Information security

New model to combat cybercrime

Information security is a top priority of Bankinter, which aims to guarantee a high level of confidentiality, integrity and availability for its customers, employees, shareholders and suppliers. With this objective, in 2017 the Bank carried out certain organisational adjustments and planned a new strategy to strengthen the security structure. The security masterplan was reorganised in order to implement these changes and its duration was extended until 2019.

The model for combatting cybercriminals is based on three lines of defence, the first line is technology, business, operations and so on; the second line is risk control and regulatory compliance; and the third line is the audit department which monitors that the first and second lines act independently and are focused on continuous improvement.

From an organisational viewpoint, three management areas have been created within the data security department:

Technological risks: Focussed on regulatory compliance, policies, business continuity plan and risk analysis, among others.

Cybersecurity: Its priority is the protection of customer data, simulation of constant attacks on our systems and continuous improvement in combatting cyberattacks.

Security monitoring and e-fraud prevention: Where communications and transactions are monitored and the security of applications is analysed.

With this new structure, in 2017 Bankinter began a protection strategy with various phases. Firstly, the basis of the new strategy was created, optimising procedures such as network access control and data protection to prevent data leaks. 

After this phase, which is expected to last until the first quarter of 2018, a series of processes will be rolled out, which include: attacks against our infrastructure, forensic data analysis or advanced intrusion detection systems, among others. Finally, more complex projects will be undertaken, with more advanced technology, and a review made of the complex external subcontracting regime in relation to cybersecurity. 

One of the most important objectives for 2018, is the implementation of an adaptive security system, which offers customers the possibility of deciding how to manage their own security (whether or not to make overseas transfers, restrict their credit card activity and so on), depending on their risk sensitivity. 

Awareness plans

The activity of the information security department is completed by the development of awareness plans for users, who are the weakest link in the security chain. The Bank provides online training programmes and carries out simulations to obtain confidential information (passwords, personal details and so on) through emails, text messages or telephone calls.  The aim is to discover people's reaction in situations that can be exploited by cybercriminals.  

The growing importance of information security highlights the rapid expansion of cybercrime, the activities of which have evolved and become much more dangerous. Initially it involved the actions of individual hackers, who were not only motivated by money.  Nowadays, cybercrime has created large and sophisticated business structures that are capable of attacking entire economic sectors. 

One of the key objectives for 2018 is the implementation of an adaptive security system.

The theft of confidential big data from companies, the denial-of-service attacks and phishing (using the identity of companies or public bodies in order to obtain confidential information from the victim) are the main strategies used by cybercriminals.  Financial institutions are particularly exposed to this kind of manipulation and fraud as a result of their permanent contact with the public and the nature of their business, part of which involves payment systems.