The model for the fight against cybercriminals is based around 3 lines of defence: the first line is technology, business, operations and so on; the second line is made up of risk control and Regulatory Compliance bodies; and the third line is the Internal Audit department, which monitors that the first and second lines act independently and are focused on continuous improvement.
From an organisational viewpoint, a new model has been implemented in the first line within the Data Security Department consisting of three management areas:
With this new structure, in 2018 Bankinter began a protection strategy with various phases. Firstly, the basis of the new strategy was created, optimising procedures such as network access control and data protection to prevent data leaks.
Following this phase, which was extended to the first half of 2018, a series of processes will be rolled out, including attacks against the bank's infrastructure, forensic data analysis or advanced intrusion detection systems, amongst others. Finally, more complex projects will be undertaken, with more advanced technology, and a review performed on the complex external subcontracting regime in relation to cybersecurity.
One of the most important objectives for 2019, is the implementation of an adaptive security system, which offers customers the possibility of deciding how to manage their own security (whether or not to make overseas transfers, restrict their credit card activity and so on), depending on their risk sensitivity. A
The activity of the information security department is completed by the development of awareness plans for users, who are the weakest link in the security chain. The Bank provides online training programmes to employees and carries out simulations to obtain confidential information (passwords, personal details and so on) through emails, text messages or telephone calls. The aim is to discover people's reaction in situations that can be exploited by cybercriminals.
The growing importance of information security highlights the rapid expansion of cybercrime, the activities of which have evolved and become much more dangerous. Initially it involved the actions of individual hackers, who were not only motivated by money. Nowadays, cybercrime has created large and sophisticated business structures that are capable of attacking entire economic sectors.
The theft of confidential big data from companies, the denial-of-service attacks and phishing (using the identity of companies or public bodies in order to obtain confidential information from the victim) are the main strategies used by cybercriminals. Financial institutions are particularly exposed to this kind of manipulation and fraud as a result of their permanent contact with the public and the nature of their business, part of which involves payment systems.
We use our own and third-party cookies to improve our services and show you advertising related to your preferences by analyzing your browsing habits. If you go on surfing, we will consider you accepting its use. You can get more information, or know how to change the configuration in our Cookies Policy. Accept