Cyber Attack: Biggest Risk to the Financial Sector
Cyber Attack: Biggest Risk to the Financial Sector
Cyber risk has emerged as a key threat to financial stability, following recent cyberattacks in the financial sector. This article discusses major 2020 Financial Institution cyber attacks, different cybersecurity compliance laws, and if you’re a financial institution, how to protect your organization?
2020 Financial Sector Cyber Attacks
Cybersecurity risks to the financial system have grown in recent years, in part because the cyber threat landscape is worsening; in particular, state-sponsored cyberattacks targeting financial institutions are becoming more frequent, sophisticated, and destructive. Below is the table showcasing major 2020 cyberattacks in the financial sectors.
|Institution||Location||Month(Year 2020)||Method/Type of Attack|
|European Central Bank||Germany||October 23||Disruption|
|Vizom Banking||Brazil||October 19||Malware|
|BetterSure||South Africa||October 11||Phishing|
|Japan Stock Exchange||Japan||October 1||Disruption|
|Hungarian Banks||Hungary||September 23||DDoS|
|Russian Banks||Russia||September 23||Ransomware|
|Chilean Banco Estado||Chile||September 6||Ransomware|
|CIH Bank||Morocco||August 28||Skimmer|
|North Korean ‘BeagleBoyz’ Global Campaign||World Wide||August 26||Malware|
|New Zealand Stock Exchange||New Zealand||August 26||DDoS|
|Experian South Africa||South Africa||August 19||Data Breach|
|Canadian COVID-19 Relief Fund||Canada||August 15||Theft|
|Dave Third Party Banking App||United States||July 25||Data breach|
|Twitter Accounts Hijacked for Bitcoin||United States||July 15||Theft|
|Chinese tax software||China||June 25||Multiple|
|European Bank||Europe||June 21||DDoS|
|Coincheck||Japan||June 4||Data breach|
|Banco BCR||Costa Rica||May 21||Ransomware|
|Indian Mobile Banking Apps||India||May 14||Malware|
|Norfund, Norway’s state investment fund||Norway||May 13||Theft|
|dForce Cryptocurrency||China||April 21||Theft|
|Spanish Banks||Spain||April 13||Malware|
|South Korean and US Payment Card||South Korea, United States||April 9||Theft|
|Monte de Paschi Bank||Italy||March 30||Data breach|
|Square Milner||United States||March 25||Data breach|
|Finastra||United Kingdom||March 20||Ransomware|
|Australian Banks||Australia||February 25||DDoS|
|PayPal||United States, Germany||February 21||Theft|
|Sub-Saharan African Banks||Africa||January 2||Malware|
Among cyber attacks in the above table, fraud and data breaches are more prevalent, yet business disruption is also significant. As per the ORX News dataset,
In the Financial Sector cyber-attacks- fraud accounts for 43% of events, data breach 34% and disruption 23%.
While business disruptions are known immediately, the other types of cyber-attacks can take place for months or years before being noticed and reported, which could lead to a downward bias in the dataset.
Data on cyber risk is notoriously scarce, since there is no common standard to record them, and firms have no incentives to report them.
Major Cybersecurity Compliance Law
In the U.S.the current SEC guidance explains how and when firms should disclose the information to investors. However, there is scope to provide a framework to report cyber-attacks, which could better address existing data gaps.
In the European Union, the General Data Protection Regulation (GDPR), requires firms to report breaches to the competent supervisory authority within 72 hours. Failure to comply with the reporting requirements could lead to fines up to EUR 20 Mn or 4 percent of global annual turnover (whichever is higher).
Recent PSD2 rules modifying cashless payments have entered into force and are applicable throughout the EU, as well as within the EEA. Only payment services that comply with PSD2 could be used for purchases made on the Internet using bank cards. Those who will accept cashless payments will have to require two-factor authentication, thus making cybersecurity stronger.
The financial sector is highly exposed to cyber risk, across all types of countries. The below image shows the cross-country heterogeneity regarding cybersecurity, with most Advanced Economies and Emerging Markets having a high value of the cybersecurity index (above the median), while middle income and low-income countries tend to have lower values.
Sources: Factiva; and author’s calculations
According to a report among financial institutions, banks account for the bulk of the attacks (91 percent of the attacks), followed by insurance companies (7 percent). Among banks, retail banking activities (39 percent of the total) and credit card services (25 percent) were the main business lines targeted.
How can financial organizations protect themselves from cyber-attacks?
With the proper cybersecurity measures, financial organizations can avert themselves against probable cyber-attacks. This includes:
- Undergoing periodic vulnerability assessment and penetration testing on a regular basis.
- Limiting administrative access to only those employees who have an actual requirement.
- One of the most effective methods to enhance cybersecurity is to conduct cybersecurity awareness and training for employees on a regular basis with the help of a security attack simulator and awareness tools.
With proper adoption of the above cybersecurity measures, organizations become better at defending themselves against every possible cyber threat and thus protect their cyberinfrastructure.