The straight answer to this is ‘Yes.’ eLearning technologies can easily provide an entry point that a cybercriminal can use to exploit a banking and financial institution’s vulnerable IT system, especially when the eLearning technology itself is prone to attacks and vulnerabilities. Cyber-attacks caused by vulnerable eLearning technologies are one of the primary reasons why some banking businesses to this day are adamant about sticking to traditional training methodologies. Even when traditional training is often expensive and cost-intensive as compared to technology-based training alternatives that are so widely available.

Vulnerabilities in eLearning technology frameworks can sometimes stem from old eLearning technology not being updated to blindly trusting in any third-party eLearning vendor who themself do not take cyber security seriously.

In 2017, the NotPetya cyberattacks targeted power plants, metro stations, the world’s largest shipping company, and banks using malware delivered via a third-party software update which happened to be an accounting software.

More recently, the 2021 SolarWinds attack saw hackers adding malware to third-party software that was certified ‘Ok for Customers’ resulting in the attackers gaining backdoor access to the world’s biggest companies including the likes of Microsoft, Nvidia, VMware, and even the department of US commerce, defense, and energy read more.

It’s reasonably safe to say that an eLearning vendor with little concern for cyber security may unknowingly present hackers with access to your banking and financial institution and it may be too late before your security teams can react.

Although an eLearning product can present attackers with the opportunity to gain access to your central systems and data, its occurrence is highly unlikely if your organization takes the needed steps to prevent such attacks. So, the answer to this question is ‘Yes,’ with the right security measures in place, your banking and finance company can easily stop attackers from gaining access to your systems and there’s a lot that you and your eLearning vendor can do to further compound cyber security measures.

With a little bit of understanding and the application of some common sense, a banking business can very easily adopt world-class eLearning-based technology to train their staff across the world on a myriad of topics. Especially when the banking and finance business has so much to gain from formally training and certifying its representatives on a range of topics that are constantly undergoing change.

The first and most widespread cause for companies falling prey to cyberattacks is maintaining a very relaxed outlook on assessing the integrity of third-party eLearning technology that the company is currently using.

Just because the vendor assures you that their eLearning technology is safe and because the pricing and rollout duration suit your company’s immediate needs, you end up licensing a technology that your own IT security team has not completely assessed.

Another facet of a relaxed company culture is not defining policies that outline a quick and justified response to cyber-attacks when they take place. In both the NotPetya and SolarWinds attacks, the software provider and the customers were large organizations that many would expect to have the best IT security and response teams in place. However, both instances only proved how cyber-attacks are unpredictable and greatly compounded when both the vendor and the customer are too relaxed in their approach to cyber security.

When implementing a third-party eLearning technology, it’s very important to perform diligent checks that scrutinize the third-party software for vulnerabilities. Additionally, it’s recommended to opt for vendors who are certified by reputed security audit companies as diligent eLearning technology vendors.

Another way to identify a good eLearning vendor for your banking and finance business is by partnering with an eLearning company that is already serving other banking and finance businesses because this may indicate that the vendor knows the importance of security and that they are obviously doing everything right to ensure their banking and finance customers are secured.

Finally, banking and financial institutions are notorious for not updating with changing times, especially when it comes to technology. As financial institutions struggle to phase out legacy software, they also struggle to phase out legacy training technology. Take the example of Britain’s biggest bank from the 19th century that went bust in 1995 due to the actions of one errant trader. Barings Bank regularly struggled with and actively chose not to adopt many modern technologies that could have potentially saved them from the misdeeds carried out by one of their traders. Barings was one such bank that continued to rely on paper-based document management even as other banks switched to advanced record-keeping technologies. It’s commonly said that if it wasn’t for the trader who drove the entire bank into massive debts, the bank’s inability to adapt to changing technologies would have eventually dealt a similar blow.

Anybody with the slightest idea of technology can attest to the fact that outdated technologies and a relaxed outlook on IT security are the easiest ways to exploit IT vulnerabilities. When banking businesses continue to use outdated eLearning training like Flash-based courses or an outdated legacy LMS, they are practically inviting hackers to take advantage of their vulnerable systems.