Organisations in Singapore today understand that customers crave convenience and a personal touch when interacting with them and utilising their services. This is especially true in the banking and insurance sectors. The growing demand for more straightforward transaction methods and personalisation has spurred financial services institutions (FSIs) to expand their digital offerings

A recent EY report highlighted the disparity between FSIs that have embraced digital transformation and those that have not. For instance, FSIs that have integrated behavioural data and affective computing are providing customers with effective, new ways to achieve their financial goals.

However, this innovation relies significantly on leveraging data, which raises important questions about access to such a wealth of information.

Cyberthreats loom large for financial institutions

The expanded range of digital services has improved FSIs’ ability to meet customer needs but has also introduced unprecedented opportunities for cyberattackers keen on exploiting vulnerabilities resulting from these innovations.

Ransomware has notably evolved as a strategy for attackers. Ransomware as a service, for instance, has gained popularity among attackers. This method allows even those without specialist knowledge, dedicated infrastructure, or tools to execute advanced attacks. The critical nature of financial services makes it a popular target due to the likelihood of ransom payment. 

Phishing continues to be a common method for targeting FSIs. The Cyber Security Authority in Singapore reported an increase in phishing links from 47,000 in 2020 to 55,000 in 2021. Phishing allows threat actors to access personal bank details and transfer money out of accounts or make unauthorised purchases, thus it’s a preferred method of attack. This could severely damage banks’ brand reputation and result in substantial fines for violating regulatory compliance

Organisations must safeguard not just employees but also third-party remote access by vendors or partners. Cyberattackers can exploit unsecured devices to gain entry into the wider IT infrastructure. These challenges emphasise that, without proper device monitoring and risk management tools, malicious actors can inflict significant damage on FSIs.

With the growth of the cloud — IDC estimates that 92% of Asia-Pacific banks increased their spending on cloud technologies last year — FSIs are not taking security lightly. Digital trust solutions, in particular, have seen increased adoption. A report by SGTech predicts that spending on these tools, including cybersecurity, digital identities, and privacy enhancing technologies (PETs), is expected to surge from SG$1.7 billion in 2022 to SG$4.8 billion by 2027.

However, these investments must focus on ensuring intelligent privilege controls in the cloud.

Robust cybersecurity begins with identity

Security is the cornerstone of enhancing customer relationships, especially in sectors like banking and insurance. For organisations to achieve this, it’s crucial to adopt a zero-trust approach to safeguard identities and protect assets, as attackers often exploit unsecured identities to infiltrate an organisation’s network and execute extensive attack campaigns. 

The first step is conducting identity audits for better visibility over users, devices, and the resources they can access. By identifying those with excessive privileges, organisations can take corrective measures to reduce the risk of identity theft and breaches.

Streamlining security solutions into one centralised platform is another important strategy. With the right solutions, FSIs can monitor all identities comprehensively for session monitoring and access management. This allows them to meet compliance requirements while maintaining their employees’ ability to perform their duties.

Balancing convenience with security

Implementing security doesn’t have to be a burden for employees. In fact, a robust, organisation-wide cybersecurity culture can enhance business efficiency and performance. Through education, FSIs can protect the organisation and implement best practices. Consistent training allows FSIs to continue offering high-quality services, while also reducing service downtime. Furthermore, FSIs need to ensure their security systems are correctly configured.

Adopting an “assume breach” stance, a critical component of zero-trust security, is also necessary. Employees can protect workloads by creating robust passwords that include a mix of uppercase and lowercase letters, numbers, symbols, and are at least 12 characters long. Changing these frequently is also vital in reducing the risk of credential theft, ideally every three months. In the meantime, security teams should incorporate multi-factor authentication (MFA) algorithms to prevent malicious users from compromising accounts. A cloud-based enterprise password management solution enables organisations to securely capture, store, and manage password-based applications and other secrets.

Given the considerable benefits to both customers and providers, digital banking’s popularity is set to grow. For FSIs, the responsibility lies in ensuring customers enjoy positive and secure experiences.

Zero-trust and least privilege strategies are the most effective tools for achieving this, as they allow businesses to utilise new technologies without sacrificing security. While identity isn’t the only focus of security, it plays a significant role because modern identity security controls are integral to mitigating the risk of advanced cyberattacks. Through a security-centric identity and access management approach, FSIs can secure sensitive data and infrastructure while fully harnessing the capabilities of cloud environments.