According to the World Economic Forum, cybercrime is a greater threat to society than terrorism. Hacking and cybercrime will inevitably become more of a concern as machines take over more of our lives, because every connected device you add to a network is a potential point of failure that an attacker could exploit. Identifying the causes of failure in networks of linked devices becomes more difficult as the networks become more sophisticated.
Furthermore, given the volume of data produced in today’s world, a large amount of data will be saved on various infrastructures, data centers, and personal computing devices. As a result, businesses, and financial institutions in particular, have experimented with various techniques, with business and data resiliency being a top priority for many.
Cyber and Data Resilience Initiatives in ASEAN Central Banks Mapped
(Source: Business and Data Resilience – ASEAN Report)
Today at AIBP Insights: Business and Data Resiliency, we addressed topics ranging from current trends and best practices for protection against cyberthreats and risks.
AIBP Insights is a series of discussions held online which brings together a focus group of ASEAN stakeholders to discuss topics related to enterprise technology adoption in the region.
Bank Mandiri (Indonesia), and Bangkok Bank (Thailand), Finalists of the 2021 ASEAN Enterprise Innovation Awards, also showcased their innovation projects at the session.
The Enterprise Innovation Awards was established in 2017 by AIBP with the key objective of giving recognition to organisations who have embarked on projects to digitally transform their business through the adoption of innovative technology. The awards are held annually for ASEAN countries; Indonesia, Malaysia, Philippines, Thailand and Vietnam.
Key points brought up today include obtaining a single source of truth, making data valuable, and aligning the people, processes and technology.
Obtaining Single Source of Truth
Creating a single source of truth ensures that businesses operate across the organisation on standardised, relevant data. Data sets exist in silos in the absence of a single source of truth, and each department operates as a black box. Implementing a single source of truth allows business leaders to make data-driven decisions based on data from the entire organisation rather than from compartmental data silos.
Data can be found in a variety of systems throughout a financial institution. When these systems exist in silos, it makes it difficult for financial institutions to make data-driven decisions because not all members of the financial institution are using the same data. This was brought up by Panuwat Kongapun, Vice President, Shared Operation & Contour Project Manager , Bangkok Bank, Thailand, where he mentioned that having no single source of truth is a common pain point faced by many in trade financing today.
Sheena Chin, Managing Director, Cohesity ASEAN, Singapore, divided the problem into two parts: first, mass data fragmentation caused by complexity, and second, building up to create a larger attack surface for malicious events and attacks to occur. Sheena added that in order for financial institutions to enable a single source of truth, it is critical to eliminate data complexities and data silos before deciding how to fully utilise this data.
Making Data Valuable
Every piece of data, according to Dr. Kitti Kosavisutte, Senior Vice President & Chief Information Security Officer, Bangkok Bank, Thailand, will have a value and a cost. It is a difficult task, but Dr. Kitti added that data owners must balance value and cost before addressing their next steps through the investment and operations lens.
Handika Fakhrizal Hakim, Head of Business Analytics Department, Enterprise Data Management Group, Bank Mandiri, Indonesia, added that their Ecosystem project, despite the COVID-19 pandemic, brings together various stakeholders. In addition, they distribute the responsibility evenly among the different units at Bank Mandiri, for example, when it involves data, there is a data team who takes care of it. When it comes to managing risk across the ecosystem, Pak Handika added that it is everyone’s responsibility to support and give ideas – strengthening risk is done best when everyone comes together as one spirit, as opposed to having individual views.
Steven Low, Chief Risk Officer, Prince Bank, Cambodia, agreed with Pak Handika and added that mapping out the business canvas can help to address some of the problem statements that financial institutions have, as well as play an important role in obtaining meaningful and insightful data.
Furthermore, Sam Tanskul, Managing Director, Krungsri Finnovate; Head of Innovation & Fintech, Krungsri Consumer; Head of Innovation Lab, Krungsri Bank, Thailand, mentioned a recent credit/debit card unauthorised fraudulent transactions case in Thailand, where 10,700 cardholders were impacted between October 1-17, with 5,900 credit cards accounting for a transaction value of 100 million baht and the remaining 4,800 debit cards accounting for a transaction value of 31 million baht. Khun Sam intends to use the data collected in the near future to build a machine learning model in cybersecurity to identify and detect fraudulent patterns, as well as how to mitigate/prevent such incidents in the future.
Aligning the People, Processes and Technology
In response to a question from an attendee, Sheena stated that while people, processes, and technology are all important, the bigger question is how to tie them all together.
Dr. Kitti stated that people may be unfamiliar with what they need to do to protect data when working from home due to the change in working environment. Dr. Kitti and his team developed an awareness program in which their employees are warned to be wary of malware and phishing attacks when gathering information or news about daily case counts and vaccinations.
CK Mah, Regional Director, Southeast Asia, Menlo Security, Singapore, agreed with Dr. Kitti, and echoed that with COVID-19, we are all mobile to some extent, and as a result, we are exposed beyond the boundaries of what our companies typically provide. Hackers no longer require years of training; all that is required is for one employee to click a malicious email. Protection, like a vaccine, often means that it is a high probability, but it is not entirely possible to eradicate.
Stay tuned for more sessions coming up this month on Digitalisation for Smart Cities and Public services. The AIBP Insights series will continue this month, where we will host focus groups on enterprise digitalisation in ASEAN. Finalists of the 2021 ASEAN Enterprise Innovation Awards and will also be showcasing their innovation projects for their organisation.
Feel free to drop us a message if you would like to view the full session replay, or if you wish to find out more about upcoming focus groups!
2 November 2021