Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Cybersecurity Threat to Digital Banking: A Global PerspectiveOctober 2019
© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Printed in Nigeria.
Outline
kpmg
Introduction – Key themes in digital banking
Cyber Threats - Global Landscape
Managing Cyber risk in Digital Banking
Final Words
© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Nigeria.
3
Document Classification: KPMG Confidential
3
Internet in 60s
Source: Digital Around The World in 2019 (We are Social)
Introduction – Key themes in digital banking
© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Nigeria.
4
4© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All
rights reserved. Printed in Nigeria.
Key themes in digital banking
KEY THEMES IN
DIGITAL BANKING
04Evolving customer
experience
03 Omni enterprise
05 Journey to the
Cloud
06 Internet of
things 02Continuous delivery
07 Demographic
shift01Digital labour
Introduction – Key themes in digital banking
Cloud
API
Artificial
Intelligence
UI/ UX
© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Nigeria.
55
Digital products
e.g. Banking AppsOnline
marketing
Digitized Customer
Service
Digitized Customer
onboarding
Traditional risk
management
frameworks cannot
effectively support the
new array of risks that
come with digital
advancements
RISK
CustomerCustomer
• Digitization
comes with
numerous
opportunities, but
it also comes with
risks that need to
be managed.
• There is an
increased drive
for digitization.
• However, this
drive is not
adequately
matched with
commensurate
investments in
risk management.
“Disproportion between digitization
of risk and digitization of front-end”
Increasingly digital front-end
Drive for Digitization and Inherent RiskIntroduction – Key themes in digital banking
© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Nigeria.
6© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Nigeria.
6
AMERICAS
1. Cyber and data breaches
2. Faster payments
3. Open Banking (equal third)
4. Evolving digital channels (equal third)
5. Virtual currencies (equal third)
EMA
1. Cyber and data breaches
2. Faster payments
3. Evolving digital channels
4. Payments Services Directive 2 (PSD2)
/ Open banking
5. Social engineering
ASIA PACIFIC
1. Cyber and data breaches
2. Social engineering
3. Faster payments
4. Evolving digital channels
5. Open Banking
Source: Global Banking Fraud Survey, KPMG International 2019
2. Social
Engineering
3. Evolving digital
channel &
Faster payments
4. Open Banking1. Cyber and data
breaches
Challenges facing banks globally in managing cyber/fraud risk
5 Americas
25Europe, the Middle
East, Africa (EMA)
13Asia-Pacific
Scope:
KPMG’s Global Banking
survey was conducted
between November 2018
and February 2019 across
43 retail banks.
18 have annual revenues
in excess of US$10 billion
& 31 each employ more
than 10,000 people across
the globe.
Cyber Threats - Global Landscape
© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Nigeria.
7
7© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All
rights reserved. Printed in Nigeria.
Global Cyber & data breachesCyber criminals are obtaining access
to personal data, via data breaches,
and using personal information to gain
a customer’s trust in scams or
takeover their account.
Digital transformation is changing
fraud typologies. To respond banks
need to be agile to update their fraud
risk frameworks, hone technology &
look to next gen prevention &
detection solutions.
Capital One, 106
million people in
2019
First American Corporation,
885 million records in 2019
Canva, 140 million
user accounts in 2019
Mobile TeleSystems, 100
million accounts in 2019
Equifax, 148 million
people in September 2017
Chinese Huanzhu Hotels
Group 500 million records in
August 2018
Facebook 50 million
accounts in September 2018
Marriot International
500 million records in
December 2018
Customer data/records now in public domain
Sources: Several, including Global Banking Fraud Survey, KPMG International 2019
Cyber Threats - Global Landscape
8© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Nigeria.
Digital Business Value Stream
Sell MakeInnovate Research MarketDevelop Deliver Care
Digital business functions, services and platforms
Enterprise management and support functions
Core Cyber Security Capabilities
Cyber risk and
threat intelligence(business and all technologies)
Secure
by design(IoT, cloud, apps, devops, IT)
Continuous business aligned Improvement
DevOpsTech
event monitoring (consolidated, weak signals)
Cyber emergency
response(automation, permanent, integrated)
Enterprise Digital Security
Ensure SEA / CIA of
data and analytics
Priority on strategic and
critical business functions
Cyber risks and threats to
board and executives
Advisory, awareness and
competences
Joint innovation and
development with business
End-to-End (Proactive, Detective and Reactive) Digital Security
Enable business innovation, automation, speed and agility1
Ensure integrated cyber security services2
Resiliency and
response plans(simulations, rehearsed, tested)
Next gen operating modelManaging Cyber risk in Digital Banking
9© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Nigeria.
Next gen operating modelManaging Cyber risk in Digital Banking
Deliver value by innovating and embracing disruption
Innovate to Grow
• Joint technology innovation,
partnering with business and IT
• Create a culture that pushes
beyond its comfort zone
• Invest in experimentation
Embrace Disruption
• Turnover security attitude
• Drive Speed, Ease and Agility
(SEA)
• Welcome disruptive technology
platforms with curiosity
• Continually renew skills
Enable Agility
• Adopt continuous delivery to deliver
security at the speed of business
• Respond rapidly to market dynamics
• Understand the risks and
opportunities of expansions, mergers,
acquisitions and divestitures quickly
Streamline for Performance with Cost
• Simplify and rationalize security
capabilities
• Build security capabilities for
integration and sharing
Optimize Through Insights
• Understand the risks and value of
security
• Use analytics, predictive
modeling and visualization in
monitoring to develop insights
that drive action in emergency
response
Protect the Enterprise
• Proactively protect business by
nonintrusive and agile safeguards
• Ensure the continuity of the
business against cyber threats
• Minimize the impact of disruption
Streamline
Enable
© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Nigeria.
10
10© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All
rights reserved. Printed in Nigeria.
The insider threat can be as
great, if not greater than
external fraud as they are privy
to your systems and customer
data.
Banks must enhance their
ability to analyse data
within an open banking
environment and navigate
through APIs.
Lead digital innovation with
security as an enabler
Technology alone is not enough. It is
important to plan outside of
technology to obtain efficiency and
optimum performance across
governance/people and processes.
ConclusionFraudsters are becoming more
sophisticated and agile in their
approach to diversify their efforts
from social engineering/ account
takeovers to scams where
customers are the weak link.
Final Words
Thank [email protected]