BIS: Cyber-attacks on Financial Sector Never Been Greater

By Tom Alford, Deputy Editor, TMI

The connected nature of business today means it has never been more important for treasurers to recognise and respond to the risks impacting their partner ecosystem. In particular, given the agenda for digitalisation, understanding the ever-changing threat of cybercrime to the financial sector, and how it reacts, could become an essential early warning system for weak links in that ecosystem.

The recently released Bank for International Settlements’ (BIS) report on Covid-19 and cyber risk in the financial sector has shown that it has been hit by hackers more often than other sectors during the Covid-19 pandemic. The report should make interesting background reading for treasurers and other corporate finance professionals looking to build out their own defences in the face of the cyber onslaught. 

The report found:

  • The use of remote access technologies such as the remote desktop protocol (RDP) and virtual private network (VPN) increased by 41% and 33%, respectively, in the first two months of the outbreak, potentially making staff more vulnerable
  • Covid-19-related attacks grew with the spread of the pandemic, from fewer than 5,000 per week in February to more than 200,000 per week in late April. They rose further by around one third in May and June compared with March and April
  • While this has not yet led to significant disruptions or a systemic impact, there are substantial risks from cyber-attacks for financial institutions

SWIFT response

Brett Lancaster, Head of the Customer Security Programme at SWIFT, comments: “The threat posed by cyber-attacks to the financial sector has never been greater and Covid-19 has made this cat-and-mouse game even more difficult.

“As the BIS report shows, staff have been staying away from their secure office environments and working remotely, mostly from home and organisations have had to accept additional security risks. Meanwhile, cybercriminals are adapting their methods to include spear phishing campaigns, account impersonation and takeovers of remote onboarding and meetings, creating new challenges.

“That said, the financial industry has continued to adapt to reinforce its systems and share information. For example, The ECB [European Central Bank] set up the Euro Cyber Resilience Board for pan-European Financial Infrastructures (ECRB) information sharing working group, which is chaired by SWIFT. This was the first time that major financial infrastructures, Europol and the European Union Agency for Cybersecurity have jointly taken steps to share cyber-threat information across major European infrastructures.

“It is helping to drive intelligence sharing across the European market and create a model for centralising data, which can also lower cybersecurity costs for organisations. However, while this is a huge step in the right direction, this journey isn’t over. We must continue to remain vigilant, work together, adapt processes and share information as a community to collectively strengthen the industry’s defences.”

Helping hands

With the notion that prevention is better than the cure in this space, TMI offers readers regular updates on how to prepare in the battle against cybercrime. This recent article with Royston Da Costa, Assistant Group Treasurer, Ferguson, and Michael Juen, Chief Customer Officer, Coupa, demonstrates the depth of skill in treasury when it comes to countering cybercrime. On a broader level, this article on building a smarter treasury with Maggie Li, General Manager, TCL Finance Company and Calvin Matundura, Treasurer, Safaricom, offers some timely advice on strengthening treasury’s connections with the world.