13 Oct Interview: Coping with the new normal
Security Middle East speaks to Illyas Kooliyankal, chief information security officer of ADIB – the UAE’s leading Islamic retail bank about the how the bank has dealt with the security challenges caused by the current pandemic
- What were the challenges that you faced during Covid? And did cybercrime spike in numbers?
It must come as no big surprise to viewers that cybercrime spiked during the lock-down. If anything, the COVID pandemic has acted as an accelerator. Phishing attempts rose 600% from the start of March and 80% of firms have seen an increase in cyber-attacks. There are numerous contributing factors.
Let me take you through these:
Firstly, phishing attacks had customised messages specifically on the pandemic.
Secondly, due to working from home and the adoption of various digital platforms, there was more for fraudsters to attack.
Thirdly, in the same vain, more individuals logged on to the internet/wifi as a result of e-learning, working from home, which led to an increase in attacks.
Fourthly, individuals access more data than at home giving potential opportunities for misuse by fraudsters.
And lastly, individuals using open public wifi with no security was just an invitation for fraudsters to attack them. It was a very, very challenging time for each and everyone of us who have been trying to thwart cybercriminals.
- Were banking customers a target for fraudsters?
Everyone was a target, including banking customers, who are always fraudsters number one target regardless of a pandemic or not. That said, there was a 230% rise in attacks on financial institutions/banks attributed to the pandemic as cybercriminals were quick to adapt well-known schemes by leveraging emotions such as fear and confusion during the pandemic.
- What did you do as a bank to protect your customers?
It is worth reiterating that as a bank, we have always strived to implement the very best cyber-security solutions and processes in our environment, but it doesn’t stop criminals trying. We continuously review and improve our security controls to ensure that any latest threats can be detected or prevented. We also executed massive staff & customer focused cyber security awareness campaigns in collaboration with Visa, Dubai Police, Abu Dhabi Police and the UAE Bank Federation. This was done through newspapers, social media channels, SMS and email alerts.
- Was a challenge for your team and security when staff were working remotely?
It was a particularly a huge challenge to securely manage staff working remotely. Suddenly we have thousands and thousands of staff working from home and we needed to ensure that all this access is protected and have the right software to ensure that our bank networks are secure from any cyber-attacks. We had to transition quickly considering the business continuity requirements and specific controls were designed and implemented on an urgent basis to ensure that business operations ran smoothly, and security was not compromised.
- What were the challenges faced?
There were quite a few challenges and without boring you, here are a few:
Firstly, the need to compensate the absence of physical security controls, while WFH
Second, protecting the bank against the risk of internal and external fraud;
Third, mitigating any business disruption;
And finally, minimising the risk of a possible of data leakage.
- How did you overcome it?
We were able to overcome these challenges through various means. Initially, we introduced a new secure set of collaboration tools to increase business productivity without compromising information security. Furthermore, we enhanced technical, procedural and security awareness controls, increasing the portfolio of secure remote connectivity services to cater to different kinds of users. Finally, we leveraged various technologies by moving from on-premises tools to cloud based technologies and we ensure to choose the one with inherent security controls and better governance.
- How are you ensuring that your online and digital service is secured?
To ensure that our online and digital service is secure enough, we have focused in increasing our monitoring capabilities and coverage; as well as implementing additional layers and types of controls to support this new setup. Aggressively adopting cloud and remote access services is the final step to ensure that our systems and data is protected.
- What are the priorities for the future?
There is a long list of priorities for us going forward. Presently, its on confirming that tighter security measures and controls are in place; ensuring staff are fully aware of our work-from-home policies and their responsibility to practice secure working. We will continue to update our readiness plan to meet the current scenarios and future contingencies.
- Any other insights you want to share?
The most interesting insight for me is how the “new normal” has massively accelerated a move towards “all things cloud”. This was a consequence of working-from-home, where corporates are having to adapt their strategy whereby individuals want to remain at home for the foreseeable future. Cloud solutions have proven to be effective in providing faster and flexible solutions but at the same time we have proactively and in agile manner plan for additional layers of security. Going forward for better staff and customer experience organisations will be looking at more advanced technology solutions with inherent, but effective security.