Listen to Audio |
The commonplaceness of computers and internet access offers a lot of business benefits. However, they also introduce persistent problems: rampant cyber threats. Whenever you use a smartphone or PC, it is inevitable to be exposed to potential cyber risks.
These threats are not something to be downplayed or ignored. They can mean more than just a temporary disruption. Their impact, at present, has been significantly worse than what the world has seen over the past decade. A recent report estimates that global cybercrime losses are set to exceed the $1 trillion mark in 2020.
This amount is more than 50 percent higher compared to the 2018 numbers and dozens of times bigger than what the past decade has seen.
A new threat to financial stability
Many are already aware of the costly consequences of cyberattacks, but it was only recently when the International Monetary Fund (IMF) labeled them as a financial stability threat. “As we become increasingly reliant on digital financial services, the number of cyberattacks has tripled over the last decade, and financial services continue to be the most targeted industry. Cybersecurity has clearly become a threat to financial stability,” an IMF blog post writes.
The authors of the post are Nigel Jenkinson, Division Chief of Financial Regulation and Supervision in the Monetary and Capital Markets Department, and Jennifer Elliott, Division Chief of Technical Assistance Strategy in the Monetary and Capital Markets Department. They explain that a successful attack on a major financial institution or a core system could have a rapidly spreading impact on the entire financial system. It can lead to widespread interruptions and loss of confidence among customers.
“In our view, many national financial systems are not yet ready to manage attacks, while international coordination is still weak,” Elliott and Jenkinson emphatically points out. To address this problem, the post suggests doing the “daily foundational risk management work” alongside the strategies proposed in the findings of an IMF research.
Foundational risk management – This refers to regular risk containment work that includes the updating of software, network maintenance, and the enforcement of a solid “cyber hygiene” by financial institutions and other firms that can become victims of cyberattacks. It also entails thorough cyber risk assessment and investments in cyber defense. Relying on free tools, especially for enterprises, is no longer acceptable given the sophistication and volume of attacks at present.
Stronger deterrence – Organizations need to invest in reliable prevention measures such as automated cyber threat penetration testing. Basic protections are no longer enough. Also, it is important to forge strong cooperation among law enforcement agencies, regulatory bodies, and security professionals to detect and develop solutions to emerging threats before they become bigger problems.
Cyber mapping and risk quantification – The IMF research team recommends the mapping of key operational and technological interconnections and crucial infrastructure. The potential impact of risks needs to be quantified to guide response, ensure a stronger commitment to address the problem, and come up with better ways to integrate cyber risk in financial stability analysis.
Response capacity building – There are no foolproof deterrence measures. Some cyberattacks are bound to succeed, so it is important to have the ability to remedy a breach and restore disrupted systems. Jenkinson and Elliot describe current response and recovery strategies as “still incipient, particularly in low-income countries, which need support in developing them.”
Regulation streamlining – Businesses do not have direct control over national security policies and regulations. However, they can advocate for their respective governments to come up with legislation or policies to boost cybersecurity. Notably, it is important to formulate and implement laws that are in line with the policies of other countries in the context of financial transactions. Stronger cross-border cooperation and coordination with international bodies such as the Committee on Payments and the Financial Stability Board can lead to more efficient actions against cyber risks.
Information sharing and capacity development – Private-public collaboration is a must as cyber risks become a more serious problem globally, especially in the financial sector. Unfortunately, significant barriers to achieving such cooperation remain. In particular, central banks and related government agencies tend to conceal or delay the release of information due to national security concerns and data protection laws. Something has to be done about these to enable better security information flow, which is vital in detecting problems and developing appropriate solutions promptly.
Not a continuation of current challenges
University of Oxford researchers, in partnership with the World Economic Forum, released a report that examines the current cybersecurity challenges confronting business leaders and the international community. The findings are rather alarming.
Accordingly, new cybersecurity risks “will not be not a simple continuation of current challenges.” Next-gen technologies provide new tools and platforms for cybercriminals to develop more powerful and complex attacks. Security systems need to evolve drastically for them to match the sophistication of new attacks.
“The research points to the likelihood of systemic cyber-risks, and a potential cyber-resilience deficit if no action is taken,” University of Oxford professor Sadie Creese says. “It is important that organizations can confidently embrace new technologies and the benefits they bring, and that will involve a number of cybersecurity challenges to be met,” he adds.
Just like the IMF research, the University of Oxford report recommends industry-government cooperation to deal with the next generation of cyber risks. The report also urges interventions from the international community to resolve security issues more effectively, especially when it comes to building the capacity of developing countries to respond to next-gen threats.
Worsening insider risks
Another reason why cybersecurity merits more attention is the growing threat of insider bad actors. A recent cyber threat report reveals that threats attributed to insiders are now more common than those related to external threat actors. The report says that 79 percent of security leaders are concerned that computer users are more likely to ignore IT security guidelines at present.
Additionally, the report reveals that “85 percent of CISOs admit they sacrificed cybersecurity to quickly enable employees to work remotely.” More importantly, the report found that incidents associated with insiders were among the most difficult to detect. Around a quarter of the security professionals surveyed said that it took them weeks or months to detect data theft perpetrated by employees.
Most organizations have been accustomed to putting up defenses against external security threats. The increased prevalence of insider risks requires a rethinking of existing security strategies.
Collaboration needed
If the typically security-paranoid financial industry considers cyber threats potentially destabilizing, it is only logical for everyone to be more meticulous in anticipating and addressing cyber attacks. They are not only increasing in volume; they are also evolving into more complex problems that pose more threatening consequences and unfamiliar scenarios. The solutions cannot be solely entrusted to security firms. Industry-government collaboration is a must along with heightened vigilance among individual computer users.
