● In a FICO survey, three in four senior fraud managers at banks in Asia Pacific said they will stop doing business with suppliers that fail cybersecurity audits.
● Four in ten respondents from the survey said they currently conduct supplier audits, however this is expected to rise in the next year.
● Large retailers were nominated as the greatest data breach risk (84%) in 2017, withtelecommunications companies ranking second (70%).
● Half of respondents reported their cybersecurity budget increased at least 10 to 25 percent over the last twelve months.
Asia Pacific (APAC) banks are stepping up in the cybersecurity arms race as hacking operations get bigger and bolder. A recent poll by FICO found that banks across region intend to stop doing business with suppliers that fail cybersecurity audits.
Three in four senior fraud managers surveyed said that they would be concerned enough to stop working with a partner, while another 16 percent said they weren’t sure if they would continue working with them. Only 8 percent of fraud managers said they would definitely continue doing business.
While the auditing of business partners and their security capabilities is a relatively new practice, four in ten respondents confirmed they were already actively engaged in the process.
“We expect cybersecurity audits to become commonplace in 2017,” said Dan McConaghy, president for FICO Asia-Pacific. “High profile fraud cases, such as the Bangladesh Bank heist where USD$81 million was stolen, illustrate the importance of banks running audits on their own networks as well as those of their partners.”
The heist involved altering SWIFT (Society for Worldwide Interbank Financial Telecommunication) software to hide evidence of fraudulent transfers. “Lazarus”, the North Korean hacking group that has been linked to the heist, has been connected to attacks on banks in 18 countries, including commercial banks in Ecuador, Vietnam and the Philippines.
McConaghy added: “However, due to the complex ecosystem of relationships with other businesses that banks have we are seeing the audit tools evolve. While formal audits remain important, they can be lengthy, intrusive, and expensive.”
“They also only offer a snapshot of the cybersecurity picture for a moment in time. We are seeing a need for monitoring tools that allow for ongoing assessment between these audits to strengthen the IT ecosystem and make a substantial impact on the cyber breach problem,” he said.
In October 2016, FICO announced the launch of its FICO Enterprise Security Score, a cybersecurity risk rating that subscribers can use to evaluate the risk of their own network and their business partners’.
“The score was created by analyzing networks that have been victimized by a cyber-attack,” explained McConaghy. “This allows FICO to understand the conditions and behaviors that are precursors to impactful security events. Company networks can then be measured against the indicators that are most predictive of an increase to the likelihood of a material data breach.”
FICO’s poll revealed that bankers nominated large retailers as the greatest data breach risk (84%) in 2017, with telecommunications companies ranking second (70%). These numbers were up significantly on last year’s poll, showing some consensus on which industries remain the largest targets for cybercriminals.
“E-commerce has created low hanging fruit in the form of vast stores of unprotected sensitive personal data that can be used to steal identities,” explained McConaghy. “In Asia Pacific the problem is compounded by the huge growth in sales, poorly protected companies and a lack of disclosure.”
Respondents to the survey were anxious to prevent cybercrime at their banking institutions, with 65 percent saying that it will be their key focus in 2017. The biggest obstacle identified by the fraud executives in fighting cybercrime was that siloed operations prevented the flow of information and worked against a coordinated response.
Nearly half of respondents identified cybercrime as having the largest potential financial impact on their organisations, and said they had already increased their cybersecurity budget at least 10 to 25 percent over the last 12 months.
“APAC banks want to ensure that the digital economy will continue to thrive,” said McConaghy. “FICO is bringing its proven self-learning analytics from payment card security over to protect the enterprise from unknown breaches in real time. In addition to protecting themselves, we’ll see more banks initiate cybersecurity audits, and as they become more selective avoiding to do business with vendors and suppliers that return ‘fail scores’ on cybersecurity.”
The survey was conducted at the annual FICO Asia Pacific Fraud Forum held in Cebu, the Philippines. A total of 37 executives from financial institutions across the region participated in the survey.