Hazem Mulhim, Eastnets: “financial institutions must brace themselves for a slew of cyberattacks”
Even though there are more cybersecurity measures available than ever before, criminals still find new ways to attack and cause devastating damage to financial institutions.
Within the past few years, the financial sector has been going through a colossal fraud increase. It’s reported that cyber fraud attempts regarding financial sector companies rose by 150 percent back in 2021. And the situation is only getting worse day by day.
Securing the global economy has never been as important as today. Therefore, the Cybernews team reached out to Hazem Mulhim, the CEO of Eastnets, a global provider of compliance and payment solutions for the financial sector.
How did Eastnets originate? What would you consider the biggest milestones throughout the years?
The company was founded in 1984, although it became known as Eastnets in 2008. We exist to help financial institutions update the way they operate to stay secure, ensure compliance, and provide faster transactions.
Eastnets introduced banks across 14 Middle Eastern countries to SWIFT, the international payments network. This allowed financial inclusion on a scale the region had never seen. Following the 9/11 attacks, the business invested in anti-money laundering software to fight financial terrorism.
Today, Eastnets works with 10 percent of banks globally and has staff in 24 nations.
Can you introduce us to what you do? What challenges do you help navigate?
The business has always had the same vision. For nearly 40 years, we’ve focused on giving people the tools to connect and take part in the global economy. From helping banks in emerging markets connect to the SWIFT payments network in the 90s, to keeping global financial institutions one step ahead of criminals, Eastnets provides the technology that keeps economies safe and secure.
What cyberthreats surrounding banking do you find the most concerning at the moment?
Fraud is growing and in 2021, cost an astonishing $5.38 trillion globally. A significant proportion of this results from cyber-attacks on banks. 4 out of 5 banks have been targeted by SWIFT payment fraud attempts since 2016 and 80 percent of attacks are done through computer hacking.
As if this wasn’t bad enough, Europe is now at war and Ukraine is on the physical front line. At the same time, there is a cyber front line that financial institutions across the continent and further afield need to hold as Russia strikes back against sanctions.
The country has a track record of cyber-attacks, with state-sponsored hacking groups having breached the defenses of companies the world over in recent years. One of the most infamous of these is REvil, the cybercriminal group behind the Colonial Pipeline ransomware attack.
As we watch the war in Ukraine unfold, the situation is clear: the banking sector is in the sights of Russian-backed cybercriminals. The sector will be a focus of retaliation and the cyber guns are being loaded with attacks that will go well beyond website defacing.
Financial institutions must brace themselves for a slew of cyberattacks. There most likely will be new malware variants, used to carry out general damage and ransomware attacks. Examples include HermeticWiper and WhisperGate malware, the latter a form of ransomware that overwrites the boot record.
How do you think the recent global events affected the cybersecurity landscape?
Financial institutions are already a target for cybercriminals, with the banking sector experiencing a whopping 1,318 percent increase in ransomware attacks last year. The financial sector is vulnerable to these types of attacks, and cybercriminals and hacking gangs have already established where weaknesses lie within banking systems.
The speed of digital transformation, uptake of emerging technologies in automation efforts, and the Covid-19 pandemic have led to the financial sector suffering from a slew of vulnerabilities in areas as diverse as Identity and Access Management, omnichannel customer support, insider threats, upkeep of sanction lists, money laundering, supply chain risks, and misconfiguration and patching gaps.
What dangers can customers be exposed to if the software they trust struggles to ensure compliance?
If the software used by financial institutions struggles to offer full compliance with sanctions and other regulations, the impact can be huge.
For example, in December 2021, the UK’s Financial Conduct Authority (FCA) fined HSBC £63,946,800 for failings in its anti-money laundering processes. The reputational damage is equally eye-watering.
It’s incumbent on banks and other organizations to choose solutions that they can trust. This can be achieved by looking for technology that harnesses AI, link analysis, and blockchain to ensure compliance with ever-changing sanctions.
In your opinion, what characteristics make a company an attractive target for fraudsters?
Fraud in the financial sector is off the scale. A report from TransUnion found that digital fraud attempts on financial service companies rose by 150 percent in 2021 and analyst Juniper Research predicts that online payment fraud, for example, will reach a cumulative $206 billion in the four years to 2025, which is ten times the net income of Amazon.
Some of the most common fraud risk factors include inadequate internal controls, poor security measures, and lax senior management. Organizations, where the authentication process of a customer is in the hands of human agents rather than a reliable technology, are highly vulnerable to social engineering and as a result an attractive target for fraudsters.
The need for better fraud protection solutions that do not cause friction for customers is clear. Companies are strengthening internal controls, technical capabilities, and reporting to prevent and detect fraud. However, defending against new external threats requires a different set of tools and a continuous focus on policies, training, controls, and, increasingly, the use of sophisticated technology.
Besides quality fraud protection, what other cybersecurity measures do you think every company should implement nowadays?
Even with the best technology, companies will always need to ensure that their internal stakeholders and processes are up to the challenge when a cyber-attack comes.
The weakest link in a company’s security network is usually untrained employees. That’s why at this heightened time of risk it is important to ensure that all employees understand where the vulnerabilities in the system are and how the human factor impacts security.
In the same vein, companies should regularly test and review their current incident response and business continuity planning in terms of the types of expected retaliative cyber-attacks such as ransomware.
As for personal use, what security measures can average individuals take to protect their identity and payments?
Exercising caution when it comes to protecting our identities and assets should be the default behavior online. The digitalization of banking has added convenience through methods such as online transfers, bill payments, faster loan approvals, and others, but consumers need to err on the side of caution and be aware of what information they have shared with others online.
There are numerous tactics and precautions each one of us can take as individuals to protect our money and payments in cyberspace. The most important is to be aware of the risks and read up on how to stay safe. Practical steps include creating unique strong passwords for every account, keeping our devices locked, investing in anti-virus protection, avoiding public computers or Wi-Fi networks for online transactions, and creating an identity theft plan. This can include simple steps such as regularly tracking transaction history, securely saving a copy of bank statements, and keeping a list of all online accounts and passwords.
Would you like to share what’s next for Eastnets?
We will be helping financial institutions join up the dots when it comes to fraud prevention and anti-money laundering. In many organizations, there are excellent examples of systems, processes, and technology that in isolation work fantastically. But often, they sit in a silo. Banks have different departments and solutions that deal with different aspects of crime. They need to be linked to allow a full view.
This calls for solutions that all work in unison with open APIs and integration. It also calls for powerful business information dashboards and AI data analytics so that people can see and make sense of the data. This is the future for Eastnets and its clients.