COVID heightening bank vulnerability to cyber attack

Over the past few months, banks, like most businesses, have leveraged digital technology to facilitate remote work in response to social distancing measures imposed to curb the spread of COVID-19.

However, according to Moody’s Investors Service, the transition has “increased banks’ vulnerability to cyber attacks”.

“The growth in online banking and remote work since the onset of the pandemic has increased banks’ dependence on digital technology to serve customers,” the ratings agency stated.

“It has also expanded their use of virtual private networks (VPNs) and similar applications and services to support their remote work forces.

“Banks have quickly responded to these challenges, but in pursuing an accelerated technology development cycle have also increased their potential vulnerabilities to cyber attack.”

According to Moody’s, “external actors seeking financial gain” would be the mostly likely culprits to target banks. 

“External actors have been the largest perpetrators of cyber attacks on the financial sector, causing 64 per cent of data breaches, compared with 35 per cent by internal actors,” Moody’s added.

“Cyber actors most often are trying to get easily monetised data (77 per cent of data breaches), as illustrated by the fact that wire fraud transfer remains the most common cyber attack vector.”

But Moody’s noted that banks have developed “good cyber risk awareness and mitigation measures” through three primary mechanisms, which include:

• strong corporate governance, including enterprise-wide cyber security frameworks, strategy and policy enforcement and improved reporting;
• risk prevention and response and recovery readiness; and
• information-sharing with other banks, adoption of international standards and regulatory oversight.

“These measures in combination have improved banks’ cyber-readiness to a level above that of most other sectors,” Moody’s added.

Concerns about cyber risk in the financial services sector come amid the commencement of the open banking regime with the launch of the consumer data right (CDR), which enables consumers to securely direct their banking data to access bespoke financial products and services.

Participants have stressed the importance of cyber security in light of heightened risks associated with the sharing of customer information.

The Australian Competition and Consumer Commission oversees the CDR’s “Register & Accreditation Application Platform”, which is partly responsible for upholding security and privacy protections underpinning the regime.

[Related: ‘Watershed’ open banking regime commences]