07 Jan, 2022
Digital transformation and high-tech applications are currently not the sole tales of enterprises, but all people. The rapid development of technology and the heavy influence of the Covid-19 pandemic made us deeply aware of the importance of digital transformation in the Industry 4.0 era. Daily necessities such as food supply chains, means of transportation, payments and financial transactions, educational activities, government operations, even resource extraction are being increasingly dependent on digital technology. This, however, places us at constant risk of being a target of cybercriminals.
The current state of cybercrime
Cyber threats have rapidly increased in sophistication over the past few years. According to the FBI's Cybercrime Report, since the start of the Covid-19 pandemic, cyberattacks have surged by more than 300%, and the cybercriminal’s associated costs have increased by more than 2,400% (WEF, 2020). The tendency is consistent with Google’s research when revealing that the company has prevented more than 18 million phishing attempts by putting Corona's name on malicious files or links (FBI, 2020). Moreover, Cybersecurity Ventures also find that cybercrime associated losses are estimated to exceed $6 trillion in 2021 and $10.5 trillion in 2025, compared with just $3 trillion in 2015. This figure is equivalent to the world's third-largest economy by nominal GDP, only after those of the US and China (Steve Morgan, 2021).
Bank and Financial sectors are prime target of cyberattacks
The Banking and Financial industry has attracted greater attention from cybercriminals than any other sector. In Keepersecurity's global report on Cybersecurity (2020), nearly 70% of financial institutions have been victims of cyberattacks. According to Insights' cybersecurity report (2021), more than 25% of malware attacks are directed at banks and financial institutions which is relatively more than any other industry. This is most likely from the specificity of the Banking and Financial industry when the business model, and the provision of products and services of the industry are dependent on digital technology.
The case of cybersecurity in Vietnamese Digital Banks
Vietnam is currently ranked 21st in the world in terms of phishing attacks with 673,743 attacks recorded in 2020. Only Thailand and Indonesia are ahead of Vietnam in terms of cyberattacks in Southeast Asia. According to a survey by the Vietnam Information Security Association, more than 50% of cyberattacks are aimed at banks and financial institutions. According to a report by the Department of Cybersecurity and High-Tech Crime Prevention, Ministry of Public Security, in 2020, banks lost nearly 100 billion Dong from 4,000 cyber-attacks, including a bank suffering loss of up to 44 billion Dong.
In recent years, Vietnamese commercial banks have advanced the digital transformation process. The goal of this process is to improve the efficiency of banking operations, increase customer experience, and especially facilitate customers in using modern banking services. However, there are cybersecurity issues that go hand in hand with the digital transformation movement. Typically, the banking data system is breached to steal data or to perform acts that damage the assets of the bank and customers. Attacks targeting banking customers such as defrauding their accounts, impersonating bank employees, or sending fake bank links, and websites impersonating a bank to defraud customers are also becoming more widespread. Therefore, it can be seen that digital banking activities in Vietnam are facing a very high cybersecurity risk because all three actors involved in digital banking activities including banks, partners, and customers are becoming all potential targets for cybercriminals.
Cybersecurity plays a key role in the current shift towards digitization in the banking industry
Proposed solutions to limit cybersecurity risks in digital banking activities
To address these problems, the scholars suggest three categories of solutions centered on Process, Technology, and People. In particular, the Process-related solutions will focus on detailing the steps in cybersecurity risk management together with detailed instructions to help banks identify and assess threats, and thereby having active plans to prevent cybersecurity breaches and especially creating effective incident response plans. Meanwhile, the Technology-related solutions are built on the basis of combining modern cybersecurity tools and techniques. Two technologies, including "Artificial Intelligence" and "Security Orchestration, Automation and Response" are proposed since these are the two types of technology that are appreciated by banks around the world for their effectiveness in technology investment strategies to reduce cybersecurity risks (Accenture Security, 2020). Despite its potential benefits to ensure bank network security, Blockchain should be used with caution. Many reports have recently shown that there are still numerous unknown hazards associated with this technology. For the HR solutions, we suggest a proactive approach to raising awareness and fostering a cybersecurity culture throughout banks. In addition, recommendations to the Government and the State Bank on issues related to the legal corridor and the development of a national cyber security strategy are also focused.
The last proposed solution is to limit cybersecurity risks for a comprehensive digital banking model. The construction of a fully digital bank is the path of digital transformation that Vietnamese banks are aiming towards, even though it is not yet permitted in Vietnam. Based on the case of the C6 digital bank in Brazil (Keri Pearlson et al., 2020), we, therefore propose a comprehensive digital banking cybersecurity strategy on the basis of five main groups, such as defense team, technical team, administration team, application security team, and cybersecurity culture team. Furthermore, cybersecurity risks can be also mitigated with the use of a three-layer risk control model. In particular, the first layer is related to operating procedures whereas the middle layer is related to risk control and ensuring compliance with security principles, and the final layer is related to internal control.
Cybersecurity is also a major concern for banking customers. We propose some general advice for banking customers to protect themselves against cybercrimes including keeping personal information as safe as possible when using banking services via electronic devices (using anti-virus software, firewalls on network-connected devices), beware of unscrupulous websites, fraudulent emails and messages, even phishing attempts to obtain customers’ personal information through attachments or embedded links), using different, strong passwords for different accounts (personal information should not be used to set as a password).
To sum up, cybersecurity risk is one of the vital issues in the digital transformation process of the current Vietnamese banking system. To mitigate this risk, banks must apply synchronized solutions that include top security technologies and the development of an effective cybersecurity risk management process as well as a strategy for fostering a cybersecurity culture.
See the full research article Cybersecurity risks in digital banking: The case of Vietnam here. Authors: Dr. Thuy Chung Phan, Dr. Hien Thu Phan, Ph.D Student Anh Ngoc Quang Huynh (School of Banking, UEH Business School).
This is an article in the series of articles spreading research and applied knowledge from UEH with the message for the period 2022 "Research Contribution For All", UEH cordially invites readers to read the newsletter. DIGITAL ECONOMIC knowledge news #25 “Improving online customer experience in the hospitality industry”.
Script, pictures: Authors, Marketing - Communication Department UEH