Proactive cybersecurity posture pays off for Mano Bank
CISO explains how the start-up bank has won trust to grow its customer base
Central to trust is the acquisition of the .Bank domain
Mano Bank is a Lithuanian financial institution which provides accounts, financing and digital payment solutions to business clients (including fintech companies) and private customers.
Tomas Beinaravičius, Mano Bank's Chief Information Security Officer shared some thoughts with Computing about the cybersecurity landscape, and how Mano Bank has built trust in its cybersecurity posture to grow its customer base.
Beinaravičius explains how the bank prioritises threats to their customers and data.
"We prioritize customer trust in the provision of our services, and we believe that cybersecurity is one of the main factors in ensuring it," he says. "One of our primary concerns is the increasing sophistication of cybercriminals, who constantly discover new ways to exploit vulnerabilities in systems and networks. Thus, we need to continuously develop new defence strategies for our systems. This is why we focus on all cyber threats."
Generative AI is of course having a profound impact on the threat landscape, which for some time has been a generally stable blend of an untargeted majority and a far more finely crafted, well researched targeted minority.
What most CISOs, and the cybersecurity industry more generally now expects AI to do is remove the trade-off between volume and targeting. The NCSC said at the start of this year that AI is lowering the barriers to entry for cybercriminals as access and information gathering about prospective victims become increasingly automated.
Beinaravičius acknowledges the increased risk, but also the boost that GenAI can provide bank defences.
"You correctly mentioned that AI is beneficial in cybersecurity and also increases risks in some areas. We acknowledge the significant assistance AI provides in identifying risky behaviours, such as in combating phishing and spam, and prioritizing vulnerabilities. However, we also recognize that the use of generative AI can amplify fraud.
"Technology is essential in managing risks and threats by using real-time notifications from partners and advanced screening tools. Notifications keep organizations informed about emerging threats, allowing for quick responses. Screening technologies, like automated anomaly detection, monitor for suspicious activities, helping to proactively identify and mitigate risks. This integrated approach ensures operational continuity and enhances overall security efficiency."
The huge increase in phishing attacks over the last few years (including those like the LabHost crimeware-as-a-service outfit recently taken down by the Metropolitan Police) have frequently and exploited and copied banking sites. The increasing frequency of these sorts of attack vindicates a decision that Manos Bank took around five years ago, which was to invest in acquiring the .Bank domain.
The .Bank domain is a sponsored top-level domain which has been available since early 2015. It is reserved for the banking industry, and in order to register the domain, banks must be verified to the highest security standards.
The domain is a defence against phishing attacks because cybercriminals cannot set up lookalike sites featuring the .Bank domain.
The domain's stringent verification processes and encryption standards provide an added layer of protection for Mano Bank's customers, helping them to discern genuine communications from fraudulent ones and ensuring the integrity of online banking operations.
Although approximately 2200 banks have registered a .Bank domain, only 745 are using them which given the increase in phishing and likelihood of a further escalation in the volume and quality of this type of attack, seems counter intuitive.
Established banks who are still undecided as to the benefits of .Bank versus the rebranding and marketing costs are being increasingly challenged by start-ups like Mano Bank which are making the provision of safe and secure banking services a core part of their messaging. Since adopting the .Bank domain, Mano Bank has grown its European business to the extent that it has doubled net income.