Cyber Criminals At Large: Will You Be Their Next Victim?

A real time cyber-attack alert system has been created by the European Central Bank and is expected to be piloted this year in order to minimise the risk of digital theft. 130 banks will be required to inform regulators about their most significant cyber-attacks using this service by 2017, which should decrease the risk of …

by | May 20, 2016 | bobsguide

A real time cyber-attack alert system has been created by the European Central Bank and is expected to be piloted this year in order to minimise the risk of digital theft. 130 banks will be required to inform regulators about their most significant cyber-attacks using this service by 2017, which should decrease the risk of attack that has unfortunately risen in recent times.

Deputy director-general for bank supervision at the ECB, François-Louis Michaud, highlighted that the world has changed dramatically over the past few years, according to the Financial Times. “With banks reaching out to new customers using new technology, they are completely transforming their operating models. For some of that they know what they are doing but in part of it the guys have difficulty keeping up with what risks they are taking.”

Alongside this, the ECB has been compiling data on the most prominent cyber incidents at 18 of the largest banks since February, around the same time that the Bangladesh central bank was attacked and resulted in a theft of $81 million. Natasha Deteran, spokeswoman for SWIFT, the global financial network over which the hack took place, reassured customers that the organisation would provide updates when they were available.

Whilst we keep all our interface products under continual review and recommend that other vendors do the same, the key defense against such attack scenarios is that users implement appropriate security measures in their local environments to safeguard their systems.” This questions whether a general safeguarding of systems is enough; it is apparent that the ECB do not think so.  

Since the JPMorgan Chase data theft in 2014, it is safe to say that there have been some concerns around whether or not state-sponsored attacks on financial systems have intensified. Because banks are still using old technology, safeguarding could be described as an impossible task, especially when new systems are built on top in order to keep up with digital change.

Mark Earl, ex-Managing Director & Global Head of GT Production at Deutsche Bank, explored how the complexity of back end systems is an issue moving forward. “With many thousands of interfaces, the complexity is such that people cannot understand the process in their heads anymore,” Earl said. He added that most of the work that banking developers are doing now is changing the applications that are 10, 20 or 30 years old, but “there is a major knowledge deficit and major legacy systems, which is a difficult dichotomy as they are all trying to chase the same maturity.”

There is an awful lot of papering over the cracks going on,” Earl said, as the people that created the code decades ago, do not work at the organisation anymore and they are more than likely retired by now. He continued to say that education about risk needs to be put in place at all levels of an organisation. “We need a common language to understand risk properly and this should be imposed by the regulators, maybe.”

Perhaps the real time cyber-attack alert system is the common language, or the technology that is necessary for the current environment that we are living in. ECB risk analysis expert, Gregoire Issenmann, believes that the multi-faceted quality of cyber risk is something that banks cannot handle and can only do so if information is shared.

We want to kick-start some reflections at banks and signal our intent on this issue. We need to do this, otherwise we are in the dark and can’t really help the banks,” Issenmann said. The US Federal Reserve and the Bank of England will both be asked to share the data it collects with other central banks.

With senior banking executives saying that cyber-attacks are keeping them up at night, it questions why action has not been taken already. According to the FT, the Bank of England has been carrying out ethical hacking exercises and is stress testing the bigger banks in the UK. Alongside this, the UK central bank has started to simulate the impact of a larger attack on the financial system on both sides of the Atlantic. 

Categories:

Resources

Escrow Solution for Banks

Brochure / Fact Sheet | Banking Escrow Solution for Banks

Cashfac

Escrow Solution for Banks

Cashfac’s escrow accounts solution helps banks to offer a full self-service solution to their clients who themselves need to offer… Continue Reading

View resource
2022 predictions: the future of banking

White Paper | Banking 2022 predictions: the future of banking

Auriga

2022 predictions: the future of banking

The banking industry has seen many changes in 2021, both in Europe and around the globe. We witnessed cases of… Continue Reading

View resource
CyberBytes Email Newsletter From ThreatAdvice

Brochure / Fact Sheet | Banking CyberBytes Email Newsletter From ThreatAdvice

NXTsoft

CyberBytes Email Newsletter From ThreatAdvice

Cybersecurity News + The Latest Episode of The Cyber Show! Find this content in our CyberBytes email newsletter. You can… Continue Reading

View resource
API Connectivity Powering Digital Strategy, by NXTsoft

White Paper | Banking API Connectivity Powering Digital Strategy, by NXTsoft

NXTsoft

API Connectivity Powering Digital Strategy, by NXTsoft

Application programming interfaces (APIs) now serve as the critical device linking innovative technologies with fintech and core banking systems. This… Continue Reading

View resource