HONG KONG, China — With the ever-evolving digital landscape comes opportunities for business growth and reap the benefits operating in such an environment. However, this also provides added risks for these companies especially in the aspect of cybersecurity.
This threat is not new to financial institutions who work around the clock to ensure the protection of thousands of their client data.
In a Fireside Chat session at the Asian Financial Forum (AFF) on Wednesday, experts from the Hongkong and Shanghai Banking Corporation Limited (HSBC) and Amazon Web Services (AWS) discussed the cybersecurity challenges in their respective fields.
Most prominent threat
Todd Stewart, Regional Chief Information Security officer for HSBC Asia Pacific, provided insights from the bank's sophisticated threat intelligence monitoring program.
“Every year, we do an analysis of our biggest cyber threats. So for the last three years, ransomware has hit number one for three years. But what has changed is the methods that apply those tactics," he said.
Stewart cited an example of this adaptation by way of “sideloaded” applications or applications not downloaded from official platforms such as Apple’s AppStore or Google’s Play Store.
“In Singapore, we've had an issue with sideload apps where people are downloading their mobile banking applications from untrusted sources. And this actually has malware contained within it," he said.
He also shared that this phenomenon is also being observed in neighboring countries like Hong Kong.
Constant change
For his part, Nelson Chan, head of Banking Go-To-Market for Asia-Pacific and Japan at AWS, acknowledged that change, in whatever industry, is constant and inevitable.
He cited customers as a prime example of change as they continue to move towards digital services in their daily lives. But, Chan also pointed out that even those engaging in criminal or fraudulent activity are also changing and evolving to match the digitalization of the world.
"They've got different tools. They've got more and more tools that's easier to get their hands on those things," Chan said.
"And so they're evolving and proactively going up with money. No surprises there," he continued.
Given this, Chan said that financial services recognize that they need to keep up with the changing times.
He said that this does not mean merely using bits and pieces of available technology but rather an overall revamp and paradigm shift when it comes to how they conduct their operations.
“Are you safe?”
Due to the sensitive nature of financial services, the topic of security and data protection always take center stage when discussing the industry.
Stewart emphasized that being in financial services means that security will always be “job zero”.
“One of the questions I frequently get asked is, well, are you safe?” Stewart said.
The answer, he said, depends on the benchmark used to compare the level of safety.
“Around the world, there are different standards in cybersecurity. There's different accreditation, different certifications, it's different thresholds or benchmarks, whatever term you want to use, and you'll measure it against those standards.”
Stewart cited his experience of seeing top secret government machines just in a corner and left unplugged. While secure, he said that this is not ideal for everyone.
“[A] stand alone machine not plugged to the Internet doesn't let you run a business. Now, that's very secure, but it's not very helpful," the HSBC official said.
"So for the business that you're running, what's the standard of cybersecurity that you need? he asked.