GENEVA -- It should come as no surprise that the Bangladesh Bank breach was a topic discussed during a panel session on cybersecurity Monday at Sibos 2016. Experts discussed the implications that the incident has for banks—and treasury and finance departments.
Given that banks and SWIFT are systemically important to the global financial system, one attendee asked the panel about the systemic risk that the Bangladesh hack and those like it pose to the financial services sector. “What activities does the market need to now put in place to consider and deal with those risks?” he asked.
Moderator Richard Dzina, executive vice president of the Federal Reserve Bank of New York responded that the risks for the marketplace are clearly “quite large” and prominent. He stressed the importance of securing the entire environment, beyond that of the infrastructure operator.
Adrian Nish, who leads the Threat Intelligence team in BAE System’s Applied Intelligence division, added that a lot of effort has gone into creating better guidelines for financial services to protect themselves, but the actual implementation has been lacking. “The systemic risk is where you don’t have implementation being global,” he said. “If you have weak links in the system then there is the risk that attackers will have success, like we’ve seen. I think there are some additional scenarios that need to be considered. Where might attackers might potentially go next? What could they do if they got access to multiple banks at once? Those are things we are working with our customers and partners on, and I think more updated guidance may come out as a result of this.”
That question of where attackers could potentially go next is a question on the minds of many treasury and finance executives. Fraud tends to move where the security isn’t; for example, whenever any nation has implemented chip card technology, card-not-present (CNP) fraud tends to spike. So now, with banks tightening up their SWIFT connections following the fallout from the Bangladesh Bank incident, could those same attackers begin to target corporates connected to SWIFT?
So far, Nish hasn’t seen this happen, but he conceded that it’s possible. “We may see it,” he told AFP. “Attackers are always looking for the edge. They’re always looking for the weak links. So if they’re gaining success with the techniques they’re using at the moment, they’ll continue doing that. When people have secured that better, they’ll move onto the next thing, which may be corporates.”
Nish added that at the moment, it’s very tough to predict what these particular attackers could do next because so little is known about them. “These actors are very skilled at operating covertly. They’re very skilled at cleaning up any evidence of the attack,” he said. “So even if you know an attack has happened at an organization, actually finding that evidence even after the fact is a real challenge. All we can be sure of is that it’s going to continue to be an issue. But knowing exactly where the attackers will go is going to be hard at this point.”