By Prabesh Poudel
Most banks are currently undergoing digital transformations, adopting digital technologies to enhance their operations. However, as this transformation progresses, it is crucial for banks to prioritise security and compliance practices in order to minimise risks and promote digital well-being. Therefore, while we talk about digital transformation, it is imperative that security transformation keeps pace and goes hand in hand with the overall process. One of the biggest challenges faced by banks in this scenario is finding effective ways to deliver and maintain security measures at the same speed as digital transformation. It is essential to ensure that every new technology, digital process, customer interaction, and innovation is adequately protected.
Threat actors have shifted their focus to targeting end users, exploiting their behaviours and tricking them into opening malicious files, visiting malicious websites, or providing sensitive information. They often employ tactics that create a sense of urgency, such as lottery payment scams, or take advantage of ongoing crises and events. Therefore, relying solely on a secure system is not sufficient to strengthen information security. User awareness plays an equally important role. There have been instances in Nepal where mobile banking users unknowingly share their passwords or OTPs with fraudsters. To address the challenges related to information security effectively, it is crucial to set a comprehensive security strategy. Security should be approached from multiple angles, including a secure technology infrastructure, continuous security assessment, ongoing security monitoring, and the development of a security culture. All of these aspects should be guided by strong policies and procedures.
Before adopting any digital system, a thorough security assessment should be conducted to ensure its security before implementation. However, the process does not end there, as security is an ongoing effort due to the constant evolution of new threats. Therefore, continuous security assessments, security monitoring, and security awareness programs for users are necessary to establish a robust security culture. It is important to recognise that an effective security posture goes beyond individual components of a security framework. The focus should be on orchestrating these components in a cohesive manner to build a more resilient and effective security environment.
(Poudel is working as the Information Security Officer of Nabil Bank Ltd)