Cybersecurity Threat to Digital Banking: A Global Perspectivesummit.inlaks.com/wp-content/uploads/2019/11/Cybersecurity-Threa… · Challenges facing banks globally in managing cyber/fraud

Cybersecurity Threat to Digital Banking: A Global PerspectiveOctober 2019

© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.

Printed in Nigeria.

Outline

kpmg

Introduction – Key themes in digital banking

Cyber Threats - Global Landscape

Managing Cyber risk in Digital Banking

Final Words

© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Nigeria.

3

Document Classification: KPMG Confidential

3

Internet in 60s

Source: Digital Around The World in 2019 (We are Social)



4

4© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All

rights reserved. Printed in Nigeria.

Key themes in digital banking

KEY THEMES IN

DIGITAL BANKING

04Evolving customer

experience

03 Omni enterprise

05 Journey to the

Cloud

06 Internet of

things 02Continuous delivery

07 Demographic

shift01Digital labour


Cloud

API

Artificial

Intelligence

UI/ UX


55

Digital products

e.g. Banking AppsOnline

marketing

Digitized Customer

Service

Digitized Customer

onboarding

Traditional risk

management

frameworks cannot

effectively support the

new array of risks that

come with digital

advancements

RISK

CustomerCustomer

• Digitization

comes with

numerous

opportunities, but

it also comes with

risks that need to

be managed.

• There is an

increased drive

for digitization.

• However, this

drive is not

adequately

matched with

commensurate

investments in

risk management.

“Disproportion between digitization

of risk and digitization of front-end”

Increasingly digital front-end

Drive for Digitization and Inherent RiskIntroduction – Key themes in digital banking


6© 2019 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Nigeria.

6

AMERICAS

1. Cyber and data breaches

2. Faster payments

3. Open Banking (equal third)

4. Evolving digital channels (equal third)

5. Virtual currencies (equal third)

EMA


2. Faster payments

3. Evolving digital channels

4. Payments Services Directive 2 (PSD2)

/ Open banking

5. Social engineering

ASIA PACIFIC


2. Social engineering

3. Faster payments

4. Evolving digital channels

5. Open Banking

Source: Global Banking Fraud Survey, KPMG International 2019

2. Social

Engineering

3. Evolving digital

channel &

Faster payments

4. Open Banking1. Cyber and data

breaches

Challenges facing banks globally in managing cyber/fraud risk

5 Americas

25Europe, the Middle

East, Africa (EMA)

13Asia-Pacific

Scope:

KPMG’s Global Banking

survey was conducted

between November 2018

and February 2019 across

43 retail banks.

18 have annual revenues

in excess of US$10 billion

& 31 each employ more

than 10,000 people across

the globe.



7



Global Cyber & data breachesCyber criminals are obtaining access

to personal data, via data breaches,

and using personal information to gain

a customer’s trust in scams or

takeover their account.

Digital transformation is changing

fraud typologies. To respond banks

need to be agile to update their fraud

risk frameworks, hone technology &

look to next gen prevention &

detection solutions.

Capital One, 106

million people in

2019

First American Corporation,

885 million records in 2019

Canva, 140 million

user accounts in 2019

Mobile TeleSystems, 100

million accounts in 2019

Equifax, 148 million

people in September 2017

Chinese Huanzhu Hotels

Group 500 million records in

August 2018

Facebook 50 million

accounts in September 2018

Marriot International

500 million records in

December 2018

Customer data/records now in public domain

Sources: Several, including Global Banking Fraud Survey, KPMG International 2019



Digital Business Value Stream

Sell MakeInnovate Research MarketDevelop Deliver Care

Digital business functions, services and platforms

Enterprise management and support functions

Core Cyber Security Capabilities

Cyber risk and

threat intelligence(business and all technologies)

Secure

by design(IoT, cloud, apps, devops, IT)

Continuous business aligned Improvement

DevOpsTech

event monitoring (consolidated, weak signals)

Cyber emergency

response(automation, permanent, integrated)

Enterprise Digital Security

Ensure SEA / CIA of

data and analytics

Priority on strategic and

critical business functions

Cyber risks and threats to

board and executives

Advisory, awareness and

competences

Joint innovation and

development with business

End-to-End (Proactive, Detective and Reactive) Digital Security

Enable business innovation, automation, speed and agility1

Ensure integrated cyber security services2

Resiliency and

response plans(simulations, rehearsed, tested)

Next gen operating modelManaging Cyber risk in Digital Banking


Next gen operating modelManaging Cyber risk in Digital Banking

Deliver value by innovating and embracing disruption

Innovate to Grow

• Joint technology innovation,

partnering with business and IT

• Create a culture that pushes

beyond its comfort zone

• Invest in experimentation

Embrace Disruption

• Turnover security attitude

• Drive Speed, Ease and Agility

(SEA)

• Welcome disruptive technology

platforms with curiosity

• Continually renew skills

Enable Agility

• Adopt continuous delivery to deliver

security at the speed of business

• Respond rapidly to market dynamics

• Understand the risks and

opportunities of expansions, mergers,

acquisitions and divestitures quickly

Streamline for Performance with Cost

• Simplify and rationalize security

capabilities

• Build security capabilities for

integration and sharing

Optimize Through Insights

• Understand the risks and value of

security

• Use analytics, predictive

modeling and visualization in

monitoring to develop insights

that drive action in emergency

response

Protect the Enterprise

• Proactively protect business by

nonintrusive and agile safeguards

• Ensure the continuity of the

business against cyber threats

• Minimize the impact of disruption

Streamline

Enable


10



The insider threat can be as

great, if not greater than

external fraud as they are privy

to your systems and customer

data.

Banks must enhance their

ability to analyse data

within an open banking

environment and navigate

through APIs.

Lead digital innovation with

security as an enabler

Technology alone is not enough. It is

important to plan outside of

technology to obtain efficiency and

optimum performance across

governance/people and processes.

ConclusionFraudsters are becoming more

sophisticated and agile in their

approach to diversify their efforts

from social engineering/ account

takeovers to scams where

customers are the weak link.

Final Words

Thank [email protected]

Documents

Cybersecurity Threat to Digital Banking: A Global Perspectivesummit.inlaks.com/wp-content/uploads/2019/11/Cybersecurity-Threa… · Challenges facing banks globally in managing cyber/fraud