Banks are being urged to improve cyber threat resilience after remote working and digital channels in financial services have heightened cyber security concerns.
According to the Basel Committee on Banking Supervision (BCBS), the global banking regulator which sets standards for the prudential regulation of banks, malicious actors have become “increasingly sophisticated” and have “more points of access to banks’ systems”.
It includes targeted attacks on banks’ third-party providers, including third-party software banks which commonly use and intragroup entities.
In its recent newsletter, the committee pushed for the widespread adoption of measures to strengthen cybersecurity, following principles released earlier this year on operational resilience and risk.
The BCBS said that it is a “stark reminder” that cyber security measures should consider operational dependencies on such providers.
The committee did not endorse a specific tool or framework, but recommended adopting practices that align with widely accepted industry standards.
It said this should improve “fundamental elements” that include “effective cyber risk management, diligent cyber hygiene practices, appropriate methods for identifying and protecting against cyber threats and enhanced response and recovery capabilities”.
Resources cited by the committee include the National Institute of Standards and Technology Cybersecurity Framework, International Organization for Standardization 2700x, and the Center for Internet Security Critical Security Controls.
Cybersecurity has been big on the agenda this year, following a $70m global ransomware attack on several banks by the REvil cyber-criminal network on July 5, 2021.
Systemic cyberattacks present a real risk for US banks. A report from Fitch titled “Quantifying US Bank Systemic Cyber Security Risk” found that even well-prepared banks could still suffer from ‘tail events’ from major cyberattacks.