Enhanced cybersecurity needed for financial services sector


Globally, the financial services sector was projected to have reached US$22.5 trillion (RM95.3 trillion) in 2021.

This was attributable to the constant growth in non-cash payments, given the rapid development of Internet or online banking and mobile apps that facilitate instant payments such as Alipay, Grab and Touch ‘n Go eWallet.

Given that global gross domestic product (GDP) is around US$94 trillion (RM398 trillion), this means that financial services make up 24% of global GDP, or roughly the size of the economy of the US.

This makes the industry a highly desirable one for cybercriminals, and for the same reason that their ‘old-school’ counterparts kept robbing banks – that’s where the money is.

But it’s more than just the money. Due to Know Your Customer (KYC) regulations, financial services institutions also collect and maintain a plethora of information associated with their customers. This information ranges from home addresses, phone numbers, email addresses and income or employment details – in other words, a dream come true for identity thieves and social engineering hackers.

It is no surprise that the financial services sector is one of the most highly attacked sectors by cybercriminals.

According to VMware, for instance, attacks against the sector increased globally by nearly 2.4 times in early 2020, with 80% of financial institutions reporting an increase in cyberattacks.

Nor is the threat simply from individuals or small groups – as far back as 2017, if not earlier, the threat posed by nation-states that had developed cyber warfare capabilities was already recognised. More recently, the US Federal Communications Commission banned the use of products from Kaspersky – ironically, a cybersecurity company itself – by organisations receiving telecommunications-related subsidies, citing it as ‘an unacceptable risk’.

How to deal with major cyber threats

According to CyberDB, some of the more common and major threats include malware (including ransomware), advanced persistent threat (APT) attacks, social engineering (especially phishing) and attacks via vendors that are less secure, or supply chain attacks.

Unfortunately for financial services institutions (FSIs), there is a global and persisting shortage of cybersecurity experts. Whether the US, India, or Australia, there is insufficient talent to meet the growing demands of cybersecurity across all organisations.

So, where in-house capabilities may fall short, FSIs in Malaysia may want to consider turning to local specialists for help, such as Celcom.

Celcom’s Cyber Threat solutions

Celcom offers an enterprise-class range of services via its strategic partnership with Telefónica Tech, which is a member of the Cyber Threat Alliance (CTA) and the Anti-Phishing Working Group (APWG). Celcom’s Cyber Threat solutions cover both Digital Risk Protection (DRP) and Celcom Vulnerability Risk Management (VRM), providing FSIs with reliable, world-class security.

DRP uses technology, tools and expertise to monitor data sources and identify threats against an FSI’s digital footprint. It covers the entire lifecycle of cyber threats, starting with a 24/7 team that monitors the open web, deep web and dark web in search of references and mentions to institutional assets.

Celcom’s platform analyses these mentions to provide its customers with actionable alerts in real-time, as well as browser and network blocking services. Threats are resolved via content removal and takedown, with added tech and admin support, while the customers’ IT teams can utilise Celcom’s web portal and essential tools to keep themselves apprised of the latest developments.

VRM identifies and remediates threats in enterprise systems through a combination of 24×7 automated scanning with both persistent as well as manual penetration testing by experts. After a Local Analyst plans and executes a scan, the results are analysed to determine the severity of the threat and the remediation required. 

This is followed by 24/7 notification and reporting via the Customer Portal. Organisations can then manage the vulnerabilities, while the service ensures that the appropriate measures have been taken and the detected vulnerabilities have been solved.​

Celcom’s Cyber Threat solutions are complemented by a ‘round-the-clock’ dedicated cyber operations team. Enterprises have direct contact with a Local Analyst with tailored-made deliverables based on their needs.

For businesses looking to find out how to stay protected from vicious cyberattacks, head over to their website.