David Ferbrache, CTO, Cyber, KPMG UK
Great work is being done across banks, government and law enforcement to understand how criminals work, to share information and build cyber defences. But, more can be done and crucially it’s not only big systemically important banks who are at risk.
Customers of every financial services firm can fall victim to the same criminals, and sometimes smaller firms can’t match the intelligence systems and resource of bigger firms. Without greater collaboration across firms of all shapes and sizes, we will continue to be outpaced by criminals who are unrestrained by regulations, occasionally bureaucratic internal processes and our moral inhibitions.
Criminals are demonstrating improved knowledge of the financial system, and its flaws. The attack on the Bank of Bangladesh two years ago is just one high-profile example of how sophisticated attacks on financial firms are becoming. In that instance hackers manipulated the bank’s payment systems and attempted $851 Million of fraudulent transactions, although in the event AML and fraud checks limited their haul to $81 million. There have been many other copycat attacks. Staying ahead is hard, and it will only get harder as criminals up their game in an effort to seize such huge sums.
The National Cyber Security Centre has made major strides in developing active cyber defence across government making it increasingly costly for criminals to operate. This focus on putting cyber criminals out of business gives us a model for how the financial sector needs to work together.
To make this work we need to breakdown barriers between financial institutions, but also between the traditional disciplines of fraud control, anti-money laundering, know your customer and the new kid on the block – cybersecurity. Our focus needs to be on disrupting the criminal networks and their ability to monetise cyber attacks.
We are asking the financial services community to work with us to lead the way in creating a safe space for collaboration and information sharing – enabled by an appropriate legal and regulatory framework.
As a community we are stronger together – and better able to protect our customers and the information they entrust us with.