EU set to test banks’ cybersecurity

European Union (EU) officials have indicated that European banks’ cybersecurity defences may be tested to gauge how resilient their systems are to the growing incidence of cyberattack.

The frequency, sophistication and ambition of attacks have increased in recent years, as criminals find new ways to target banks beyond trying to illicitly obtain details of their customers’ online accounts. Among the most high-profile was last February’s US$81m heist on the Bangladesh central bank when hackers infiltrated its system and gained access to the SWIFT international transactions network.

Reports of a possible EU-wide stress test follow the publication last month of a report from the European Banking Authority (EBA), which found that financial institutions “are struggling to demonstrate their ability to cope with the rising threat of intruders gaining unauthorised access to their critical systems and data.”

A year ago, the European Central Bank (ECB) established a database to register and track incidents of cybercrime at commercial banks as part of a longer-term goal to establish a database to register and track cybercrime occurrences at commercial banks, with the ultimate goal of creating an “early warning and analysis system” geared toward major lenders.

However, according to the EBA, Europe’s banks are reliant on a digital infrastructure that is “rigid and outdated”. The EBA is expected to detail this summer the checks it intends to impose in its next stress test exercise on Europe’s banks, planned for mid-2018. In the meantime, the EU agency for network and information security (ENISA) has reported that blockchain technology has the ability to introduce efficiencies and cut costs but not to eliminate security concerns, particularly in decentralised networks.

Rob Norris, ‎vice president (VP) and head of enterprise and cyber security for Europe, the Middle East, India and Africa (EMEIA) at Fujitsu commented: “The news that the EU is considering cyber stress testing, similar to that of the UK is a wise idea. With the number of threats continuing to increase exponentially, customer trust has never been so valuable or hard to come by and as such it has never been more important for banks to test and ensure they are protected appropriately.

“It is paramount that the industry does not overlook or get complacent about security or place it in the “too big to fix” category, and instead takes a proactive approach. Banks need to be able to spot, react and defend against a breach quickly, by having a threat monitoring/detection system in place which is where stress testing can play a pivotal role, providing the necessary context to deal with today’s advanced cyber threats. With digital continuing to pave the way in financial services, the industry can no longer afford for it not to be the number one priority.”


Related reading