In an era dominated by digital transactions and remote operations, it has become increasingly critical to ensure the financial integrity of organisations. With the rapid advancement of technology comes a parallel increase in cybersecurity threats and scams, posing significant challenges to finance professionals.
To shed light on this issue, The Institute of Chartered Accountants in England and Wales (ICAEW) shared insights from industry experts, ICAEW chartered accountant Kevin Foo, FCA, who double hats as KPMG’s Head of Financial Services in Malaysia, with input from Ubaid Mustafa Qadiri, KPMG’s Technology, Risk and Cybersecurity Executive Director, as well as ICAEW member Nicholas Tay, Assistant Vice President of the Advisory team at Mizuho Bank Malaysia’ Business Coordination Planning Department.
The Evolving Landscape of Cyber Threats
The digital transformation has revolutionised the way financial transactions are conducted, making them faster, more efficient, and convenient. However, it has also opened new avenues for cybercriminals to exploit vulnerabilities in systems. From phishing attacks and malware to ransomware and social engineering scams, the arsenal of cyber threats facing organisations today is vast and ever evolving.
Kevin Foo, FCA emphasised the importance of recognising the dynamic nature of cyber threats in today’s digital age, “The security of financial institutions and the data they hold is marked by escalating threats and evolving challenges in today’s digital age. These institutions, entrusted with highly sensitive data such as our personal and financial information, are prime targets for cybercriminals who are constantly refining their tactics, from ransomware assaults to phishing schemes and data breaches. KPMG’s annual survey with CEOs in the global banking sector has discovered declining confidence in preparedness against cyber threats, with a significant 40 percent of organisations citing the increasing sophistication of cyber attackers as a major concern.”
“Moreover, the shift towards digital banking and online transactions has broadened the scope for cyberthreats. Consequently, the task of fortifying financial systems and shielding sensitive information has become increasingly daunting. To tackle these challenges head-on, vigilance is paramount. It is imperative for financial institutions and their stakeholders to take a proactive approach in implementing robust cybersecurity measures to ensure the safety of vital data.”
Highlighting the significant impact of cybersecurity breaches on financial professionals Nicholas Tay, ACA reports that with the adoption of technology in banking and finance sector, potential risks within the sector have evolved to include rising levels of cybersecurity risks, and financial institutions are now racing to adopt and implement the latest cybersecurity technology to provide the enhanced assurance to their customers.
Ubaid Mustafa Qadiri shared his insights into specific cyber threats, identifying account takeovers (ATO), data breaches, ransomware attacks, denial-of-service (DoS) attacks, and supply chain attacks as some of the most concerning threats, emphasising the critical importance of identifying and addressing these threats to protect sensitive customer data and mitigate financial losses.
On the issue of prevalent scams targeting organisations and financial institutions, Qadiri highlighted tactics such as phishing, QR code phishing, business email compromise (BEC), and account takeover fraud. He stressed the need for organisations to remain vigilant and educate their employees and clients about common cyber scams to prevent unauthorised access and financial fraud.
Mitigating Risks and Enhancing Resilience
According to Tay, to mitigate the risks posed by cyber threats, organisations must adopt a multi-faceted approach that encompasses both technological solutions and robust risk management strategies.
Tay also contributed his perspective on the challenges faced by finance professionals in mitigating cybersecurity risks, highlighting the delicate balance between efficient execution of assignments and maintaining vigilance over sensitive information, emphasising the importance of fostering a culture of compliance within organisations.
Regarding strategies for fostering cybersecurity awareness, Foo mentioned the need for regular communication, leadership buy-in, and external education initiatives while Qadiri suggested adopting a mindset that views cybersecurity as a source of growth and market edge, encouraging organisations to leverage advanced technologies and cultivate a strong culture of cybersecurity awareness.
Collaboration and Knowledge Sharing
In the fight against cybercrime, collaboration and knowledge sharing are key weapons in the arsenal of finance professionals. By sharing information and best practices, organisations can stay one step ahead of cybercriminals and strengthen their collective defences.
In addressing the integration of cutting-edge cybersecurity technologies with cybersecurity awareness initiatives, a holistic approach that combines advanced technologies with comprehensive training programs is required. Collaboration within the industry can enhance resilience against cyber threats, with Qadiri citing initiatives such as threat intelligence sharing platforms and common cybersecurity standards.
Foo also acknowledged the perpetual struggle against cybercrime faced by financial institutions and the need for continuous adaptation and resilience. He emphasised the role of financial institutions in evolving and adapting to the changing landscape, demonstrating their commitment to cybersecurity and customer protection.
“Financial institutions are expected to be locked in a perpetual struggle against cybercrime. These institutions are prime targets due to the wealth of valuable data they possess, and cybercrime tactics continually evolve alongside technological advancements,” Foo observed. “To tackle these challenges head-on, vigilance is paramount. It is imperative for financial institutions and their stakeholders to continue to take a proactive approach in implementing robust cybersecurity measures to ensure the safety of vital data.”
As technology continues to reshape the financial landscape, organisations must adapt to the new realities of cybersecurity threats and scams. By investing in advanced technologies, implementing robust risk management strategies, and fostering a culture of cybersecurity awareness, finance professionals can safeguard the financial integrity of their organisations and protect themselves against the ever-present threat of cybercrime. Through collaboration and knowledge sharing, they can collectively enhance their resilience and stay one step ahead of cybercriminals in the ongoing battle for cybersecurity.
