Banks must arm themselves for the age of cyber warfare
The dangers of cyber attacks are rapidly becoming apparent to banks, which are having to arm themselves against this new threat at a time when they are already grappling with capital, liquidity and governance risks.
It is less scary than a nuclear arms race but the escalation in cyber attack capability is still scary – especially for banks as they are a key target. The realisation that the attackers may be governments with greater skills than criminals only adds to the challenge of keeping financial institutions safe.
Reports in late August 2014 that US authorities were investigating a new wave of attacks on US banks, including JPMorgan Chase, clearly illustrates the dangers. News agency Bloomberg reported that the investigation was looking at the alleged involvement of the Russian government in the attack given the tensions between the two countries over the situation in Ukraine. A security expert was quoted as saying that the hackers’ ability to breach several layers of security appeared to be "far beyond the capability of ordinary criminal hackers".
With criminal cyber attacks it is easier for financial institutions to understand what they are dealing with and come up with a defence. Criminals want money – or information they can sell to make money, such as credit card details – so if they try and fail a couple of times they will move on to an easier target. From the banks’ perspective being 'best in class' from a security point of view will probably be a sufficient deterrent.
But, with cyber attacks entering the realm of espionage, or resulting from conflicts between governments, the likelihood is that the hackers will carry on until they get a result. “They have all the money in the world and all the patience in the world,” says one expert quoted in The Banker’s September cover story on cyber attacks.
What is worse is that the fight against criminals could arguably lead to a joined-up response from different governments working together and leading to prosecutions. But, if banks are caught in between long-running government conflicts, it is hard to see how it can ever be resolved.
The past few years have been dominated by new initiatives to deal with capital, liquidity and governance risks in banks. On the current evidence, a government-sponsored cyber attack is of equal, if not greater, concern.
Brian Caplen is the editor of The Banker.
