Back to blogs

Cyber Security in Banking

Posted on February 2017

Busy people working in front of computers

​​Cybersecurity consistently dominates headlines, where attacks are becoming increasingly sophisticated, frequent and ambitious. From last year’s Democratic Party email leaks to the huge data breach at Yahoo, it appears no one – and no industry – is completely safe from the threat of cybercrime.

Cyber Security is a global concern and is causing particular concern in Asia. In 2016, Japan witnessed its largest banking hack; 14,000 ATM cash withdrawals and ¥1.8bn / $18m SGD. It is no secret that the frequency of sophisticated cyber-attacks on the banking sector has increased. Across the APAC region, the financial sector has been hit hard. There were a number of high-profile incidents in 2016 including the Bitfinex bitcoin exchange hack in Hong Kong and the Bangladesh Central Bank heist. “$81.3bn SGDRevenues lost to cyber-attacks in the Asia-Pacific region in the 12 months; of a global total of $315bn SGD.”[1]. Across 2016, large scale heists took place in Taiwan, Malaysia and Thailand.

Cyber security standards and protocols have been set up across the region, yet it remains vulnerable to attacks. With the increasing frequency of sophisticated attacks, the industry is in urgent need of robust, comprehensive cyber-security programs, supported by rigorous levels of governance, risk and compliance, to avoid becoming victims of an attack.

35% of all cyber-attacks are targeted towards the banking community making it an industry priority to optimise cyber resilience and enhance incident response preparedness to protect data and mitigate risks associated with money laundering and fraud.

Below are 4 cyber security trends we expect to see in Banking across the APAC in 2017:

1. Chief Cybercrime Officer

Many banking institutions are beginning to appreciate the gravity of the situation and are looking for some way (or someone) to tackle the issue of cybersecurity head-on.

As such, a new role of Chief Cybercrime Officer (CCO) has already been advertised by many within the industry where banks are looking to appoint senior staff with daily responsibility for protection against cyber attacks.

The CCO role will be task tasked with, ensuring the company is “cyber-ready”, taking responsibility for preventing breaches and taking the lead to manage problems and provide a vital link between the board members and the rest of the company.

2. Third-party vendor security

A business might have the right security systems and policies in place to protect itself from a cyber attack, but does its third-party providers and supply chain have that same level of security and diligence? If the answer is ‘no’, there is another vulnerability for the business and its customers, who could find themselves victims of a cyber attack.

One such example; SWIFT had been a trusted provider within the international banking industry. If you received a SWIFT message, you could be confident it was a legitimate transfer. But that was before hackers used malware to take control of SWIFT’s messaging app and send fraudulent SWIFT messages. This led to the theft of $81 million SGD from Bangladesh’s central bank.

In 2017 Banks need to make third-party risk management a priority if they are to avoid similar attacks. They must find their weaknesses and tighten policies, to prevent sub-standard security measures and systems providing the gateway for major exposures.

3. The growing threat; Ransomware

2017 will see a further rise in Ransomware which often offers hackers a simple and lucrative way to make fast money. For the organisations affected, it means not just a ransom payment, but also the loss of operations, employee unease and severe brand damage.

According to Trend Micro, Ransomware is predicted to grow by 25% in 2017[2]. Over the coming year, we will see attacks becoming more targeted and spreading into IoT devices, PoS systems, and ATMs.

By encrypting data, hackers are able to demand huge sums of money from organisations. It has become a threat that many banks have to suffer in silence; if customers were alerted to the fact that a firm was infected with Ransomware, the damage to the brand would be irreparable.

4. IT security skills shortage

The reality is that cyber attacks far outpace cyber-defense due to the clear shortfall in the cybersecurity workforce. There are currently more than one million cyber security job vacancies around the world. However, until that skills shortage is filled, the banking sector (and many others) will struggle to manage cybersecurity risks.   

According to a report by Intel Security, 82% of the IT decision-makers believe there is a shortage of cybersecurity skills within their organisation with 71% of respondents agreeing that this shortage is doing their businesses ‘direct and measurable damage’.[3]

The Cyber Security recruitment solution

For the banking sector to overcome these barriers, 2017 needs to be a year of innovative solutions and a new approach to how we build the cybersecurity workforce. Hiring talent on a temporary basis is often the only route available for under-staffed security teams. That’s why the CISO-as-a-service or virtual CISO model is taking off and we expect it to grow further throughout the year[4].

Hot hiring trends within cyber security: 

  • Security Director/ Manager

  • Cyber Risk Manager

  • Security Architect

  • Information Assurance Manager

  • CISO/ CSO

  • SOC Director/ Manager

  • Forensics Investigator

  • IT Audit

  • Penetration Tester

  • Cloud Security

Salary Trends 2017:

Technology Risk

Years

Risk & Control

Governance Risk

Associate

0 - 3

$54,000 - $60,000

$48,000 - $60,000

Analyst/Manager

3-6

$60,000 - $80,000

$65,000 - $75,000

AVP/SrAVP

5-10

$80,000 - $150,000

$80,000 - $130,000

VP

8-15

$160,000 - $180,000

$140,000 - $170,000

SVP/Director

15<

$180,000 - $220,000

$175,000 - $190,000

If you’re interested in any specific additional data to support your business needs, or should you require specific information on general market trends, look into strategizing the position of the IT Security team internally or looking to have discussion on partnering with our team to enhance your Cyber Security mandates get in touch today.

Please note that the above salary surveys cover a significant proportion of the market, within vastly different organisations, taking into account different levels of seniority.

Click here to view or download as a pdf.

-----------

About Us

Selby Jennings is a leading specialist recruitment agency for banking and financial services. For more than 15 years, we have given clients and candidates peace of mind that the recruitment process is in expert hands. Our continual investment in best-in-class technologies and consultant training enables us to recruit with speed, precision and accuracy. Today, Selby Jennings provides contingency and retained search recruitment across 11 offices in 6 countries. Contact us to find out how Selby Jennings can help you.

In this article