Cybersecurity: Focus on Prevention, Not the Cure
At any given point it is likely that nearly 99% of the money in a credit union is stored digitally. Not only is more money going digital, the movement of digital money is becoming faster. What used to take days soon will take minutes, making it easier for cyber criminals to digitally steal billions of dollars.
Pragmatism dictates that it is easier to stop something from happening in the first place than to repair the damage after it has happened. This is true as long as we care about prevention. Easily clonable passwords and biometrics as a proxy for passwords are the predominant methods of digitally authenticating users. With more than a billion passwords cloned, the question is, do you care?
Even the largest bank, JPMorgan Chase, spent $250 million on cybersecurity and still got hacked – therefore we cannot spend our way out of it. This challenge will be exponentially worsened since digital account takeovers are going to become a serious challenge in the near future because of the massive loss of personally identifiable information from Equifax.
So, what should credit unions do? Before we decide what to do, we need to understand why what we are doing is not working.
When it comes to digital identity verification and authentication, only 4% of budgets are being spent on prevention and the rest, 96%, is cure-focused. This is making the entire digital marketplace terribly unhealthy, which ultimately benefits the criminals.
Have we given up and decided that this cannot be solved? I contend that it can be solved, but it is going to require change in how we operate and create policies. Just like everything else, prevention is better than cure. But, curing a problem after the fact through analytics in hacking, just like in health care, makes much more money for the industry because it does not stop the root cause of the problem. So why would the industry focus on prevention when the cure is more lucrative?
According to re:ID magazine, approximately $3 billion was spent on the prevention of identity loss and $73 billion was spent curing identity loss after it occurred. That is why cybercrime is expected to grow from a $3 trillion industry in 2015 to a $6 trillion industry by 2021. It is not only bigger than the GDP of most countries – it is growing faster than any economy. Unless we focus more on prevention, we are going to reach an inflection point when this apathy will result in irreversible harm and unmanageable regulations. Clearly at this type of scale, we cannot spend our way out of it!We need to work smarter and prevent loss before it happens. This is already starting to happen in some areas of our lives. It is very likely that the credit card or debit card in your wallet has a chip in it. These chip cards cannot be cloned and therefore effectively prevent remote compromises that otherwise create havoc. Unlike clonable identities like magstripes and passwords, chip card technology prevents loss as opposed to trying to cure the loss after the cloning occurs.
While these chip cards are preventing fraud in the physical world, fraud is now rapidly migrating to the digital realm. Enabling chip cards to protect identities and crypto keys both in the physical world and the digital world is the next frontier. Once we have this omnichannel protection enabled by unclonable chip card technology and the cure enabled through analytics and machine learning, it will form the basis for a healthy and viable digital marketplace for banking.
Siva G. Narendra is CEO & Co-founder at Tyfone. He can be contacted at 661-412-2233 or firstname.lastname@example.org.