The threat of cyber-attacks is one now being taken seriously by the financial sector and fintech executives in the Middle East and elsewhere.
After more than a decade of warnings and the growing reality of harm caused by digital malfeasance, the age of awareness raising is truly over. More than 70 per cent of financial sector leaders in the US have listed cyber-related threats as a top risk.
That’s not surprising when, according to some estimates, one in five malware deployments are aimed at the sector. As in other sectors, ransomware – extortion through locking victims out of their systems – is a problem that risks growing exponentially.
That in turn isn’t surprising given crime and malevolent state activity tend to follow where the money is. Damage can range from small-scale theft (where each case is small but the aggregate damage is large across the whole system) through to the spectacular.
Four years ago, the Bank of Bangladesh was robbed of $81 million. Had it not been for a minor typographical error noticed by authorities in New York, it is believed the loss could have been ten times as great.
But these stories are not a reason for despair; they are a reason to redouble efforts to manage risk effectively. Indeed, the financial services sector, in particular, has three in-built advantages which help explain why financial institutions are the best protected of any of the privately-owned critical sectors.
Inbuilt legacy checks
First, banks already have strong internal controls to manage the risk of insider trading and so-called ‘fat finger’ trading. Both of these rely on limiting the damage any one person or group of people acting wrongly – whether intentionally or accidentally – can do.
These controls work in cyber security too: if a rogue trader can’t manipulate systems easily to bring down a bank, axiomatically that makes it harder for an outside cyber attacker to do the same.
Second, regulators have been smart in finance. Rather than create a box called ‘cyber’ that requires executives to tick it, cyber resilience has been built into the regulatory model as a whole. And the big, inter-bank clearing systems are being designed with cyber resilience in mind.
Share the concerns
Finally, the industry has acted sensibly. It’s the one sector where information sharing is more than a slogan; useful data actually gets shared between institutions who are normally competitors. Well-resourced, technically competent centres are springing up in the various regional financial hubs
Indeed, thanks to these strengths, there is much to celebrate and takeaway from the performance of the financial system and fintech in the extremely challenging year of 2020. The massive increase in dependency on digital commerce has not been accompanied by a catastrophic increase in cyber-related financial crime.
Consumers have not lost confidence in e-commerce: what 2020 would have been like if they had does not bear thinking about.
That experience points the way forward as we move towards a new era of technology. Technology is changing, and with it so is both the financial sector and fintech. But we know what we have to do.
Bring on added security
Rather than approach the new technology with an attitude of fear, we need to focus on investing in cost-effective security by design. The technology we use now was developed without security in mind.
That was no one’s fault. It’s just the way it happened. But it left us with an ecosystem where services were free in cash terms so long as the citizen gave away mountains of personal data - not a good recipe for security.
As we move towards the age of blockchain transactions, machine learning, 5G-enabled services, and quantum, we need to make sure we do not repeat this mistake. The development of these new technologies must be accompanied by a commensurate effort to secure them and build security into the way they work.
Quantum computing, in particular, gives rise to huge opportunities by also existential challenges to the way financial transactions have been secured for decades. Fixing the present and building in security and resilience for the future are the ways in which we will ensure a prosperous digital financial ecosystem in the years ahead.
- Ciaran Martin is CEO of National Cyber Security Centre and Professor at University of Oxford.