use case by 2016. The IT and financial services industry will lead the way when it comes to Big Data technology adoption, making these sectors a likely candidate for Big Data adoption for security purposes. Hence countries such as India, China, and Singapore will find themselves at the receiving end.
6. Third-party risk no longer an afterthought.
Frequent instances of compromised client data due to lapses in vendors’ security serves as a reminder that cybercriminals are active and determined to exploit loopholes. It is no longer just about banks, but also about their vendors, subcontractors and suppliers who have access to the data. More regulators are beginning to take a closer look into how banks are managing risk when it comes to taking on third-party vendors, and as more enterprises in the region make the move to invest in more resilient platform-based security platforms.
Sean Duca is vice-president and regional chief security officer for Asia-Pacific at Palo Alto Networks.