The Swiss financial market as a target for cyber attacks

Author
Michelle Gehri
Published
10. January 2017

Cyber criminals have had the Swiss financial sector in their sights for some time now. To date, however, only a minority of incidents have become public knowledge. Nonetheless, because of the increasingly stringent reporting obligations in force, more and more cases are coming to light and cannot be swept under the carpet. Over 300 times more attacks are recorded in the banking sector as compared with other industries, a trend that if anything is rising. It’s therefore more important than ever to take preventive action. Here you can read how to do this.

Banking 2.0: a blessing and a curse

In recent years, digitalisation has brought enormous changes to the financial sector. From online banking and processes for providing digital financial advice to the increasing tendency to outsource services to the web, virtual banking services are becoming the norm. Both for service providers and for the clients who often prefer digital services, this shift brings a number of benefits.

Unsurprisingly, however, there’s also a downside, in the form of new opportunities for attack and a set of associated risks that even now remain hard to assess. Against this background, it’s vital that we rethink our approach to cyber security. Today, every organisation needs to work on the basis that its systems have already been infiltrated and compromised. The urgent focus right now therefore needs to be on preventive measures, with the aim of identifying potential threats early on, detecting attacks as they occur, and rapidly reacting to ensure that normal business operations can be resumed. These are all aspects that are still being given too little attention. It’s therefore unsurprising that financial institutions are increasingly being targeted by cyber criminals!

A underestimated danger

Many financial institutions are being affected by a wide variety of cyber attacks, including ransomware incidents, DDoS attacks and APTs (“advanced persistent threats”). Even industry giants have not been spared, including for example the US-based J.P. Morgan group, which had approximately 80 million items of customer data stolen in 2015. According to PwC, the number of attacks in the financial sector actually doubled in 2014. We can therefore assume that this dangerous trend has become even more pronounced since then. In the US, a number of banks have suffered losses of up to US$20 million – not counting any consequential losses. Such problems, however, are not restricted to institutions based overseas. With its reputation as a major financial centre, Switzerland in particular represents a highly desirable target for cyber criminals.

FINMA’s reaction to the threat

The Swiss financial sector’s regulatory body – FINMA – is also taking these issues very seriously. In light of the often inadequate scope of the security measures introduced by the sector thus far, FINMA now views the level of risk as so high that the requirements to be included in its Circular “Operational risks at banks” for the coming year are very likely to be subject to further tightening and stricter monitoring (FINMA-Circ. 08/21, currently under review). Swiss banks are therefore under pressure, as implementation needs to take place in a relatively short time in view of the rapidly increasing danger of cyber attacks. Because of the high complexity of their IT system infrastructures and the need to implement processes imposed by the regulators (such as the obligation to report any attacks discovered within a specified timeframe), institutions need to start work as soon as possible.

Keeping hackers at bay!

Our experience, gained from a number of projects with Swiss financial providers, indicates that in most cases the focus continues to be on simply tackling cyber attacks as they occur. Such a conventional approach, however, can make your systems an attractive target for hackers. A rethink might therefore be needed, not only to defend your own systems and data but also to protect your customers’ information and to comply with the many different regulations.

The following five measures will provide optimum protection:

  1. The identification of weaknesses in your system and the associated potential risks are a fundamental prerequisite for defining strategically significant measures in the area of cyber security. Highly relevant, too, in this regard is the identification of critical systems and of data worthy of particular protection. Simulated cyber attacks or penetration tests are tried and tested methods of doing this and can provide you with an effective starting point for your activities.

  2. Any cyber attacks in progress must be detected as quickly as possible for a response to be launched. The main objective in such cases is to keep any losses or damage to an absolute minimum and to rapidly restore system integrity. Breach detection & remediation solutions, which rely on a combination of methods from data science, machine learning and behaviour analysis, can reliably detect any malicious behaviour on your networks in real time.

  3. As the cyber landscape is extremely diverse, hackers are constantly finding new loopholes in networks. Permanent monitoring of your data traffic is therefore vital. Security information & event management (SIEM) represents the optimal solution for targeting and rapidly eliminating possible attacks in this area.

  4. Particular attention should be paid to the integrity and confidentiality of customer identification data and of critical systems, as these are particularly vulnerable and are consequently a frequent target of attack by hackers. A range of cyber security solutions, which can be individually selected to fit the specific requirements and networks involved, provide reliable protection for these highly sensitive areas – especially when combined in an appropriate way.

  5. Compliance with regulatory and statutory regulations, such as FINMA Circulars 17/1 “Corporate governance – banks”, 08/7 “Outsourcing banks”, 08/21 “Operational risks at banks” and the Swiss Data Protection Act (DSG), involves a number of requirements that are demanding and time-consuming from both a technical and organisational perspective. Key issues here are the development of a cyber security framework, the need to raise awareness of employees with regard to security of customer data (security awareness), periodic audits and the detection of vulnerabilities and control loopholes in order to guarantee normal business operations.


With regard to digitalisation and cyber security, over the next few years financial institutions will be confronted with challenges from a variety of sources. These will need to be tackled effectively if the institutions concerned are to retain their place in the market. The measures cited above– assuming, of course, that they are properly implemented – will provide you with a secure framework for confronting the challenges of Banking 2.0!
 


InfoGuard - your reliable partner in the fight against cyber attacks

InfoGuard has established a reputation in the banking field as an expert in cyber security and assists a number of financial service providers with their cyber defence – both on premises at client sites and from our ISO/IEC 27001-certified Security Operation Center (SOC) in Switzerland. Furthermore, we can offer you not just effective solutions but also support and advice on any aspect of cyber security. We are happy to act as your partner for the fulfilment of regulatory obligations and can help you optimise your security systems.

In our reference reports, you can read more about some of InfoGuard’s successful project implementations in the financial sector.

InfoGuard Reference Cases

 

How we can help you? On our website, you can find details of our full range of services associated with the NIST cyber security framework. We would be happy to help you in all aspects of your cyber defence. Feel free to get in touch!

Cyber Security Framework

 

Share article