Rethinking cybersecurity for resilient financial systems

Globally, the financial sector has become a prime target for cybercrime, with attacks growing in scale, sophistication, and impact. In 2025, several high-profile breaches exposed vulnerabilities even within well-established institutions. One alarming case involved the US indictment of members behind the Qakbot malware network, which infiltrated thousands of financial systems to deploy ransomware and steal banking credentials. In Europe, a breach at a cloud platform allegedly compromised millions of encrypted financial records, prompting serious concerns about cloud infrastructure security. Similarly, Asia has witnessed targeted phishing and malware campaigns against banks and fintech firms, especially those with minimal cybersecurity investment.

In Bangladesh, fraudsters are exploiting banks and mobile financial services (MFS) by calling from numbers resembling official customer care lines. Targeting senior citizens and non-tech-savvy users, they claim accidental money transfers and request One-Time Passwords (OTP), often mimicking official messages, to gain unauthorised access and cash out funds. These incidents result in financial losses and erode public trust in the system. As cyber threats evolve, financial institutions must prioritise resilience, investing in AI-driven security, real-time threat detection, and global collaboration to safeguard integrity.

Banks are attractive targets for cybercriminals, not just because they store vast sums of money, but also because they hold sensitive customer data. Attacks are becoming more advanced, using tactics like social engineering, zero-day exploits, and exploiting systemic misconfigurations. Cyber threats are no longer static; they evolve rapidly, often outpacing even the best-prepared defences. Today's cybercriminals are well-funded, highly organised, and often operate across borders.

Historically, many financial institutions have taken a reactive stance, responding to incidents as they occur. This approach is no longer sustainable. Banks must invest in both defensive (blue team) and offensive (red team) capabilities. Regular cyberattack simulations, akin to financial "stress testing," are essential to prepare for real-world scenarios. Shifting to a proactive model means anticipating threats and fortifying systems before breaches occur.

Digital transformation is reshaping banking through fintech, cloud adoption, and AI integration. With the shift to online onboarding processes like Know Your Customer (KYC), securing customer data and identity is more important than ever. However, these advancements also introduce new vulnerabilities. Cybersecurity must be integrated throughout the digital journey, not as a final step, but as a continuous process.

Despite technological safeguards, the "human factor" remains a critical vulnerability. Social engineering attacks, such as phishing, exploit human error and curiosity. This underscores the need for ongoing education and awareness at every organisational level. National-level initiatives to improve cybersecurity awareness among the general public, including teachers, parents, and civil servants, are vital for creating a more secure digital ecosystem.

Amid discussions of advanced threats, the basics must not be overlooked. Many breaches still occur due to outdated software, unpatched systems, weak passwords, and poor access control. Strong cybersecurity begins with sound fundamentals such as encryption, system hardening, and full compliance with regulatory standards. While the financial sector is heavily regulated, institutions should aim to exceed minimum standards. Regulations should not be seen as a burden, but as a framework for achieving cybersecurity maturity.

Cybersecurity should not be viewed as a barrier to innovation but as an enabler. By integrating security into product development and digital services, banks can adopt new technologies confidently while maintaining customer trust.

In an era where data is currency and threats are constant, cybersecurity in banking is more than an operational requirement. It is the foundation of trust and resilience. By investing in people, processes, and technologies and fostering a culture of security, we can protect the digital future of finance.

The writer is the chairman of Financial Excellence Ltd