Cyber security has recently become a pressing issue for the global financial sector. With huge data heists of BFIs occurring across the world on an epic scale, IT and software companies along with BFIs have taken steps to minimise the threat from cyber criminals looking to steal money and valuable business data. Despite the fact that large scale data theft and network intrusions have not happened in Nepal as of now, the Nepali BFI sector is increasingly becoming vulnerable to cyber security risks as more and more people use e-banking to do business. In this context, US software giant Microsoft in association with Nepal Bankers’ Association recently held an interaction programme in Kathmandu focusing on employing techniques to minimise the threats posed by potential cyber criminals. 

Astrid S. Tuminez, Regional Director Corporate, External and Legal Affairs for Microsoft South East Asia was the main speaker at the programme. Tuminez has been with Microsoft since 2012. New Business Age caught up with Tuminez to talk about the rise in cyber-crime in the digitalised world and the importance of leveraging cloud computing for data security in BFIs. Excerpts:

How are the cyber security threats affecting the financial sector? 
As we all are connected through devices, cyber security is a critical issue for governments, businesses and individuals at present. The customers of BFIs want easier access to their accounts and faster solutions through mobile devices. It is up to the banking sector to ensure security to their customers. Since the financial sector is run with a lot of money, it has become a target for cyber criminals. So, when we talk about cyber crime along with that, we have to talk about cyber security.  

Would you share some recent examples of data breaches globally?
Yahoo, for instance, has faced one of the biggest breaches with data hackers swiping information of around one billion accounts.  This has affected the USD 4 billion deal of Yahoo with Verizon Communications. 

According to a report by the research firm McKinsey, over 550 million individuals become victims of cyber attacks globally every year. In 2015, the company reported a 500 percent increase in attempts to cyber hack on an annual basis.  Similarly, in another survey, 71 percent of companies reported that they were hacked and eight of these top breaches resulted in 160 million data records being compromised. McKinsey also reports that around USD three trillion worth in economic value is destroyed every year due to cyber attacks. You can see all around that the pressure is increasing and the attacks are becoming more frequent, powerful and sophisticated. 

What are the typical threats and emerging security related issues to the financial sector?
In the financial sector, most of the threats are related to infiltration of networks of banks in particular in order to steal money. Recently, in June 2016, a big breach happened at the network of the Central Bank of Bangladesh. The criminals wanted to steal about USD one billion. However, they got away with only USD 81 million that was sent through a bank in the Philippines. 

How vigilant and vulnerable do you think the Nepali financial sector is from cyber-attacks?
I found that there is a very high circulation of malwares in Nepal. Malware is malicious software that comes with pirated software and CDs. You can get malwares when you click fraudulent websites, open spam mails, or when you buy brand new devices that have come from insecure supply chains. 

Another problem is the absence of cyber security laws for banking services. Policies governing the cyber security of banking and the use of cloud computing services are essential in today’s context. Due to the absence of such policies, many cases go unreported.

What measures can be employed to curb and minimise these threats?
There are technical solutions to minimise the cyber crimes. The most important thing is maintaining the cyber hygiene. Buying pirated software makes your devices vulnerable to malwares. So, buying original software is the way you can ensure safety. 

Policy reform is another necessary step. A country can minimise the proliferation of pirated software by having stronger measures to respect the intellectual property. Bringing stringent cyber laws for the financial sector and collaborating with companies like Microsoft will definitely help in minimising the tremendous amount of data threats. We have a billion devices that are using Microsoft products at present.  We can look at the ecosystem, see the old threats and current threats and share the necessary information with government as well as customers. For BFIs, we can carry out ‘forensic reports'. Here, if you approach us, we can look into your systems and detect and identify the rate and cause of infections. We must train people for cyber forensics. 

Public private partnership can also be helpful in this regard. Microsoft can sign government security programmes with regulators and share threats and intelligence data with the authorities. For the Nepali financial sector it is very important to make significant investment in ICT infrastructures of BFIs so that 15 years from now, the banks will be stronger and can delight their customers by creating strong and secure in-house systems. 

Meanwhile, using cloud computing services can also ensure security. The data shows that the cloud gives us greater data availability and resilience. The best cloud service providers invest billions of dollars in a year just for security. They use machine learning, partnering with researchers and law enforcers to ensure that the security is provided constantly. Cloud services keep their data centres guarded from environmental threats and manmade threats 24 hours a day for enhanced security. So, rather than keeping all of it to yourself, you can outsource it to a very reliable provider that invests enormous amounts of money and time just for the security of data. 

The critical action that needs to be done is to make it more difficult for cyber criminals to perpetrate what they do.  If you get breached or hacked in anyway, you have to detect it early by having good cyber security knowledge. 

Nepal lacks adequate cybercrime legislation to tackle the impending threats. What are your suggestions?
Rather than reinventing the laws, it is important to look at what other countries are doing in terms of data protection. At present, there are good international information security management standards such as ISO 27001 and ISO 27018. The regulations and legislations should also be clarified.  For banks, it is good to leverage cloud services to enhance their security. Regulators must be clear that there is no obstruction to that and banks can go ahead. They may have a check list for the kind of service provider that they need that focuses on privacy, security, compliance to loss. The provider should also focus on transparency so that people will know where their data is and what is being done to their data as they should be the ones having control of their data.  

Proper cyber security framework allows people from all walks of life to benefit from all digital connectivity devices. People will use technology only if they trust it. If there is no trust among citizens, the concept of e-government, e-commerce, and e-learning will not create any transformation in the society.  So, the government has to develop their own expertise. For this, it is important to bring such citizens in the government who understand the nature of cyber security and who can create an appropriate cyber security framework to help the nation transform digitally. 

How is Microsoft looking to support this?
One of our outreach programmes is to increase awareness about cyber security.  This programme in which we are meeting regulators and executives from the BFIs is one of our efforts towards creating awareness of cyber security to the critical group of people whose own professional and business interests are in stake.

With increasing penetration of the cloud, we are also educating people about cloud computing which is powering the way we live, work and play today. We have also brought out some productive tools like Office 365 as a secure platform for improving the productivity routine of businesses as well as individuals. We, at Microsoft believe that Nepal should be able to take advantage of innovations in technology just like other countries.