Opinion: We must defend against the cyber threats facing our global financial
Two ongoing trends exacerbate this risk. First, the global financial system is going through an unprecedented digital transformation, which is being accelerated by the Covid-19 pandemic. Banks compete with technology companies; technology companies compete with banks. Meanwhile, the pandemic has heightened demand for online financial services and made work-from-home arrangements the norm. Central banks around the globe are considering throwing their weight behind digital currencies and modernizing payment systems.
This is a global problem. While cyber attacks in high-income countries tend to make headlines, less attention is paid to the growing number of attacks on softer targets in low- and lower-middle-income countries. Yet it is in those countries where the push toward greater financial inclusion has been most pronounced, leading many to leapfrog to digital financial services such as mobile payment systems. Although they do advance financial inclusion, digital financial services also offer a target-rich environment for hackers.
An international strategy
To achieve more effective protection of the global financial system against cyber threats, the Carnegie Endowment for International Peace released a report in November 2020 titled “International Strategy to Better Protect the Global Financial System against Cyber Threats.”
Developed in collaboration with the World Economic Forum, the report recommends specific actions to reduce fragmentation by fostering more collaboration, both internationally and among government agencies, financial firms and tech companies. The strategy is based on four principles:
Greater clarity about roles and responsibilities is required. Only a handful of countries have built effective domestic relationships among their financial authorities, law enforcement, diplomats, other relevant government actors and industry. Existing fragmentation hampers international cooperation and weakens the international system’s collective resilience, recovery and response capabilities.
International collaboration is necessary and urgent. Given the scale of the threat and the system’s globally interdependent nature, individual governments, financial firms and tech companies cannot effectively protect against cyber threats if they work alone.
Reducing fragmentation will free up capacity to tackle the problem. Many initiatives are underway to better protect financial institutions, but they remain siloed. Some of these efforts duplicate each other, increasing transaction costs. Several of these initiatives are mature enough to be shared, better coordinated and further internationalized.
Protecting the international financial system can be a model for other sectors. The financial system is one of the few areas in which countries have a clear shared interest in cooperation, even when geopolitical tensions are high. Focusing on the financial sector provides a starting point and could pave the way to better protection of other sectors in the future.
Among actions for strengthening cyber resilience, the report recommends that the FSB develop a basic framework for supervising cyber risk management at financial institutions. Governments and industry should strengthen security by sharing information on threats and by creating financial computer emergency response teams (CERTs), modeled on Israel’s FinCERT.
Financial authorities should also prioritize increasing the financial sector’s resilience against attacks targeting data and algorithms. This should include secure, encrypted data vaulting that allows…
Read More: Opinion: We must defend against the cyber threats facing our global financial