The Strategist

EU may conduct stress tests of bank cybersecurity

01/23/2017 - 14:03

EU is pondering a possibility to carry out stress-tests on banks’ protection from cyber-attacks, said European officials and sources amid rising concerns about the banking sector’s vulnerability to hacker attacks.

Over the past few years, attacks against banks have become more numerous and sophisticated as criminals are finding new ways to attack financial institutions. In February 2016, hackers stole $ 81 million from the Central Bank of Bangladesh. The attackers broke into the credit institution’s system and gained access to SWIFT international banking settlements system.

Global regulators have tightened security requirements for banks after the cybercrime of such a gigantic scale. The latter has become one of the largest in history and made some countries check their bank security systems.

However, complex cyber-attacks kept growing in number, SWIFT told to its client banks in a November letter. This time, it was about a 2.5 million pounds ($ 3 million) theft from retailer Tesco Plc’s banking division. This was the first case of mass hacking of a Western creditor’s accounts.

Now, European regulators can arrange a stress-test throughout the EU to strengthen security of the banking system.

The European Commission is currently assessing "additional initiatives that can be developed to counter cyber-attacks", the commission’s representative told Reuters.

In 2016, the ECB announced its intention to establish a database for registering cybercrime cases in the Eurozone’s commercial banks. However, exchange of information between the countries’ governments is still an elusive prospect.

The European Commission is pondering whether a stress-test on cyber security would help to enhance protection, said Reuters’ source. Such a move would complement control measures already introduced in the UK and other EU countries.

The European Banking Authority (EBA), which is responsible for stress-testing European banks, this summer is expected to introduce inspections plans for mid-2018.

EBA’s official said that the agency is monitoring cyber security, but the decision to conduct stress test has not been taken yet. The agency’s chairman Andrea Enria urged EU countries to conduct stress tests of their financial institutions to identify risks.

According to forecast of Forcepoint’s analysts, one of the main threats to the cyber security will be credence to technology. Modern generation grew up with the Internet, so that’s not a surprise that people share a lot of information in social networks and keep biggest part of their personal data on their devices. Forcepoint says blind confidence may lead to an increase in random data leaks.

Insiders are the second threat to business in 2017. According to experts, the leak will occur not only due to external attacks on information systems, but also because of internal leakages.

Another danger lies in the fact that information is being completely transferred to cloud servers, which are more likely to be hacked.

Development of voice platforms may pose yet another peril. New types of control interfaces allow hackers to bypass existing protection. This, in turn, will lead to wider leakages associated with use of AI-based solutions. And if fraudsters gain control over artificial intelligence, they will create an automated and autonomous "hacking machine", instantly finding vulnerabilities and security holes.