InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
Cyber criminals have had the Swiss financial sector in their sights for some time now. To date, however, only a minority of incidents have become public knowledge. Nonetheless, because of the increasingly stringent reporting obligations in force, more and more cases are coming to light and cannot be swept under the carpet. Over 300 times more attacks are recorded in the banking sector as compared with other industries, a trend that if anything is rising. It’s therefore more important than ever to take preventive action. Here you can read how to do this.
In recent years, digitalisation has brought enormous changes to the financial sector. From online banking and processes for providing digital financial advice to the increasing tendency to outsource services to the web, virtual banking services are becoming the norm. Both for service providers and for the clients who often prefer digital services, this shift brings a number of benefits.
Unsurprisingly, however, there’s also a downside, in the form of new opportunities for attack and a set of associated risks that even now remain hard to assess. Against this background, it’s vital that we rethink our approach to cyber security. Today, every organisation needs to work on the basis that its systems have already been infiltrated and compromised. The urgent focus right now therefore needs to be on preventive measures, with the aim of identifying potential threats early on, detecting attacks as they occur, and rapidly reacting to ensure that normal business operations can be resumed. These are all aspects that are still being given too little attention. It’s therefore unsurprising that financial institutions are increasingly being targeted by cyber criminals!
Many financial institutions are being affected by a wide variety of cyber attacks, including ransomware incidents, DDoS attacks and APTs (“advanced persistent threats”). Even industry giants have not been spared, including for example the US-based J.P. Morgan group, which had approximately 80 million items of customer data stolen in 2015. According to PwC, the number of attacks in the financial sector actually doubled in 2014. We can therefore assume that this dangerous trend has become even more pronounced since then. In the US, a number of banks have suffered losses of up to US$20 million – not counting any consequential losses. Such problems, however, are not restricted to institutions based overseas. With its reputation as a major financial centre, Switzerland in particular represents a highly desirable target for cyber criminals.
The Swiss financial sector’s regulatory body – FINMA – is also taking these issues very seriously. In light of the often inadequate scope of the security measures introduced by the sector thus far, FINMA now views the level of risk as so high that the requirements to be included in its Circular “Operational risks at banks” for the coming year are very likely to be subject to further tightening and stricter monitoring (FINMA-Circ. 08/21, currently under review). Swiss banks are therefore under pressure, as implementation needs to take place in a relatively short time in view of the rapidly increasing danger of cyber attacks. Because of the high complexity of their IT system infrastructures and the need to implement processes imposed by the regulators (such as the obligation to report any attacks discovered within a specified timeframe), institutions need to start work as soon as possible.
Our experience, gained from a number of projects with Swiss financial providers, indicates that in most cases the focus continues to be on simply tackling cyber attacks as they occur. Such a conventional approach, however, can make your systems an attractive target for hackers. A rethink might therefore be needed, not only to defend your own systems and data but also to protect your customers’ information and to comply with the many different regulations.
With regard to digitalisation and cyber security, over the next few years financial institutions will be confronted with challenges from a variety of sources. These will need to be tackled effectively if the institutions concerned are to retain their place in the market. The measures cited above– assuming, of course, that they are properly implemented – will provide you with a secure framework for confronting the challenges of Banking 2.0!
InfoGuard has established a reputation in the banking field as an expert in cyber security and assists a number of financial service providers with their cyber defence – both on premises at client sites and from our ISO/IEC 27001-certified Security Operation Center (SOC) in Switzerland. Furthermore, we can offer you not just effective solutions but also support and advice on any aspect of cyber security. We are happy to act as your partner for the fulfilment of regulatory obligations and can help you optimise your security systems.
In our reference reports, you can read more about some of InfoGuard’s successful project implementations in the financial sector.
How we can help you? On our website, you can find details of our full range of services associated with the NIST cyber security framework. We would be happy to help you in all aspects of your cyber defence. Feel free to get in touch!