Digital security is one of the priorities at Bankinter. The projects agreed within the Digital Security Management Plan were carried out in 2022 to honor this commitment. The objective is to guarantee high levels of confidentiality, integrity and availability for customers, employees, shareholders and suppliers.
In its first year of operation, the master plan made important contributions, such as the consolidation of the new incident response and continuity management, in which reporting models, escalation, role plays and advanced simulation exercises were managed and developed. The new management was added to those implemented in 2018: technological risks, cybersecurity and security monitoring, and electronic fraud prevention.
On the basis of this new reinforced structure, Bankinter undertook a set of projects with a higher level of maturity and whose main focus was on the vectors of greatest threat. The use of the NIST CyberSecurity Framework, a critical infrastructure protection framework, makes it possible to measure the maturity level of compensating controls and minimise the risk to the Bank.
Not only is it necessary to protect the entity's assets; it is also necessary to ensure security within the supply chain to guarantee the proper functioning of business processes. In this regard, a process based on the requirements of the European Banking Authority (EBA) for the review of providers was generated in 2022. In addition, BSI's certifications in Security Management (ISO 27001) and Business Continuity (ISO 22301) were renewed in 2022, providing external assurance in project implementation and process development.
The activity of the area also included the development of awareness plans for users, who are the weakest link in the security chain. The bank provides online training programmes for employees and carries out simulations to obtain confidential information (passwords, personal details, etc.) using techniques such as emails, text messages (smishing) and telephone calls (vishing).
The awareness-raising exercise includes external staff. In 2022, baiting (USB) and hacking (social engineering with QR codes) exercises were carried out. In addition, special emphasis was placed on customer focus, including campaigns with videos, manuals, news and safety instruction sheets.
The growing importance of digital security reflects the rapid expansion of cybercrime, the activities of which have evolved and become much more dangerous. Financial institutions are particularly exposed to this kind of manipulation and fraud as a result of their continuous contact with the public and the nature of their business, part of which involves payment systems.
We use first and third-party cookies for analytical and statistical purposes and to show you personalised advertisements based on a profile compiled from your browsing habits (e.g. pages visited). For more information, click on our Cookie Policy. You can accept all cookies by pressing 'Accept' or personalise your choice by clicking on MANAGE OR REJECT COOKIES.