17 Haziran 2019 Pazartesi

Siber Güvenlik

Security is a key aspect of digitalisation, with millions of dollars being spent on ensuring the cyber resilience of new products. As a constantly evolving process embedded into product development, cyber security is one of the key factors in ensuring smooth digitalisation.

HSBC’s Diane Reyes said: “Hundreds of millions if not billions of dollars are going towards cyber security,” emphasizing that safety-testing is a key component of product rollout.

As digitalisation becomes the norm, financial compliance standards developed by various stakeholders are becoming more stringent and it is common practice for banks such as HSBC to go beyond compliance to ensure security best practice in product rollout by including both mandatory and optional security components.

Technology such as biometrics, tokenisation, digital IDs and private cloud-based systems1 are introduced to ensure cyber security, which means that in real terms, the level of security checks that banks and payment gateways have for digital transactions are far higher than traditional banking practices. “We’ve invested in biometrics. In 2018, we rolled out facial identification in our digital product offering, in our channel offering, in 40 markets,” Reyes said.

However, optimal security is reliant on more than technology. Rahul Tyagi, Co-Founder, Lucideus, said: “Cyber resilience is reliant on proactively securing process, people and technology,” pointing out that human error or user behaviour is a crucial component of securing processes.

Secure processes include ensuring compliance with various types of protocols. Financial institutions comply with multiple regulatory and mandatory requirements instituted by various stakeholders. Payments Card Industry Data Security Standards (PCI DSS) are developed and employed to ensure security.

Tyagi recommended regular security audits as part of the process to keep transactions secure.

Keeping up with emerging security technology is the other key area. As newer technologies are introduced, organisations need to build them into their systems. Regular updates of software need to be made part of an internal process, Tyagi said.

However, it is seen that while payment security remains a step ahead of threats, human error can lead to breaches. Commonly encountered attempts at breaching corporate treasuries demonstrate the importance of cyber security drills and resilience to phishing phone calls and emails.

Nadya Hijazi, Global Head of Digital, Global Liquidity and Cash Management, HSBC, said that hackers tend to rely on the human factor rather than dealing with complex security technology. The most predominant form of hacking attacks is persuading key users to reply to an email seemingly from the CEO, sharing critical details. Targeted phishing attacks remain the number one concern of IT security decision makers2.

The importance of security drills cannot be overemphasised. Statistics show significant reduction in fraud and attempted attacks when organisations have include regular safety training on simple points such as not sharing OTPs, following security protocol while responding to emails, or sharing mobile devices.

Being truly cyber secure is a combination of compliance with best practice, updated technology and informed users.

1https://www.ey.com/Publication/vwLUAssets/EY-treasury-management-systems-overview-june-2018/$FILE/EY-treasury-management-systems-overview.pdf

2https://www.cyberark.com/resource/cyberark-global-advanced-threat-landscape-report-2018/

Burada yer alan bilgi herhangi bir ürün veya hizmetin yurt içinde veya yurt dışında satın alınması veya satılmasına ilişkin bir öneri veya teşvik değildir. Herhangi bir üründe işlem yapmak istemeniz durumunda yerel Satış Yöneticinizle iletişime geçiniz.

Burada bahsedilen ürün veya hizmetlerin kullanımı sınır ötesi kısıtlamaya tabi olabilir. Burada yer verilen bilgi hiçbir şekilde bu kısıtların analiz edilmesi sonucunda bir öneri getirilmesine yönelik olmayıp, sadece bilgi amaçlıdır. Tüm işlemler HSBC Bank A.Ş.’nin tabi olduğu yerel düzenlemelere uyumlu ve iş uygulama standartlarına bağlı kalınarak gerçekleştirilmektedir. Bu sayfada HSBC tarafından verilen bilgilerin hiçbiri, HSBC’nin Türkiye Cumhuriyeti’ndeki bankacılık hedefleri kapsamında yaptığı bir teklif anlamına gelmemekte, pazarlama faaliyeti ve satış dahil sınır ötesi bankacılık hizmeti sağlama amacıyla sunulmamaktadır.

HSBC Kurumsal Bankacılık ve Yatırım Bankacılığı web sitesinden ayrılıyorsunuz.

Açılacak sitenin politikaları kendi web sitemizin şart & koşullarından ve gizlilik politikasından farklıdır. Sonraki web sitesi yeni bir tarayıcı penceresi ya da sekmesinde açılacaktır.

HSBC Kurumsal Bankacılık web sitesinden ayrılıyorsunuz.

Farklı sitenin politikaları kendi web sitemizin şart ve koşullarından ve gizlilik politikasından farklıdır. Sıradaki web sitesi yeni bir tarayıcı penceresi ya da sekmesinde açılacaktır.