*by Lucas Pereira
The financial market is recognized as one of those that invests the most in innovations to digitize its operations and the services offered to the population. With digital transformation advancing rapidly, the segment stands out for its ability to adapt quickly to meet its customers' changing behavior and evolving challenges. However, there is still one area in which financial institutions struggle to keep up with developments: cyber attacks. The rapid way in which hackers develop increasingly sophisticated initiatives is, on a daily basis, making more complex the way in which organizations need to prepare to reduce risks to both their digital environments and customers' data and finances.
Given this context, cybersecurity is among the largest investments in technology in the sector, according to the Febraban Banking Technology Survey 2023. The highlights of these contributions are especially in infrastructure, prevention of cyber threats, detection and responses to cyber incidents, in addition to management of identities and access. Cybersecurity is at the center of attention so that the segment can deal with the exponential increase in connectivity and dependence on devices and applications to access bank accounts and payments.
This complex ecosystem that is developing increasingly quickly, including the use of financial applications, remote payments and digital wallets, for example, opens up a range of opportunities to innovate in the market. However, they also provide cybercriminals with possibilities to exploit new attack surfaces.
The duality of innovations being used to improve people's lives and at the same time for harm makes financial cybersecurity intricate. For example, Artificial Intelligence is already used to prevent fraud and mitigate risks. At the same time, voice clones, deepfakes and highly realistic masks are used to imitate customers' voices or faces and bypass systems to access their financial data or carry out scams.
However, it is worth mentioning that attacks are not only caused by AI today. Cyberattacks against the Brazilian financial sector vary greatly. Phishing, ransomware and denial of service (DDoS) attacks are among the most common methods adopted by hackers. Social engineering, in which employee or customer trust is exploited to gain access to data, is also a growing threat. The diversity of possibilities requires a vigilant stance and measures to ensure ongoing security.
Taking a proactive approach to cyber risk mitigation is essential, including investing in advanced technologies with internationally recognized security standards. The implementation of robust firewalls, vulnerability analysis and software with constant updates are some of the mandatory initiatives to protect the sector.
The implementation of continuous monitoring technologies for early detection of suspicious activities, in addition to behavioral analysis and Artificial Intelligence algorithms, helps to identify irregularities that may not be noticed through more traditional solutions.
Another fundamental initiative is reinforcing user identification, adopting multiple authentication factors. Awareness of how social engineering works is also essential in defending against threats. It is possible to add another layer of security to interactions between customers and financial institutions by educating people about the most common types of attacks, such as pretexting, which involves using a made-up story to gain the victim's trust by facilitating access to data undue payments, installing malware or sending money to criminals. Aware users are much less susceptible to falling for scams, as they are better able to notice possible manipulation attempts.
Emblematic cases have already occurred in the sector and, today, the market needs to look at past mistakes so that they do not occur again. Cyber protection should not just be seen as a regulatory obligation, but as a strategic priority for business reputation and success. Trust is a valuable asset for any financial institution, and a security breach can result in loss of credibility, financial impact and even legal action. We know that the challenges are many, but with the right investment and commitment, financial institutions will be able to win this battle against hackers and keep their systems and their customers much safer.
*Lucas Pereira, Chief Technology Officer (CTO) at Blockbit
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies