Banking and Finance

Published on 01 Apr 2019

Updated on 08 Oct 2019

CyberSense is a monthly bulletin by CSA that spotlights salient cybersecurity topics, trends and technologies, based on curated articles and commentaries. CSA provides periodic updates to these bulletins when there are new developments.


OVERVIEW

Many banking and financial institutions are at the forefront of cybersecurity best practices, deploying advanced technologies to secure their systems. Their efforts in cybersecurity may be instructive for other sectors.

finance

Their security posture is very necessary. The banking and finance sector remains a lucrative target for cybercriminals and other cyber actors. In 2016, the Society for Worldwide Interbank Financial Telecommunications (SWIFT), a network that thousands of banks around the world use to move money, was targeted. Attackers exploited system and process vulnerabilities in individual banks to send seemingly authentic SWIFT instructions and successfully stole about US$100 million from at least three banks (Bangladesh Central Bank, Ecuador’s Banco del Austro, and an Ukrainian bank).

In Singapore, the Monetary Authority of Singapore (MAS) and financial institutions have been working closely together to bolster cybersecurity. In July 2016, MAS issued new Guidelines on Outsourcing Risk Management to financial institutions. These guidelines build on existing ones to better capture evolving threats such as heightened cyber risks. MAS also collaborated with the Financial Services Information Sharing and Analysis Centre (FS-ISAC) to encourage regional sharing and analysis of cybersecurity information within the financial services sector. The centre began operations in November 2017.

REPORTS

NEXT FINANCIAL CRISIS MAY BE TRIGGERED BY A CYBERATTACK, SAYS MAS CHIEF

Speaking at the Austrian Securities Investments Commission, MD/MAS highlighted that the next financial crisis may be triggered by a cyber-attack. Cyber-attacks are less visible and often hit many firms at the same time, are a growing threat to the financial ecosystem, and that financial technology (FinTech) could accentuate the risk.

The financial sector has benefitted from technological innovation, as evident in the growing use of digital payments and use of big data to gain richer insights into customer behaviour. Given the sector’s high reliance on technology, cyber risk management will be the new frontier for global regulatory efforts and supervisory co-operation to address emerging cyber threats.

Read on by clicking on the story below:


CYBER INSURANCE THE NEXT GROWTH FRONTIER FOR LOCAL INSURERS, SAYS MAS

Local insurers should look to cyber risk management for growth, as enterprises grapple with increasingly sophisticated attacks. MAS highlighted that despite growing risks, cyber insurance adoption by SMEs remains low at less than 10 per cent. Cyber insurance adoption in Asia is not keeping pace with the proliferation of technology in the region, MAS observed.

Insurability remains a problem as cyber insurance demand grows – with policies not standardised and underwriting hindered by scarcity of publicly available data on the scale and financial impact of attacks. To facilitate the systematic collection and modelling of cyber risks, MAS launched the Cyber Risk Management Project. The project brings together industry, academia and Government in a partnership to tackle demand and supply challenges confronting the cyber insurance marketplace.

Read on by clicking on the story below:


AS ATTACKS GROW, EU MULLS BANKING STRESS TESTS FOR CYBER RISKS

The European Union is considering testing banks’ defences against cyber-attacks. The EU noted that cyber-attacks against banks have increased in numbers and sophistication in recent years, with criminals finding new and deceptive ways to target banks beyond trying to illicitly obtain details of customer’s online. Against the backdrop of the SWIFT hacks, global regulators have tightened security requirements for banks, and in some countries have carried out checks on lenders’ security systems.
According to a report released by the European Banking Authority in December 2016, banks are struggling to demonstrate their ability to cope with the rising threat of intruders gaining access to critical systems and data. The European executive commission is assessing additional initiatives to counter cyber-attacks, which include “cyber-threat information sharing or penetration resilience testing of systems”.

Read on by clicking on the story below:


N. KOREA BANKING ON CYBER ATTACKS ON BANKS FOR CASH?

Hackers linked with North Korea while breaking into Polish banks late 2016 left a trail of information about their apparent intentions to steal money from more than 100 organisations around the world. Based on the list of Internet Protocol addresses, targets included institutions such as the World Bank, the European Central Bank, and big United States companies such as Bank of America.

Security researchers said the hit-list found embedded in the code of the attack, underlines the level of sophistication of the North Korean hackers. Their goals have turned financial, in addition to efforts to spread propaganda, heist data, disrupt government, and news websites in nations considered enemies.

According to South Korean officials, there are about 1,700 hackers in North Korea’s hacking network. More than 5,000 trainers, supervisors, and others in supporting roles. However, these hackers typically work abroad because of North Korea’s poor infrastructure.
Read on by clicking on the story below:


CYBER ATTACKS RAISE QUESTIONS ABOUT BLOCKCHAIN SECURITY

Established companies such as UBS and Santander and newer FinTech companies Ripple and R3 are ripping out old systems of moving money and replace them with quicker and cheaper blockchain technology. However, a series of cyber-attacks against digital currencies has left the financial services industry wondering whether the new blockchain technology can be made secure enough for criminals. The flaws in the code and storage problems have proven to be headaches for the financial industry.
Cybercriminals have targeted companies using blockchain and digital currencies. Experts are divided over whether the public nature of blockchain helps or hinder security. Notably, Stefan Thomas, Chief Technology Officer of Ripple, said that a public network which is constantly tested and examined is better than “security by obscurity” that features in the current banking system. On the other hand, IBM is creating a blockchain where all participants are verified but – as it can scale to millions of people – this gives added security of more eyes watching each transaction.

Read on by clicking on the story below:


PHISHING IN CHINA: HOW TO PROTECT YOUR BUSINESS

As businesses transform and introduce more digital platforms to interact with clients, phishing risks have increased in tandem. With the popularity of platforms such as Alipay and WeChat Wallet, the Chinese Economy has found itself particularly vulnerable to the new age of phishing. Industry watchdogs estimate that RMB 195 million (about S$39.7 million) was lost to Internet fraud in 2016, an increase of over 53 per cent compared to 2015. More than half the loss – about RMB 110 million or S$22 million – was due to phishing. Beijing had the highest number of cases and amount of monetary loss, but Shenzhen, Shanghai, and Guangzhou also ranked high.

The article noted that the best protection against phishing is greater awareness. It is the end-user behaviour that needs to change through education, and that needs to be on-going as phishing attacks will only keep evolving.

Read on by clicking on the story below:


SOURCES INCLUDE: China Briefing, Financial Times, Reuters, Singapore Business Review and The Straits Times