Banking Technology
The Caribbean Cybersecurity
Landscape: What Financial
Institutions Need to Know
Katharina Gerberding
Revolutionised by the digital era, banks today are more vulnerable than ever to cyber threats. While
there have been no recorded events of data theft in the Caribbean, there is plenty of evidence
that organisations of all shapes and sizes have been infiltrated at some level. “With over 50 financial
institutions in the Caribbean, it is only a matter of time until the first data breach occurs,” says the
author, in this article, which presents ten effective security habits to protect the financial institution.
T
oday’s cyber security threat landscape is becoming increasingly complex, and more and more
organisations are falling prey to cybercrime. With
data theft on the rise globally, hardly a day goes by without
another headline about how disruptive technologies place
information at risk for data leakage, credit card fraud, hacking and other security breaches.
It goes without saying that organisations processing or storing
the largest amounts of critical data, such as financial institutions
and governmental entities, are the targets and consequently
often the biggest victims of data theft. Examples include the
Central Bank of Bangladesh with a theft of US$81 million, the
First Bank Taiwan with an ATM malware heist of US$2 million,
the loss of account information at JP Morgan Chase affecting
76 million households and seven million small businesses, and
the leaking of thousands of client data for Invest Bank in the
United Arab Emirates by a hacker who threatened to leak the
information unless he was paid US$3 million.
“
T
he modern thief can
steal more with a
computer than with a gun1
”
New Vulnerabilities: The banking industry has been revolutionised by the digital era. Banks have become global financial
virtual super stores; offering online banking services that are
available 24 hours a day, 365 days a year. This level of electronic
customer access makes banks more vulnerable to cyber threats
and consequently forces them to find effective solutions to protect their financial assets. Cybercrime is becoming an important issue not only for CIOs and IT professionals, but also for
CEOs, CFOs, compliance officers, boards of directors, and business owners. The questions remain the same: “Is the Caribbean
a safe haven or is my financial institution at risk? And if so, how
can I protect my critical data assets from cybercrime?”
The Caribbean – A Safe Haven? According to a recent
study from the Ponemon Institute, “the average total cost of a
data breach increased from $3.79 million to $4 million”2 worldwide from 2015 to 2016. While there have been no recorded
events of data theft in the Caribbean, there is plenty of evidence
that organisations of all shapes and sizes have been infiltrated
at some level. In fact, heavily regulated industries such as the
banking industry generally experience the most costly data
breaches due to “higher than average rate of lost business and
customers”3 and fines. With more than 50 financial institutions
in the Caribbean, it is only a matter of time until the first data
breach occurs. Research suggests that the Mean Time to
Identify (MTTI) a breach is 201 days with an added Mean Time
to Contain (MTTC) of 70 days (for a total of 271 days)4. The
longer it takes to detect a breach, the costlier it becomes because hackers have more time to locate and exfiltrate data. It
is therefore plausible to assume that several banks may already
have been hacked or are being hacked without knowing it. Caribbean banking customers have every right to question how
secure their financial assets really are.
In addition, the Caribbean financial services industry has recently been hit by the so-called “de-risking” movement. Over
the past four years, US financial institutions have tightened their
21