The IMF has issued a warning to the global financial sector about its systemic vulnerability to cyberattacks. In a blog post published yesterday, the international regulator warned that not only is the risk of extreme losses from hacks rising but that the scale of the problem is such that it threatens the solvency of major banks. The IMF added that a major successful cyberattack against a trusted financial institution could disrupt payment systems and undermine wider confidence in global financial markets.
“For example, a severe incident at a financial institution could undermine trust and, in extreme cases, lead to market selloffs or runs on banks,” wrote IMF experts Fabio Natalucci, Mahvash S. Qureshi and Felix Suntheim. “Although no significant “cyber runs” have occurred thus far, our analysis suggests modest and somewhat persistent deposit outflows have occurred at smaller US banks after a cyberattack.”
IMF clarion call
Another major concern highlighted by the IMF was the increasing dependence of major banks on third-party IT service providers. While this could provide extra operational resilience for such institutions, it conceded, the outsourcing of so many complex functions to this tertiary ecosystem of technology firms has only increased the number of possible entry points for hackers into multiple banking systems.
As such, said the IMF, “policies and governance frameworks at firms must keep pace” with the threat posed by cybercriminals to the wider financial services industry. It added that, in its judgement, current private sector incentives to address these concerns may prove “insufficient,” and that “public intervention may be necessary” in the form of national cybersecurity strategies. These should include close monitoring of systemic risks deriving from the interconnectedness of financial services with technology providers, said the IMF, as well as proactive measures to improve the cyber maturity and cyber hygiene of major institutions.
Severity of cyberattacks against financial sector growing
The growing vulnerability of the global financial system to cybercriminal organisations has been highlighted in several recent incidents. These include a hack in December, cited by the IMF, on the Central Bank of Lesotho – an attack that temporarily disrupted inter-bank transfers in the African nation. Meanwhile, another attack perpetrated against the Industrial & Commercial Bank of China’s US division in November rendered it temporarily unable to process trades on its computer systems, forcing it to hire bicycle messengers to deliver settlement details to concerned parties on thumb drives.
Such incidents should impress upon banks how sophisticated the cybersecurity threat against their businesses has become, the University of Gloucestershire’s Professor Buck Rogers told Tech Monitor last year. “We’re against professionals with a[n] HR department, with objectives, with money they’ve got to earn, a family to support,” said Rogers. “And we need to match that.”