FMIs face more cyber threats than ever but remain robust to attacks

Sibos speakers say FMIs faced increasing cyberattacks during the pandemic but responded well to the ongoing risks and workplace disruption

By Leanna Reeves | 14 October 2020

Despite growing risks of cyberattacks and the need to switch to remote working, Financial Market Institutions (FMIs) adapted well to the crisis, according to speakers at Sibos.

“FMIs could quickly move to the new mode of working, especially during volatile markets. It all went smoothly,” said Fiona Van Echelpoel, deputy director-general at the European Central Bank (ECB). “Due to prudent and forward-looking business continuity planning on part of FMIs but also due to a general increase in remote working before the pandemic started.”

Van Echelpoel said FMIs raised awareness around remote working and the related cyber threats that they could face prior to the pandemic, which enabled them to be better prepared.

She added the increased move to electronic and contactless payments also changed the risk outlook, particularly as threat actors benefitted from the uncertainty caused by the crisis and used context to spread malware.

Jonathan Pagett, acting CISO at the Bank of England (BoE), says the central bank invested in several secured access solutions which have enabled it to adapt to the pandemic and tackle the increased risks of cyberattacks.

“There’s also potential erosion of good security culture that we have in the organisation. The BoE is a very large historical institution and when you’re in there, it reminds you that you are working at a sensible organisation. There’s always the danger of people being sat at home and getting comfortable – it’s a different kind of feeling. We’ve put a lot of effort into security awareness.”

As FMIs switched to remote working, attackers also looked at third parties supply chains and shifted their focus onto large organisations, according to Mike Brookes, head of cyber intelligence at Barclays.

“Resilience plans were tested quickly,” he said. “It’s been challenging to try to address the risks of how we manage security within our supply chain and how do we operate at the same time remotely to address those risks.”

Hackers also focused on spam attacks while using coronavirus related content to phishing rules – a trend that was prevalent in the early stage of the crisis, said Wendi Whitmore, vice president of IBM X-Force Threat Intelligence.

IBM X-Force Threat Intelligence identified a 6,000% increase in spam attacks using coronavirus content between March and April, added Whitmore.

A TSB research also revealed that over 11,500 of coronavirus theme phishing scams were reported between February and June, in which fraudsters impersonated organisations handling virus and lockdown measures.

“Since May, however, we’ve seen a shift and a huge decrease in that activity, and it seemed that cybercriminals themselves were tired of that,” she said.

Theft of intellectual property around organisations and the supply chains and testing research has also been a key issue during the crisis, according to Whitmore. The industry also encountered a continued increase in ransomware attacks across the globe.

Jerry Perullo, chairman at FS-ISAC, and chief information security officer at Intercontinental Exchange, said there hasn’t been a significant change in the targeting of attackers – but the themes of phishing have particularly changed.

“We expect that malware will start looking to see if people are working remotely and if so, they will profile what company they are working for – but we aren’t quite seeing it yet. But we are ready for it. It’s only been a few months now and they have work cycles just like the rest of us,” he added.

Overall, the rise in cyberattacks is a natural response to the growing adoption of digital services internally by FMIs, believes Pagett – meaning there is more opportunity than ever for attackers, which has become an increasing concern as a new range of infrastructure now needs protection.

In August, a cyberattack caused the New Zealand stock exchange to close doors for two days in a row, reported The Guardian – which sheds light on the growing concern and extent of these sophisticated attacks.
 

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development