Advanced technology against a growing threat
Information security is a great priority at Bankinter. In this sense, in 2019, projects were carried out under the Information Security Director Plan, which has been extended to 2021. The aim is to guarantee high levels of confidentiality, integrity and availability for customers, employees, shareholders and suppliers.
The growing importance of information security highlights the rapid expansion of cybercrime, the activities of which have evolved and become much more dangerous. Initially it involved the actions of individual hackers, who were not only motivated by money. Nowadays, cybercrime has created large and sophisticated business structures that are capable of attacking entire economic sectors.
The theft of confidential big data from companies, the denial-of-service attacks and phishing (using the identity of companies or public bodies in order to obtain confidential information from the victim), access to Swift or ransomware, are the main strategies used by cybercriminals.
Financial institutions are particularly exposed to this kind of manipulation and fraud as a result of their permanent contact with the public and the nature of their business, part of which involves payment systems.
A stronger model
The model for the fight against cybercriminals is based around three lines of defence: the first line is technology, business, operations, etc.; the second line is made up of risk control and Regulatory Compliance bodies; and the third line is the Internal Audit department.
From an organisational viewpoint, a new model was implemented in the first line in 2018 within the Data Security Department consisting of three management areas: technological risk, cybersecurity and security monitoring, and prevention of electronic fraud.
Based on this reinforced risk structure, in 2019, Bankinter embarked on a series of more complex projects, using advanced technology, with a focus on protection for email, browsing, final data for users and above all suppliers.
The activity of the area is completed by the development of awareness plans for users, who are the weakest link in the security chain. The Bank provides online training programmes for employees and carries out simulations to obtain confidential information (passwords, personal details, etc.) through emails, text messages or telephone calls. The aim is to discover their reaction in situations that can be exploited by cybercriminals. The awareness raising exercise also includes external staff.