Managing cyber threats to banking

Noor Islamic Bank takes a holistic approach to cyber crime risks, to better handle the changing threat landscape, and to create a robust defence to the increasing volume of hacking attacks facing the region’s financial sector

Tags: Cyber crimeFinanceNoor Islamic BankUnited Arab Emirates
  • E-Mail
Managing cyber threats to banking Swarup: Managing the risks of cyber attacks requires a multi-faceted approach.
By  Mark Sutton Published  May 16, 2013

Noor Islamic Bank takes a holistic approach to cyber crime risks, to better handle the changing threat landscape, and to create a robust defence to the increasing volume of hacking attacks facing the region’s financial sector.

The financial industry is at the forefront of the battle against cybercrime — in the UAE, banking was the most targeted sector, accounting for 35% of hacking attacks, according to the Ministry of Interior. To defend against the cyber threats, banks and other financial services institutions rely not just on technology solutions, but also on wider disciplines of risk management.

Narendra Swarup, chief risk officer, at Noor Islamic Bank, explained his role with the bank: “I am in charge of almost all of the risks that are taken in our day to day business. These risks include credit risk; market risk and operations risk, all the day-to-day operations — are the branches secure, are our staff well educated on the procedures that have to be followed, are our policies robust enough, and are our IT systems good enough?”

While the bank’s IT function is a separate department, Swarup said, IT governance and IT security is an integral part of operations so the risk element is his responsibility. Since founding in 2008, the bank has expanded to cater to corporates, SMEs and individuals. As a relatively new entity, building the name of the bank, and customer trust, adds an element of reputational risk, which also has to be managed.

Growing the profile of the bank has also attracted the attention of cybercriminals. At GITEX 2012, the company conducted a publicity campaign on its vision of the future of banking, leading to a spike in direct attacks on the bank’s systems and increased phishing attempts on customers.

“The bigger you are, the more prominent you are, the more visible you are, the more you are prone to these kinds of attacks. There is a price one has to pay for being successful,” Swarup said, although the bank has been able to block any attacks against it so far. “Though there have been attacks on our system from time to time, none of our clients have lost money, and that is something we are very proud of.”

Extending services to new platforms, such as mobile, does open up new areas of risk, Swarup said, but the bank prides itself on innovation, and meeting customer needs, so the challenge is in providing mobile services without compromising its defences.

In terms of practices, the bank has s procedures in place that are implemented as soon as an attack comes to light, with various means both internal and external to monitor and detect suspicious activity, along with an action team, which is permanently on call.
The bank is also aware of the risks of the client’s IT being hacked, which could then provide a route into the bank’s systems, so it focuses on educating customers with campaigns on general awareness and to highlight specific threats.

“We have a responsibility to educate our clients, by regular communication to them. The innovations that keep happening in these cyber attacks is huge,” Swarup said. “The challenges will continue to be there, the innovations will continue to happen, and the banks will have to be vigilant all the time.”

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code