The increasing reliance on IT systems in our world creates opportunities for innovation and enhanced productivity, but has the drawback of creating new structural weaknesses that can be exploited.
Banking industries we entrust our financial livelihoods with have shown a surprising lack of initiative in staying ahead of this trend. Cybersecurity practices have been well-established in the banking infrastructure, but the directors of these practices have been lax about maintaining and updating these standards.
Despite this, and the fact that IT security isn’t a top priority for banking organizations, the data reflects a growing awareness of the importance of cybersecurity practices.
According to Bank Director’s 2015 Risk Practices Survey, there was a 32 percent increase in the past year of banking professionals who cited cybersecurity as their top concern. Additionally, 79 percent claimed to have increased their cybersecurity budget for 2015 over what they paid the previous year.
However, less than 20 percent of respondents claimed to review their security plans during board meetings, with over half of banking risk committees not regularly reviewing their cybersecurity plans. A lack of security culture may be to blame for this trend, as bank-wide risk assessment is difficult to manage and disseminate across employees. Creating this culture was noted as a particular challenge by 43 percent of respondents, though the nature of cyber crime indicates this should be a primary consideration for banks wanting to maintain quality security standards.
Cybersecurity threats can come from sources external to the organization, such as hacking or use of programs that brute-force passwords. However, information leaks more commonly occur from inside the organization itself, in the form of misappropriation of privileged information or phishing scams that use deceit to manipulate employees with access to data.
Necessary Training for Success
Despite the lack of priority IT receives, more banks are working against this trend with the survey reporting that 62 percent of respondents provide regular board training on risk; 73 percent admit that they think their board needs additional training on emergent risk issues.
These statistics indicate that, while banking organizations may have a long way to go to address the concerns of cybersecurity, awareness is increasing. Awareness will translate into priority, turning into better infrastructure that is cost-efficient and effective for all parties involved.
Ms. Johnson, an expert in Project and Resource Management, is the Software Development Manager at iBridge. She brings 11 plus years of IT work experience and business intelligence to provide successful customer engagement of software development. Prior to working at iBridge, Johnson worked as a Senior Engineer for Hewlett Packard and Oracle, and a Hyperion Consultant for IBM and Google.
She is a product expert in enterprise contract management software solutions – diCarta/IBM Emptoris. As part of her previous engagements as a Hyperion Consultant, she made significant contributions to optimize and enhance a BI/Analytic solution for a major food, health and home retailer, LoBlaw, in Canada. She introduced performance tuning and optimization principles to the existing solution by leveraging Essbase cube partitioning techniques and re-writing some of the calculation logic to bring in significant performance improvements. Another significant engagement included automation and enhancement deliveries of a Hyperion analytical solution for a South African multinational brewing and beverage company (SABMiller) headquartered in London, England.
Ms. Johnson is a certified Essbase developer with a Master’s degree Computer Applications from Bangalore University. She has immense passion for travel, reading and working for social causes.