Along with the rapid proliferation of digital banking across the world, we have also seen an alarming increase in cyber attacks across the banking sector. Interestingly enough, a significant amount of these attacks are occurring in low and low-to-middle-income economies. These cyber incidents are occurring more often in those regions due to their comparatively lax cybersecurity. The lower cybersecurity standards allow cyber criminals to exponentially raise their success rate, and while the dollar amount for each individual cyber attack may be lower, greater success rates still lead to substantial monetary gains.
It isn't just worldwide organized crime that is benefiting either. State actors and state-sponsored cyber attackers are also responsible for a staggering amount of data breaches and cyber-attacks across financial institutions. North Korea alone obtained over $2 billion from attacks across nearly 40 countries in the five-year span of 2016-2021. In fact, Interpol reports that the two single biggest concerns for international criminal activity are financial and cyber crimes. That puts banking cybersecurity on the frontlines of both arenas.
What Is At Risk?
It's not just money that's at risk of being stolen in these data breaches. Financial institutions face cybersecurity risks such as ransomware attacks that encrypt data, programs, and even operating systems pending payment of a ransom. They also have to worry about their sensitive data and their customer data being exfiltrated and used for nefarious means or even being resold to the highest bidder. There is also the not insubstantial risk of cyber attackers utilizing a breach to cause serious damage to the regional or even global economy. The very first target for Russia in its invasion of Ukraine was the banking sector; that wasn't done for financial gain but to destabilize the region in furtherance of their military activities.
The increasing digitization of financial transactions has provided a lucrative target for cybercriminals. Network security professionals now need to find cybersecurity solutions that protect networks, devices, applications, and even storage facilities at the same time. Failure in any of these areas causes monetary damages, regulatory fines, and reputational damage and could even cause insurability issues for the financial institution in the future. The security threats to the banking industry are as numerous as they are varied, and only outstanding information security practices will provide any worthwhile protection to the financial services sector.
First, let's cover some of the most common methods that cyber attackers use to target the financial services sector. Then, we'll list some suggested best practices for addressing both global trends and enterprise-specific cyber threats.
Supply Chain Attacks
One of the most worrisome potential threat vectors comes from your supply chain. Your third and fourth-party vendors pose serious cybersecurity risks to your enterprise if they are not managed properly. As traditional financial institutions embrace digital banking, they are relying more and more on fintech companies and other technology vendors to supply software and other services to better facilitate these digital offerings that customers are looking for. Cyber incidents that start within your supply chain can spread to your network or end up compromising your supply chain entirely. Third party security has to start with quality risk management procedures in your vendor processes.
We mentioned ransomware briefly just before, but it's worth delving into a little more deeply. The threat isn't just the loss of your sensitive data. There's no guarantee that the attackers will release the encryption key to decrypt your systems, but even if they do, modern ransomware attacks frequently involve the exfiltration of customer data and other details from your network to later sell. This makes the threat doubly important to prevent. Recent research has estimated that around 60% of ransomware victims have paid the ransom demanded by their attackers. Those odds are good for the bad actors, and that means we need to take a more proactive approach to banking cybersecurity.
Phishing, whaling, pharming, and any of the various permutations of social engineering scams are all designed for one target – the unaware or unsuspecting employee. In an attempt to do their job, the victim employee falls prey to one of the many methods used by attackers to get them to take some action that will be beneficial to those perpetrating the cyber incident. This could lead to credential compromise impacting your network security, ransomware attacks, or other types of malicious software installation.
The protection of sensitive data should be at the heart of most risk management policies and procedures. Information security policies are mandated to be robust in the banking sector, but as we mentioned above, your supply chain poses risks as well. Are all of your vendors with access to your business data or other sensitive information using the appropriate security solutions? I'm sure that the clients serviced by NorthOne thought so too, but an entire database of unencrypted customer data was located sitting on a server. That's a veritable treasure trove for any attacker.
So What Can Be Done?
A 2016 attack on Bangladesh's central bank sent shockwaves through the international banking sector. Attackers leveraged vulnerabilities in SWIFT in an attempt to steal $1 billion. Even though almost 90% of the transactions were blocked, these bad actors made off with just over $100 million. After this event, financial institutions around the world lobbied the International Monetary Fund (IMF) and other organizations for cybersecurity solutions to protect against these emerging threats. One of the greatest challenges facing this industry is the lack of a central coordinating body for setting policies and regulations for banking cybersecurity internationally.
Without leadership by the IMF or another body, the resulting regulations and frameworks are fragmented, not consistently applied, and frequently leave the lower-income regions with fewer protections, as we discussed earlier. That doesn't mean that there aren't security solutions for these threats to the banking industry, but it is imperative that someone takes the lead in charting the course forward to create the best possible outcomes.
Domestic Public-private Partnerships
Within individual nations, it's critical that their government, law enforcement, private financial institutions, and others all work in concert with one another and have functioning, mutually beneficial relationships. These partnerships enable information sharing and the ability to work through challenges with the common goal of preventing, mitigating, and responding to cybersecurity threats in the most effective manner.
Focus on International Collaboration
Once those domestic relationships are functional, the next logical step is to build outward and facilitate international cooperative agreements. The interrelation between technological firms, financial institutions, and government entities, as well as the transnational cyber threats facing the banking sector, means that true collaboration is imperative for any meaningful change to the threat landscape to occur. Risk management can't operate in its own silo within a corporation, and similarly, no single entity can address these modern cyber risks alone.
The coordination domestically and internationally should focus on providing the best cybersecurity solutions without unnecessary duplication of services. By sharing data, information, and security solutions across borders, the financial sector can solidify its security posture without needlessly inflating transaction costs. In that same vein, professional and open investigations into data breaches can provide intelligence that will better secure the global economy.
Leverage Best Practices Into Other Areas
There's no secret that a secure global economy is in the best interests of every government and corporation. The root of a secure global economy is a healthy international banking system. However, this is not the only shared international goal. The framework built and tested by the financial industry can be leveraged into other areas of global concern. In fact, the very relationships that are reinforced by these collaborative efforts within the banking sector may prove indispensable in times of geopolitical strife.
International Monetary Fund Policy Recommendations
While the IMF does not currently hold the responsibility for setting global policies regarding cybersecurity solutions or cyber risk management, they have put forth a series of policy recommendations for both the banking sector and governmental entities.
Develop a Cyber Risk Management Framework
Whether this is done by a regulatory body or government agency, each country should establish ground rules for how financial institutions implement their cyber risk management programs and how those entities interact with law enforcement and other government agencies. This should include information-sharing policies, and it should involve consideration of the use of financial computer emergency response teams for incident response and recovery.
Information Security Procedures
In order to increase the banking sector's resilience to attacks targeting the most sensitive information, information security should be prioritized. This means ensuring that all sensitive data and all customer data are encrypted at rest, in transit, and when backed up. Regular backups of this data should occur at least daily and be stored off-network.
Government Policy Considerations
A public declaration should be made by each government on exactly how they plan to apply the standards of international law to cyberspace. They should also make a public commitment to securing the financial system. Some countries have already established that they will view an attack on their financial systems as equivalent to unlawful intervention in their domestic affairs. While this may not give pause to state-sponsored attackers, it at least establishes a sound base for a response to such an incident that should be supported by the international community.
Intelligence Gathering and Sharing
Intelligence is not just the purview of specially designated government agencies anymore. The gathering, sharing, and use of intelligence should be a shared effort between the financial sector and governments. This intelligence on cyber threats should also be disseminated to allied and friendly nations to further assist in the global response to the emerging trends of banking cybersecurity.
At Venture Lynk Risk Management, we recognize the unique threat profile of a high-risk industry like the financial sector. As industry experts, we are uniquely poised to address all aspects of your risk management process, from vendor risk management to cybersecurity risk management and even intellectual property risk management. We can integrate all or some of our many services into an individualized package specific to the needs facing your enterprise. Contact us today to schedule a consultation with our staff and see what we can put together for your risk management needs.