No Sector Is Immune From Phishing Threats, Cybersecurity Experts Give This Advice For Banking Companies

Important advice to protect banking companies from phishing hazards (photo: Pixabay)

JAKARTA - Recent research by Kaspersky shows that almost half (47.08 percent) of phishing attempts in Indonesia target the financial sector.

Based on Kaspersky statistics, this year the banking sector and payment system in Indonesia faced the most phishing attempts during February, with 4.38 percent and 34.85 percent respectively.

On the other hand, online stores are also not spared from phishing attempts with the highest number occurring at 15.66 percent in April this year for Indonesia.

For enterprises, the most important method of protection is to always remember that cybersecurity should be a “living” strategy, and not a static platform. It will combine technology and effort, which will be constantly updated and improved.

Banks and service providers need to ensure a team of security (or security experts) that will be able to keep the cyber defense infrastructure up to date, and provide support in the event of a cyber attack.

“The success of phishing is largely determined by the low level of user awareness of how the entity that the fraudster is trying to imitate operates. Humans remain the weakest link in the chain," said Dony Koesmandarin, Territory Manager Indonesia at Kaspersky.

Both users and customers, remain a potential target for phishing attacks. For organizations, internal employees need new training and third-party services should also be comprehensively evaluated.

"Therefore, to eradicate this type of threat, it is very necessary to have qualified collaboration from all stakeholders," he added.

To that end, Kaspersky provides several more important steps for banking companies to consider:

Provide your staff with basic cybersecurity hygiene training. Do a simulated phishing attack to make sure they know how to tell the difference between phishing emails. Use protection solutions for endpoints and email servers with anti-phishing capabilities, to reduce the chances of infection via phishing emails. Consider leveraging a threat intelligence platform: Another key component to include is ensuring access to the latest IT security trends/threats also known as threat intelligence. Threat intelligence will provide actionable insights, and provide a bigger and more accurate picture of the digital bank's presence, to educate senior stakeholders about ongoing risks and vulnerabilities. This will empower them to make informed decisions about potential hazards, improve existing security processes to counter known threats and close any gaps in IT infrastructure in a sustainable manner. Ensure third-party vendor cybersecurity systems are also updated. Whether you are a bank, Government or private company, no one is immune from these security threats, and it is important for us to increase vigilance when it comes to cybersecurity. It doesn't matter how securely your third-party vendors inform the security of their systems, as the increasing supply chain attacks have shown us that taking responsibility for your own cybersecurity posture rather than leaving it in the hands of partners is important. As an entity that many cybercriminals imitate, implementing defense measures must go beyond just protecting the system. Banking and other financial entities need to take proactive action to remind customers not to fall victim to their impersonators through phishing attacks and other methods, even if it occurs outside of their systems.