How can banks and other financial institutions ensure their computer systems are secure? For a few years now, the banking and financial sector has been increasingly targeted by cybercriminals. Digital transformation has been marked by an increase in the risk of computer system vulnerabilities, data theft, and hacking. In an attempt to quell the phenomenon, authorities are gradually adopting initiatives and solutions designed especially for financial players.
“Remote data exchanges are now at the heart of the business model for banks and insurers, which are the target of choice for hackers,” said Bernard Delas, Vice-President of the French Prudential Supervision and Resolution Authority (ACPR) at a conference dedicated to data quality and the robustness of IT systems in the banking and insurance sectors. “If cybercrime continues to rise, it’s the entire digital economy that would be at threat. And businesses are exchanging more and more data electronically.”
In a report published in June 2016, the Bank of France said that bank directors “urgently” need to “take full stock of cybersecurity risks and strengthen their security systems”. According to cybersecurity group ForcePoint, the financial sector is a prime target of hackers, with 300% more attacks than any other sector. Institutions hit by a cyberattack in recent years include the Central Bank of Bangladesh in February 2016 (loss of $81 million) and JP Morgan Chase in June 2014 (theft of personal data of 76 million user accounts). More recently, hackers stole 2 billion rubles (€29 million) from accounts opened with the Russian Central Bank.
Huge investments in cybersecurity
The rise of attacks has prompted financial institutions to find solutions to protect themselves. According to a study conducted by Xerfi on the cybersecurity market in banking and insurance, banks are investing more and more in their security. In 2015, the French cybersecurity market in banking and insurance amounted to €335 million (up 9.8% compared to 2014). Experts predicted that this would grow by a further 14% in 2016.
In the report by the Bank of France, another French bank Société Générale indicated that “the number of attacks targeting the group each year is between two and ten times more than the previous year.” Almost 5% of the €1.5 billion that the group will be investing in digitalization by 2020 will be on security. Until now, this was just 2% of the bank’s annual IT budget. Now banks are investing in their security to deter hackers, while providing peace of mind to their customers and protecting their reputation.
Regulations on Operators of Vital Importance (OVIs) and the introduction of the French Military Planning Act (Loi de Programmation Militaire or LPM), overseen by the French National Cybersecurity Agency (ANSSI), explain part of this explosion in investment.
Strengthening legislation to protect the banking sector
Legislation today seeks to protect sectors that are the most important, the most vulnerable, and the most frequently targeted by hackers. If a cyberattack were to hit a large bank, a telecoms operator, or an airport, the consequences for a country could be catastrophic.
In France, for example, certain banks have a duty to comply with the rules imposed on Operators of Vital Importance (OVIs). To tackle emerging cyberthreats, Article 22 of the Military Planning Act requires these operators to strengthen the security of their critical IT systems.
The law also provides that banking institutions need to map out their networks and compartmentalize them to prevent attacks from spreading, identify their most critical IT systems, report any incidents, and deploy tools to detect cyberattacks.
Tools needed to face the threats
The European Union is also seeking to give businesses the tools they need to face the threats. After three years of negotiations, the European Parliament and the Council of the European Union adopted the Directive on the Security of Networks and Information Systems (NIS) on July 6, 2016. This legislation requires operators in key sectors, as well as some digital platforms, to strengthen their cybersecurity.
In summer 2016, members of the European Parliament approved a bill containing rules intended to help vital service providers combat online threats. “Firms supplying essential services, [such as] energy, transport, banking and health, or digital ones will have to improve their ability to withstand cyberattacks,” the European Parliament stated in a press release.
High-security solutions for banking institutions
The growing need for financial institutions to implement has led to a change in the role that solution suppliers play. These providers act as close partners, helping their customers to develop IT security strategies fit for the future. Some software publishers have developed solutions intended especially for banks, allowing them to work securely.
Oodrive is more than familiar with the security issues faced in banking institutions. The group offers a range of online collaboration solutions that are among the most secure on the market. With data hosted in France, Oodrive’s solutions have already been adopted by many companies in the sector.