Cyber threats to the financial sector – conclusions from the conference
Financial sector is exposed to biggest risk, when it comes to cyber attacks. Here we can find the easiest way to earn a profit associated with leakage and data theft – these are the conclusions from the “Cybersecurity in the financial sector” Conference organized by Casimir Pulaski Foundation.
The number of cyber attacks on financial sector between 2013 and 2014 increased by approx. 6 percent. There is also an increase in the number of malware and attacks directed on both institutions and consumers. On the other hand, the growth rate of cyber threats in this area is lower than in the public sector or in retail sales. “It would seem that the financial market is losing its significance. This is not true, cyber criminals are still interested in attacking financial institutions ” – said Lech Lachowicz, an expert in cyber security in Prospects Incubator.
Criminal organizations specialized in information theft and carrying out targeted cyber attacks have been existed for a very long time. Their goal is not only to enrich themselves quickly, they also want to compromise a company’s reputation. “For some time we are also dealing with the phenomenon of hacktivism. During the ACTA protests in 2011 hacktivists became more active, which led to cyber attacks on three large financial institutions: Visa, Mastercard and PayPal. These were very spectacular attacks, but the authors of the attacks weren’t interested in material benefits but in the glare of publicity ” – said Lachowicz.
State actors are also preparing for operations in cyber space. In case of an armed conflict, they have prepared tools which will target some elements of critical infrastructure, including financial ones. “Cash flow security is an important element during the conflict. Poland is also working on improvement the security of this sector in cyber” – the expert noted.
The financial sector in Poland is unique in terms of the amount of provisions and regulations. They concern both the question of risk management and the protection of assets. As for computer security, it is worth to mention “D Recommendation” drawn up in 2013 by the Polish Financial Supervision Authority (Komisja Nadzoru Finansowego, KNF). The document contains, among others, audit requirements, incident management requirements and confidentiality criteria. “KNF Guidelines are not obligatory and penalties for non-compliance are not imposed. Large enterprises, however, adhere to the instructions of “Recommendation”. Furthermore, it does not stand in contradiction to other regulations, among others, ISO or PCI DSS (Payment Card Industry Security Date Standard). Overall, however, the regulations of cyber safety in finances are insufficient and too rigorous ” – Lachowicz summed up.
These issues lie at the core of the problem. In order to increase productivity at work we use smartphones, tablets, pendrives and other mobile equipment. It creates an incredible chance for conducting cyber attacks- noticed Dominika Stępińska-Duch, a partner and an attorney at Raczowski Paluch Legal Office. “However, as far as provisions of the banking law, regulations and directives are concerned, Poland doesn’t lag behind other European countries, actually it is the other way around. We should, however, begin with user awareness – added Stępińska-Duch
Cyber attack on the financial sector, as a rule, brings tangible benefits to a criminal and severe losses to an institution. The security level in finance must therefore be equally higher than in other sectors “We should remember that safety is not only about technology. Above all, it is important to implement processes which ensure monitoring computer infrastructure, incident response, control, update and security modification”- said Adam Gałach, CEO and expert at Galach Consulting. “It is also worth adding that the safety of the financial sector depends not only on the security level in institutions. It is important that a customer adheres to safety rules”- added Gałach.
The issue of cyber security in the financial sector is also raised by the European Union. The results of their work on IT security includes NIS Directive (Network and Information Security directive). “The European Commission intends to introduce very specific guidance for companies in the financial area. In May 2015 the European Union adopted a new digital strategy, which in its content also adheres to electronic payments, e-commerce and geo-blocking”- remarked Anna Katarzyna-Nietyksza, president of EuroCloud Poland. “In the new EU financial perspective, we have 82 billion to be allocated to identify risks in ICT and counteract them” – added Nietyksza.
The panel discussion was attended by:
Lech Lachowicz – expert in IT security, Prospects Incubator;
Adam Gałach – expert and CEO of galas Consulting;
Anne Katarzyna Nietyksza – President of EuroCloud Poland, Member of the European Economic and Social Committee, the Group Digital Agenda, Transportation, Energy, Information Society.