Cyberthreats have evolved significantly over the years, moving beyond basic phishing scams to more sophisticated exploits that target users through fraudulent apps, malware-laden links, and remote access manipulation. This evolution has been fueled by the rapid adoption of artificial intelligence (AI) in recent times, which has allowed cybercriminals to craft increasingly convincing and highly targeted scams.
Sarene Lee, country manager for Malaysia at cybersecurity firm Palo Alto Networks, highlights how cybercriminals are leveraging generative AI to create scams that are harder to detect and easier to trick users into downloading malware-infected applications. This is particularly concerning in the consumer banking industry, where more customers are relying on mobile banking for their daily transactions.
To meet the growing demand for digital banking services, banks have introduced a wide range of online products and services. However, this increased digital footprint has also expanded the attack surface for cybercriminals, providing them with more entry points to exploit security gaps and steal sensitive financial information.
In response to these threats, Bank Negara Malaysia mandated the introduction of malware-shielding features for all mobile banking apps in the country to strengthen its financial infrastructure against cyberthreats and online scams. This technology is embedded directly into the bank’s mobile app to detect and neutralize high-risk malware, including malicious application files and suspicious remote monitoring access on customers’ devices.
Several banks in Malaysia, including Malayan Banking Bhd (Maybank), Alliance Bank, AmBank, Bank Simpanan Nasional, CIMB Bank, and HSBC Bank, have already implemented malware-shielding in their apps. Lee emphasizes that financial institutions need to introduce more proactive security measures in mobile banking to counter the growing threat of cyberattacks.
According to Palo Alto Networks’ Incident Response Report 2024, malware was a factor in 56% of investigated cyber incidents. Lee underscores the importance of leveraging AI-driven defenses to counter cybercriminals’ use of AI, citing examples from countries like the US, the UK, and Singapore that have already incorporated AI-driven cybersecurity strategies.
While malware shielding is a step in the right direction, Lee notes that it mainly focuses on the front end of security. Cybercrimes can also originate from the back end, and banks need to look into practices to protect themselves. Best practices adopted by developed countries include replacing SMS one-time password authentication with in-app authentication, enhancing fraud detection rules, and enforcing cooling-off periods for new account registrations.
In light of the rising scams and cybercrimes, online banking best practices are essential to reduce scam-related financial losses and increase customer confidence in digital banking. Lee stresses the importance of finding a balance between security and accessibility to ensure that security measures do not create excessive friction for users, especially for senior citizens or those unfamiliar with digital banking.
While implementing malware shielding poses challenges, such as balancing security with user experience and driving user adoption of new security measures, it is crucial for banks to stay ahead of cybercriminals. Collaboration between financial institutions, government agencies, and cybersecurity stakeholders is key to keeping up with the rapidly evolving cybercrime landscape and maintaining the security standards in line with global best practices.
In conclusion, as cybercriminals continue to refine their tactics, it is essential for Malaysia to prioritize cybersecurity and work collaboratively to combat the ever-evolving cyber threats. The implementation of malware shielding is a significant step forward in safeguarding the country’s financial infrastructure and protecting sensitive data from online scams.