Cyber Risk Management in Core Banking System
How risk-free is your financial environment?
The latent occurring of risk and its impact is reduced by Risk Management. Risk Management circumscribes the process of identification, analyzing, controlling & reviewing risks to the business. It is imperative for any business to respond to the risks and usually the response takes one of the embodiments such as Acceptance, Avoidance and Mitigation. Organizations that do not have a well-thought out Risk Management Strategy are exposed to financial & reputational losses.
Key pillars of Risk Management:
Assessment: The risks should be proactively assessed by leveraging techniques & controls like threat modeling.
Acceptance: Based on the risk-appetite of an organization informed decisions have to be made with regard to tolerance for risk exposure.
Strategy: A comprehensive strategy should be crafted for prevention & mitigation of risks.
Action: A set of suitable actions have to be performed as per the strategy.
Mitigation: Plans for responding to security breaches have to be established a priori.
The Banking sector and financial institutions are most conducive for various risks and threats. Typically, risks are from Cyber Criminals and vulnerable breaches.
A look at the magnitude of exposure in this sector: On an average, there is an attempted ransomware attack once every 11 seconds! Some of these attacks are resulting in millions of dollars of losses to the banks across the globe, every month.
Magnitude of the risk
Banks carry 91% of the Cyber risks while insurance companies carry 7%. Drilling deeper, among banks, retail banking carries 39% of the total risks and credit cards account for 25%. The associated data breaches could impose huge penalties on the institutions. For example, GDPR perpetrators could charge penalty of up to 4% of the worldwide enterprise revenue.
An Example:
One of the Big Banks in the Asia pacific wanted to reduce the overall cyber risks by having appropriate controls as part of the risk management strategy. Security experts at IGS crafted and implemented a world-class security solution encompassing threat modelling, SCA, SAST, DAST, VAPT, DevSecOps and so on. Also, they automated loan processing system end-to-end with effective security controls. This resulted in reduction of security risks by over 60% along with reduction of loan application processing time by about 75%.