Only a matter of time before cyber-attack hits broader finance

Ireland's Central Bank's deputy governor, Cyril Roux, has warned that it may only be a matter of time before a cyber-attack builds a problem that descends across the broader financial industry. Roux issued the warning when addressing the Society of Actuaries in Ireland where he stated a cyber-security risk creates a danger across an entire financial system.

 Roux believes it is positive that such issues were discussed ahead of a potential attack. “A seemingly manageable security incident at a single firm could cascade quickly to the broader financial sector,”he said. “Consider, for example, a simultaneous, coordinated attack on several global systemically important banks or critical financial infrastructure providers such as a stock exchange or a central counterparty clearing house.”

Roux asked financial firms to prepare for successful attacks by building distributed architecture and multiple lines of defence that can mitigate the impact on customers. He outlined that the Central Bank has established a banking IT risk inspection team and carried out a review of the management of operational risk in investment firms.

Roux said, “Some organised cyber-crime groups operate with multiple divisions and specialists in key areas such as management, distribution, hacking, coding, server administration, and money laundering. Such cyber-crime groups can conduct cyber-attacks of great scale and sophistication, such as advanced persistent threats. Typically it is only when significant damage has already been done that the firm will realise anything is wrong.”