The Banking Executive Magazine, Issue 154, October 2021

Windows 11 • Incident Response Readiness – What you need to know & prepare • Service Oriented Security and Shift to Proactive Intelligence Response • Threat Intelligence & Monitoring – Collaboration & Oversight • Third party security risk manage- ment – Finding a partner you can trust • Cyber Threats • Today’s Cyber Attacks: Evolution of the Threat Landscape and Fore- casts • Malware Extended Detection and Response • Accelerating your Zero Trust Jour- ney • Digital Transformation and API threats and Controls • Dark Web Threat Hunting • Cyber Security according to inter- national security standards and framework. With the above list of key cybersecu- rity topics in mind, it is obvious that Windows 11 can partially meet banks and financial institutions cy- bersecurity concerns. A robust cyber- security program and strategy should be devised in order to leverage Win- dows Cybersecurity features. Banks and financial institutions need to buy new PCs for Windows 11. A consid- erable budget has to be set for the transition. RECOMMENDATIONS FOR SOUND CYBERSECURITY PROGRAM AND STRATEGY Cybersecurity in digital banking is something that cannot be compro- mised with. With the growth in the digitalization. The banking industry, it has become more prone to attacks from cybercriminals. The banking sector ongoing digital transformation has caused potential cybersecurity attacks to grow, exposing organiza- tions to increased levels of cyber threats. As more businesses adopt digital banking solutions, having an effective cybersecurity program and strategy is becoming increasingly im- portant. A key component to the success of cybersecurity programs is having an understanding of which threat trends pose the greatest risk to banks and fi- nancial institutions. Understanding the latest threat trends will help in building more informed security strategies that accurately assess the organization’s cyberhealth. By adopt- ing programs that effectively monitor the security exposure, banking insti- tution will be able to embrace digital transformation without compromis- ing security or compliance. Below are recommendations for sound cybersecurity strategy and program in banks and financial insti- tutions: • Developing a data protection strategy: Due to the high value of financial data, cybercriminals are increas- ingly targeting customer banking credentials when carrying out at- tacks. As more banks implement mobile banking applications, new vulnerabilities for cybercriminals to target are introduced to the net- work. Banking apps can be ex- ploited from the client-side or the server-side, making them difficult to secure. This means that banks must be able to ensure that sensi- tive data is secure when it is being accessed from a customer device as well as when it is stored on bank servers. • Control of operation with third party vendors: Cybercriminals attempt to target bank’s third-party vendors. Ven- dors have access to critical bank- ing data but often lack stringent security policies, making them a prime target for threat actors. As banks increase their reliance on third-parties, it is important to con- tinuously monitor cybersecurity. Proper vendor due diligence can save financial organizations from reputational damage and financial loss. • Establishing security protocols: These protocols should comply with extant cybersecurity regula- tory frameworks and protect sys- tems, devices, and applications. • Adopting Multi-factor authentication: Multi-factor authentication (MFA) is an authentication method in which access is only granted once a user presents two or more login credentials. Login credentials can include passwords, pins, or finger- prints. • Undertaking regular cyber risk assessment: Performing a cyber risk assessment helps organizations identify and manage vulnerabilities within their network environment • Having cyber insurance: Cyber insurance helps ensure that businesses are financially pro- tected in the event of a data breach, making it an important component of a cybersecurity strat- egy. • Employee training: For security programs to be effec- tive, it is essential to train employ- ees on cybersecurity best practices. Employee training can also help to minimize the impact of a data breach. When employees are trained to use cybersecurity sys- tems properly, they can actively identify exploitable vulnerabilities in systems and make sure they are addressed. REFERENCES Windows 11 Security Guide and Book: Powerful security from chip to cloud, securityscorecard blog, sqn banking systems, enterslice, consul- tancy middle east, The Union of Arab Banks First Arab Banking Forum For Cybersecurity, KPMG Saudi Arabia. the BANKING EXECUTIVE 38 ISSUE 154 OCTOBER 2021