The rise of the pandemic last year meant that corporates around the globe had to embrace a highly dispersed, virtualised environment to keep the wheels of business turning. This is now changing the way that banks need to move forward, with both their security as well as their service assurance.
So says Darren Anstee, Chief Technology Officer for security at NETSCOUT, a leading global provider of service assurance, security and business analytics. He explains that, at the start of 2020, digital transformation in the financial services sector was already well underway, and the intervening year has only accelerated this transformation.
Writing in a recent blog, he notes that, “The COVID-19 lockdown shut branches, forcing customers online; in fact, it is estimated that 35 percent of customers have increased their online banking usage during the pandemic…. Customers that have grown accustomed to the speed and convenience of online banking are unlikely to revert to call centres or go back to using an agent or a branch to the same extent as they did previously.”
At the same time, banking employees who had been working on secure corporate infrastructure at banking premises became suddenly spread across thousands of far more vulnerable home office locations.
Anstee clarifies: “In the US, for example, Bank of America and Wells Fargo transitioned more than 150,000 employees – or roughly 70 percent of their workforce – to work from home. And in the UK, Nationwide moved 98 percent of its workers to work from home in the space of just five days.”
And this fact comes with a warning: “It’s unlikely that tens of thousands of workers can be redeployed within a few days without a few security issues being overlooked in the process.”
Predictably, threat actors around the globe were quick to take advantage of the sudden requirement to move employees into remote working arrangements. Distributed denial of service (DDoS) attacks crossed the 10 million mark during 2020. For the first time in history, as reported by NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT), more than 10 million DDoS attacks took place in a single year, showing how much the COVID-19 pandemic had assisted the activities of threat actors.
DDoS attacks occur when threat actors try to disrupt normal traffic to the enterprise by overwhelming the target with a flood of internet traffic, at volumes that the system cannot handle. In this way, genuine users cannot gain access.
Returning specifically to financial services, South Africa is internationally recognised as having a sophisticated financial services sector, which is backed by a sound regulatory and legal framework. It is also becoming a target for cybercriminals.
Risna Steenkamp, General Manager: ESM Division at value-added distributor Networks Unlimited, clarifies, “As with international financial services players, key local banks in South Africa were also well on their way with their digital transformation journeys before the pandemic struck. This is outlined, for example, in information from Standard Bank in 2020 on steps taken to help the bank deliver a faster time-to-market on products and services, while ensuring its IT infrastructure was optimised; as well as by Absa’s digital transition, which came about as a result of its separation from Barclays from 2017 to 2020, and which, reports the bank, created new opportunities for Absa, particularly around the use of big data to build its customer intelligence and experience offering.
“Last year, our local financial services had to make their own quick adjustments to the new world order. However, having to move swiftly to keep working during the initial hard lockdown in March 2020 did not help with an already difficult security situation.”
In 2020, Irish multinational consulting firm Accenture released a report entitled: ‘Insight into the Cyberthreat Landscape in South Africa’ that revealed a pronounced spike in cyberattacks in 2019, with all sectors being hit by cybercriminals.
Steenkamp notes, “The report outlined that South Africa had the third-highest number of cybercrime victims globally for the reported period, translating into losses of around R2.2 billion in cyberattacks. I imagine that once the data for 2020 has come in, the figures will continue to paint a dismal picture. For example, we know already that local financial services companies PPS and Momentum Metropolitan came under cyberattacks during 2020 and 2021, as did consumer credit reporting company Experian.
“It all speaks to the imperative need for cybersecurity across all sectors, and banks, with their access to critical personal information, will only survive if they are able to protect their customers’ security details while also operating top-quality customer service. This is as true whether they are interfacing with their customers in a bricks-and-mortar or a virtual scenario.”
According to Anstee, the reactive changes that took place across the globe last year have had huge implications for the financial institutions involved, both from a service assurance and a security perspective.
He explains, “The key objective of IT and business leaders now must be to ensure the reliable delivery of mission-critical business services. Financial services institutions cannot function effectively in this new normal unless their customer-facing applications and virtualised business processes can operate reliably and securely across wired and wireless environments. With cybercriminals enthusiastically exploiting pandemic vulnerabilities, the need for advanced automated DDoS technology is clear.
“Meanwhile, service assurance requirements mean that companies must test and monitor new digital transformation projects over both wired and wireless networks – during and after deployment – to assure a quality user experience. It also requires that companies establish baseline service response times for new and existing services and introduce rapid service triage to reduce the time it takes to identify and remediate any vulnerabilities. Ideally, customised analytics would provide key insights into all business-critical applications and services.”
NETSCOUT is distributed throughout Africa by Networks Unlimited.