I strongly recommend you take some time to read this piece in The Economist on hacking and cyber-security.
As the journalist very rightly points out - cyber-attacks are growing exponentially. This means that financial institutions need to invest more (and in the right way) to try to mitigate cyber risks.
“We recognise that we’re never going to prevent everything,” says the cyber chief of a top American bank. “So we have to have layered defences that assume multiple defences will fail.” And of course, he is spot on. But layered cyber security should refer not only to different solutions at network, systems, application and data levels, but to investments prioritised by company’s business information risk as well, including a particular focus on crypto and digital assets.
We believe that the cyber strategy and operating model, including governance, policies, procedures and technical solutions, should change and evolve at the same pace of attacks. And this evolution and should cover third-party cyber risk management too.
In addition to this, global sharing of cyber information (threats, attacks, vectors, criminal organisations) between banks and public institutions should be improved to better detect possible incidents. The forthcoming EU regulation Digital Operational Resilience [Act] for the Financial Sector (DORA) introduces the principles of guidelines on information sharing arrangements for cyber threats and vulnerabilities.
Global Computer Emergency Response Teams (CERTS), at country and European level, are also starting to have an important role in the global ability to respond to cyber criminals and banks should be more and more part of that network.
To find out more on this I would recommend you speak to my colleague, Lorenzo Grillo.
TALK TO BANKERS and some will tell you that when it comes to cyber-crime, they are second only to the military in terms of the strength of their defences. And yet trawl the dark web, as Intel 471, an intelligence firm, did on behalf of The Economist in May, and it is obvious that attempts to breach those walls are commonplace. One criminal was detected trying to recruit insiders within America’s three biggest banks, JPMorgan Chase, Bank of America and Wells Fargo, offering a “seven-to-eight-figure” weekly payment to authorise fraudulent wire transfers. Another was auctioning the details of 30m accounts at Bank Mellat in Iran (a country of 83m).