kayhan.ir

News ID: 27146
Publish Date : 28 May 2016 - 21:01

Banks Pressed to Step Up Defenses Against cyber Attack

LONDON (Financial Times) - Banks received a double dose of pressure to tighten up their defenses against cyber attack on Friday as they were admonished on the subject by one of Europe’s top regulators and the Swift global payment messaging system.
Andrea Enria, chairman of the European Banking Authority, said that national regulators in Europe should stress test financial institutions to assess their vulnerability to hackers and force them to hold more capital if they are not doing enough.
His comments came as the issue of cyber security has shot up the agenda in the financial sector after several Asian institutions, including the Bangladesh central bank, were hacked by criminals trying to steal money over the Swift network.
Swift, a vital cog in the financial system that handles more than $6tn of transfers every day, on Friday unveiled a "customer security program” that includes plans to audit its 11,000 member institutions to check that their own security is up to scratch.
The Brussels-based group, which has found evidence of potential cyber attacks at up to 10 of its members, mostly in Asia, said it would develop "audit standards and certification processes for the secure management of Swift messages at customer sites”.
"We will look into if and how customers’ compliance to these baselines can be made transparent to, and enforced by, counterparties, regulators and ourselves,” Swift said, adding that its response would be tailored to each type of institution.
Swift said that members would have to share more information and tighten the security of their own systems. It promised to "harden” its own products, such as by expanding use of "two-factor authentication” that checks two components of a person’s identity.
Three cases of Swift members being hacked have emerged so far. In February, hackers gained access to the Swift codes of the Bangladesh central bank and attempted totransfer $951m from its accounts at the US Federal Reserve, but made off with only $81m.
In December, hackers made a similar, unsuccessful attempt to steal more than $1m from Vietnam’s Tien Phong Commercial Joint Stock Bank. This week, internet security specialists Symantec wrote a blog reporting the discovery of a third case involving similar hacking techniques at an unnamed bank in the Philippines last October.
In all cases, cyber criminals infiltrated the institutions’ own computer systems via malware before attempting to move money via the Swift network and then covering their tracks. Swift has said its own systems were not penetrated.
Swift said that it would "explore the feasibility of tools that would detect anomalies on our own network” such as by using pattern-recognition technology to spot suspicious transfers and allow them to be quickly checked or recalled.
Mr Enria of the EBA, speaking to Reuters in Beijing, said: "I would not run a massive cyber-risk attack scenario for 28 member states at the same time. But if you ask me would I recommend competent authorities to think more on this and consider running this type of stress test? I would say yes.”
His comments came after Mary Jo White, chair of the US Securities and Exchange Commission, last week said that cyber security was the biggest risk facing the financial system, but banks’ "policies and procedures are not tailored to their particular risks”.
The European Central Bank this year started collecting data on significant cyber incidents at 18 of the eurozone’s biggest banks. While the ECB’s real-time cyber incidents database is in a pilot phase, it is due to be rolled out to all 130 banks it regulates next year.
The Bank of England has already been stress testing the cyber defenses of the country’s big banks by carrying out "ethical hacking” exercises since last year.