{"id":6341,"date":"2022-09-13T14:12:57","date_gmt":"2022-09-13T14:12:57","guid":{"rendered":"https:\/\/fintech.global\/cybertech100\/?p=6341"},"modified":"2022-09-16T07:48:34","modified_gmt":"2022-09-16T07:48:34","slug":"are-banks-safe-in-a-government-backed-cyberwar","status":"publish","type":"post","link":"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/","title":{"rendered":"Are banks safe in a government-backed cyberwar?"},"content":{"rendered":"\r\n<p><strong>In a period when tensions are heating up globally, the threats of war are becoming clearer, with a potential cyberwar still highly likely. In a cyberwar that is supported and, to an extent, headed by governments \u2013 would banks be safe?<\/strong><strong>\u00a0<\/strong><\/p>\r\n\r\n\r\n\r\n<p>According to Dave Harvey \u2013 head of Cybersecurity, UK for FTI Consulting \u2013 banks can be a primary target for nation-state-backed cyberattacks, especially in times of heightened global tensions, \u201cIn the current international climate, this risk is very real and can look different to each business depending on where they fit on the geopolitical spectrum.<\/p>\r\n\r\n\r\n\r\n<p>Harvey remarked that a successful cyberattack on a bank can be highly lucrative given the direct access to funds and cryptocurrency, which can be especially valuable to a country experiencing sanctions or seeing a significant decrease in the value of their national currency. He also remarked that in addition to the financial risk, an attack of this form could cause mass disruption and reputational damage due to the highly sensitive personal data at stake.<\/p>\r\n\r\n\r\n\r\n<p>Alongside a bank being a lucrative target for threat actors and political criminals alike, they also offer a status and a springboard to achieve objectives on a global scale. This is due to their size, clout and presence on global markets. Harvey believes this last point \u2013 linked to interconnectedness \u2013 can cause huge ripples.<\/p>\r\n\r\n\r\n\r\n<p>He remarked, \u201cA motive for nation-state actors is to infiltrate the networks of critical national infrastructure, such as banks, in order to achieve strategic objectives on a world stage. The interconnectedness of banks means the initial target of a cyberattack can be irrelevant \u2013 an attack intended for a specific bank could easily cross borders and harm innocent bystanders in other global locations.\u201d<\/p>\r\n\r\n\r\n\r\n<p>The potential challenges banks would face in a cyberwar are not hypothetical \u2013 with Russian state-backed hacker group\u00a0<a href=\"https:\/\/www.theguardian.com\/world\/2022\/feb\/23\/russia-hacking-malware-cyberattack-virus-ukraine\">Sandworm<\/a>\u00a0just one example of the real possibilities of government-backed cyber warfare.<\/p>\r\n\r\n\r\n\r\n<p>In the eyes of Harvey, cyber warfare \u2013 and the protection from it \u2013 requires wide-ranging input, \u201cGovernment-backed cyber warfare is an operational risk requiring input from all areas. It is paramount that governments and business leaders cooperate to align global cyber regulations to safeguard any data in jeopardy.<\/p>\r\n\r\n\r\n\r\n<p>\u201cWe are seeing this happen with bank regulations becoming more interventionist and prescriptive than previously issued guidelines. For example, the EU\u2019s Digital Operational Resilience Act (DORA) aims to ensure that all participants in the financial system have the necessary safeguards in place to mitigate cyber-attacks and other risks. While DORA can be viewed as a milestone in defending against the evolving cyber threat, it can also create uncertainty for organisations trying to be compliant. \u201c<\/p>\r\n\r\n\r\n\r\n<p>One of the most worrying findings by Harvey is that when viewed through the regulatory lens, it is become clear that the lines between nation-state-backed cyberattacks and criminality are blurred. He commented that this can add a level of confusion around sanction risk in cyber incidents, such as in ransomware scenarios where attribution is key to understanding whether payment to the hacker(s) would contravene sanctions.<\/p>\r\n\r\n\r\n\r\n<p>How can banks improve cyber resilience? Harvey remarked, \u201cBanks should begin by performing cybersecurity program assessments to identify vulnerabilities and ensure proper protections are implemented. This includes ensuring business continuity via policies, procedures and staff gap analysis. Such an assessment will also help determine if compliance requirements are being met.\u201d<\/p>\r\n\r\n\r\n\r\n<p>In addition, he believes that IT security teams must develop and test incident preparedness and response plans, ensuring that all stakeholders in the company are aware of their role, including C-level executives. Meanwhile, at a company-wide level, they should execute crisis simulation and table-top exercises to build employee awareness.<\/p>\r\n\r\n\r\n\r\n<p>Harvey concluded, \u201cLastly, if a breach occurs, banks should conduct a forensic incident response investigation and activate crisis management and strategic communications support immediately.\u201d<\/p>\r\n\r\n\r\n\r\n<p><strong>Denial of service risks<\/strong><\/p>\r\n\r\n\r\n\r\n<p>When it comes to the particular kinds of attacks possible by state-sponsored attackers, Simon Eyre \u2013 chief information security officer and managing director, Europe of Drawbridge \u2013 believes a key one is distributed denial of service attacks.<\/p>\r\n\r\n\r\n\r\n<p>He said, \u201cAvailability of Services to the public and to businesses is a critical part of today\u2019s modern online banking systems. Denial of Service attacks can cause significant outages of web portals and communications across the Internet for services like banks. During a conflict, causing disruption will often be more impactful than ransomware type attacks and will be the focus of state attackers.\u201d<\/p>\r\n\r\n\r\n\r\n<p>How can banks prepare for such an event? Eyre provided examples such as the Bank of England, who organise cyber resilience tests or cyber \u2018wargames\u2019 in order to simulate the types of attacks that are most likely to occur.<\/p>\r\n\r\n\r\n\r\n<p>Eyre commented, \u201cThese allow financial organisations the chance to test out their resiliency against attacks and put their Incident Response Plans through their paces. There will be countries without the preparedness of wargames or tabletop exercises and those will remain susceptible to attacks.\u201d<\/p>\r\n\r\n\r\n\r\n<p><strong>Sanction compliance risk<\/strong><\/p>\r\n\r\n\r\n\r\n<p>Alongside the risk of attacks and the kinds of attacks that could hit banks, there is also another challenge of remaining compliant with rapidly imposed financial sanctions.<\/p>\r\n\r\n\r\n\r\n<p>Alex Richter \u2013 head of PassFort \u2013 said, \u201dAlongside the cyber risk is that of staying abreast of the fast-changing regulatory and compliance landscape with quickly imposed financial sanctions. A recent statement by the FCA warned of the dangers faced and the consequences of failings in a bank\u2019s financial crimes systems. All financial institutions must ensure they are screening every financial transaction with the sanctioned individual list and go further to capture any indirect links.<\/p>\r\n\r\n\r\n\r\n<p>\u201cFailing to take appropriate action could be seriously damaging reputationally for a bank or financial institution.\u201d<\/p>\r\n\r\n\r\n\r\n<p>This article originally appeared on the <a href=\"https:\/\/member.fintech.global\/\">FinTech Global<\/a> website. <a href=\"https:\/\/member.fintech.global\/newsletter\/\">Sign up<\/a> to our newsletters to receive regular updates.<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>In a period when tensions are heating up globally, the threats of war are becoming clearer, with a potential cyberwar still highly likely. In a cyberwar that is supported and, to an extent, headed by governments \u2013 would banks be safe?\u00a0 According to Dave Harvey \u2013 head of Cybersecurity, UK for FTI Consulting \u2013 banks [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":6342,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[50],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.6.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Are banks safe in a government-backed cyberwar? - CyberTech100<\/title>\n<meta name=\"description\" content=\"In today&#039;s dangerous world, would a cyberwar that is supported and, to an extent, headed by governments \u2013 let banks be safe?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Are banks safe in a government-backed cyberwar? - CyberTech100\" \/>\n<meta property=\"og:description\" content=\"In today&#039;s dangerous world, would a cyberwar that is supported and, to an extent, headed by governments \u2013 let banks be safe?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/\" \/>\n<meta property=\"og:site_name\" content=\"CyberTech100\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-13T14:12:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-16T07:48:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/fintech.global\/cybertech100\/wp-content\/uploads\/2022\/09\/pexels-photo-5483064-1-696x464-2.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"696\" \/>\n\t<meta property=\"og:image:height\" content=\"464\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"editorial\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"editorial\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/\",\"url\":\"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/\",\"name\":\"Are banks safe in a government-backed cyberwar? - CyberTech100\",\"isPartOf\":{\"@id\":\"https:\/\/fintech.global\/cybertech100\/#website\"},\"datePublished\":\"2022-09-13T14:12:57+00:00\",\"dateModified\":\"2022-09-16T07:48:34+00:00\",\"author\":{\"@id\":\"https:\/\/fintech.global\/cybertech100\/#\/schema\/person\/700e93a9f1ec1d00f1b7baf07636829d\"},\"description\":\"In today's dangerous world, would a cyberwar that is supported and, to an extent, headed by governments \u2013 let banks be safe?\",\"breadcrumb\":{\"@id\":\"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/fintech.global\/cybertech100\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Are banks safe in a government-backed cyberwar?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/fintech.global\/cybertech100\/#website\",\"url\":\"https:\/\/fintech.global\/cybertech100\/\",\"name\":\"CyberTech100\",\"description\":\"The world\u2019s most innovative CyberTech companies that every financial institution needs to know about\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/fintech.global\/cybertech100\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/fintech.global\/cybertech100\/#\/schema\/person\/700e93a9f1ec1d00f1b7baf07636829d\",\"name\":\"editorial\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/fintech.global\/cybertech100\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e25caf13ff74e4ec69c5895b17b6b1e0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e25caf13ff74e4ec69c5895b17b6b1e0?s=96&d=mm&r=g\",\"caption\":\"editorial\"},\"url\":\"https:\/\/fintech.global\/cybertech100\/author\/editorial\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Are banks safe in a government-backed cyberwar? - CyberTech100","description":"In today's dangerous world, would a cyberwar that is supported and, to an extent, headed by governments \u2013 let banks be safe?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/","og_locale":"en_US","og_type":"article","og_title":"Are banks safe in a government-backed cyberwar? - CyberTech100","og_description":"In today's dangerous world, would a cyberwar that is supported and, to an extent, headed by governments \u2013 let banks be safe?","og_url":"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/","og_site_name":"CyberTech100","article_published_time":"2022-09-13T14:12:57+00:00","article_modified_time":"2022-09-16T07:48:34+00:00","og_image":[{"width":696,"height":464,"url":"https:\/\/fintech.global\/cybertech100\/wp-content\/uploads\/2022\/09\/pexels-photo-5483064-1-696x464-2.jpeg","type":"image\/jpeg"}],"author":"editorial","twitter_card":"summary_large_image","twitter_misc":{"Written by":"editorial","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/","url":"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/","name":"Are banks safe in a government-backed cyberwar? - CyberTech100","isPartOf":{"@id":"https:\/\/fintech.global\/cybertech100\/#website"},"datePublished":"2022-09-13T14:12:57+00:00","dateModified":"2022-09-16T07:48:34+00:00","author":{"@id":"https:\/\/fintech.global\/cybertech100\/#\/schema\/person\/700e93a9f1ec1d00f1b7baf07636829d"},"description":"In today's dangerous world, would a cyberwar that is supported and, to an extent, headed by governments \u2013 let banks be safe?","breadcrumb":{"@id":"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/fintech.global\/cybertech100\/are-banks-safe-in-a-government-backed-cyberwar\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/fintech.global\/cybertech100\/"},{"@type":"ListItem","position":2,"name":"Are banks safe in a government-backed cyberwar?"}]},{"@type":"WebSite","@id":"https:\/\/fintech.global\/cybertech100\/#website","url":"https:\/\/fintech.global\/cybertech100\/","name":"CyberTech100","description":"The world\u2019s most innovative CyberTech companies that every financial institution needs to know about","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/fintech.global\/cybertech100\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/fintech.global\/cybertech100\/#\/schema\/person\/700e93a9f1ec1d00f1b7baf07636829d","name":"editorial","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/fintech.global\/cybertech100\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e25caf13ff74e4ec69c5895b17b6b1e0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e25caf13ff74e4ec69c5895b17b6b1e0?s=96&d=mm&r=g","caption":"editorial"},"url":"https:\/\/fintech.global\/cybertech100\/author\/editorial\/"}]}},"_links":{"self":[{"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/posts\/6341"}],"collection":[{"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/comments?post=6341"}],"version-history":[{"count":5,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/posts\/6341\/revisions"}],"predecessor-version":[{"id":6372,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/posts\/6341\/revisions\/6372"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/media\/6342"}],"wp:attachment":[{"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/media?parent=6341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/categories?post=6341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fintech.global\/cybertech100\/wp-json\/wp\/v2\/tags?post=6341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}