Four years after the biggest bank hack ever, the global financial system remains vulnerable to cyberattacks that could cause severe disruptions, according to a report Wednesday that draws advice from government officials, the financial industry and other experts.
The assessment from the Carnegie Endowment for International Peace and the Word Economic Forum is the culmination of years of work, with touchstones ranging from the 2016 Bangladesh Bank heist where hackers made off with $81 million to a recent Chilean bank ransomware attack that shut down all of its branches.
“Our big concern is that if you look at what’s happened during the pandemic, but even before with the escalating threat that’s targeting the financial system from the Bangladesh incident to the Chile outage back in September, we’re clearly not keeping up with the threat and how quickly it’s evolving,” said Tim Maurer, director of Carnegie’s Cyber Policy Initiative. “The government and industry need to organize themselves better if they want to have a chance of keeping this at bay.”
Digital transformation, hastened by the coronavirus pandemic, has left financial services firms looking more like tech companies and tech companies looking more like financial services firms, the report says, and hackers are taking advantage of it.
The advisory group for the project includes representatives from the likes of the Federal Reserve Board, Bank of England, Amazon Web Services, JP Morgan Chase and the International Monetary Fund. One advisory group member, Lisa Monaco, served as homeland security adviser in the Obama administration and as an aide to President-elect Joe Biden when he was in the Senate.
Core principles of the strategy include the need for financial systems to withstand attacks, for nations to develop international standards on what constitutes inappropriate cyberspace behavior, for countries to work together to deter disruptive attacks and for the cyber workforce to be strengthened.
The strategy recommends that the G20 include a statement outlining specifics on cyberthreat information sharing in its 2021 communique, and for U.N. groups working on cyber norms to emphasize the critical nature of the financial system.
Much of the document is aimed at industry and international organizations, reflecting the reality that big cyberattacks often spill across international borders. Individual nations can and should take steps, too, however, such as establishing financial services computer emergency response teams (CERTs) and clarifying how they interpret international law in cyberspace.
Nations should forgo a broader new treaty on cybercrime in favor of more direct cooperation with one another, the strategy suggests.
The think tank will hold a discussion of the strategy Wednesday morning.