IT-business divide harming mobile banking security

Application delivery firm Akamai has called on financial institutions to review their business and IT alignment to ensure they don't fall victim to cyber attack, arguing that new digital channels are increasingly being launched by banks without a sufficient IT strategy behind them.

The calls came in a new Akamai report published by IDC on Thursday, New Threats Demand Innovative Responses.

It outlines how the sector is constantly trying to evolve its products and services to meeting the growing demands from customers for online and mobile banking, but warns that cyber criminals are targeting this space with increasing sophistication.

"The proliferation of smart devices and investment in mobile networks have made mobile banking a realistic prospect for financial institutions looking for new ways to connect to customers and deliver services," said Akamai's chief strategist for financial services, Rich Bolstridge.

"Having invested in the front-end of online and mobile banking, however, institutions need to review how they protect themselves and their customers from the ever-present threat of fraudulent activity posed by increasingly sophisticated cyber attacks and, perhaps most significantly, from a proliferation of mobile malware."

The report argues that the perennial gap between IT and the business may have serious implications for the security of mobile banking services.

"IT managers want to invest in security, but they are constrained by a lack of budget. Management teams feel they are faced with a brick wall in the form of IT colleagues who are seemingly reluctant to support the push for new digital channels," explained Bolstridge.

"This gap only serves to magnify the already daunting risk posed by increasing security threats and must be overcome. In an industry where trust is at an all-time low, the failure of any one bank to provide total security for its mobile banking channel would be catastrophic."

Akamai and IDC urged financial institutions to ensure their IT security teams are involved in the design of new products and services from the outset, that business users don't launch projects before IT has had sign-off and for IT to foster closer relationships with executives.

It also argued that security teams need to increase their knowledge of the mobile malware threat.

Mobile malware has rocketed in recent months, with most of the major security vendors predicting it will be one of the biggest problems facing users and administrators in 2012.

On the banking side, Trojans such as Zeus and SpyEye have been causing increasing problems for financial institutions and customers.

In 2011, the source code for ZeuS was leaked online, which experts rightly predicted would lead to an increase in the availability of ZeuS toolkits and potentially a new wave of attacks.