Sibos 2016: Cybersecurity and the weakest links

If any delegates attending this week’s Sibos 2016 conference in Switzerland’s financial centre Geneva suspected that the topic of cybersecurity might be downplayed, any such thoughts were swiftly dispelled. Indeed, ‘Cyber resilience in a changing world’ was one of the sessions that kicked off the first day of the four-day event, which was standing room only long before the outset due to the mass of delegates keen to attend.

The session included a number of audience polls, with questions that included ‘Should all financial service firms be required to purchase dedicated cybersecurity insurance cover as part of a broader risk management policy?’ Rather like Brexit, opinion was evenly divided, with 46% of delegates agreeing with the proposal but 54% opposed.

As Stephen Scharf, chief security officer (CSO) for the Depository Trust & Clearing Corporation (DTCC) noted, while many are against it becoming compulsory, firms are increasingly opting to purchase cybersecurity insurance policies – although its protection extends to loss of revenue, but not loss of customers or loss of reputation for a firm that suffers a security breach.

He also noted that over the past decade, a prevailing reluctance by firms targeted by hackers to reveal security breaches and share information has steadily been broken down. “Attackers are increasingly collaborating, so those of us in the financial services sector need to do likewise,” he suggested.

Session chair, Federal Reserve Bank of New York executive vice-president Richard Dzina, commented that the past year had been marked by several high-profile security breaches that had only become public knowledge months after the event and that earlier information sharing would have helped pre-emptive protection measures. In the US, the passing of the Cyber Information Security Act (CISA) has proved a positive development in establishing a platform for individuals to step forward and issue alerts.

However, the session wrapped up with the confident assertion that cybersecurity will again be one of the main discussion topics at Sibos 2017 in Toronto. As Scharf observed, new and emerging technologies are the topic of much conversation, but the security breaches are still typically caused by fairly basic oversights and carelessness. “Don’t embrace new technologies at the expense of abandoning best practices,” was his advice.

Share and prepare

SWIFT chief executive officer (CEO) Gottfried Liebbrandt has faced leading questions on the issue of cybersecurity for much of this year – ever since the successful breach of security using the financial messaging provider’s network in February, which cost Bangladesh’s central bank US$81m. Colleague Yawar Shah, SWIFT’s chairman, stressed in his own opening address to delegates that while the financial service community is under attack from fraudsters using the network, the messaging service itself hadn’t been compromised. However, it was evident that underlying security at certain member banks had been.

Shah warned that cyber criminals were well organised, well funded and increasingly sophisticated. This, stressed Liebbrandt, put the onus on banks to practice ‘basic cyber hygiene’ in the same way that those in the medical profession were urged to follow the highest standards of cleanliness.

“It’s important to ‘share and prepare’,” he added. “If you’ve been breached and compromised they warn others so they have an opportunity to take preventative measures.” Shah suggested that the impact of cyberattacks on the banks was one of three main challenges facing the industry; the other two being the increasing cost of compliance with know-your-customer (KYC), anti-money laundering (AML) and other regimes and the shifting of the industry’s legal foundations caused by technological innovation.

Liebbrandt’s message to delegates was that as fintech is here to stay, “we have to move forward as it will eat our industry’s lunch unless we innovate”. SWIFT plans to roll out additional new services in response, including some that utilise Blockchain.

This current hottest of topics was also on the Day One agenda, with another heavily oversubscribed session in the afternoon moderated by Brian Behlendorf, executive director of the Hyperledger Project. As he asked the panel, there has been much talk of blockchain initiatives and collaborations over the past year, but the big unanswered question was when will something concrete actually take shape?

The answer appears to be that Blockchain applications are likely to be launched over the next 12 months, but expect them to be relatively small-scale projects as more ambitious schemes will take longer. As was noted, it is little more than a year since Blockchain received the accolade of a cover story from The Economist magazine and there is still a gap between the hype and the reality. As panellist Vivek Ramachandran, global head of product for HSBC’s trade finance business admitted: “It’s still early days for the technology in its adapting to the realities of financial transactions.”

(Main image credit: Sibos)


Related reading