The cyber threats faced by key financial markets across the world have been exposed by a new report published today by BAE Systems and SWIFT. The study examines the different levels of susceptibility and threat faced by parts of the financial markets. It considers how market infrastructures and participants could be exploited by cyber criminals to penetrate organisations across the securities, trade finance, foreign exchange, and banking and payments market segments.
While the risks in banking and payments are well documented, this study reveals that the securities market is particularly vulnerable. This is due to the large number of participants and infrastructures, as well as the complex interactions involved. Weaknesses can be unknowingly introduced by traders, brokers, investors, other stakeholders – and the systems that all of these participants use. The study also shows how the foreign exchange and trade finance markets are also at risk.
The report, entitled The Evolving Advanced Cyber Threat to Financial Markets, analyses the changing threat landscape and explores how the financial sector is exposed to a range of emerging cyber security challenges.
Among the main recommendations proposed are:
- Securities participants should embrace the value of checks, communication and data to support pre- and post-trade activities and stave off cyber threats.
- Securities market infrastructures need to collaborate with participants to identify risks in common practices to jointly defend market operations.
- Banking and payments participants must continue to strengthen security controls while building in protection for upstream systems.
- Trade finance participants are encouraged to review and manage areas of inherent trust, which are at risk of cyber exploitation.
In an effort to help participants combat cyber fraud, SWIFT launched its Customer Security Programme (CSP) in 2016. This programme has helped its customers across the payments, securities, trade finance and foreign exchange sectors implement security controls identified as critical to defending against, detecting and recovering from cyber attacks. But with cyber threats evolving and criminals increasingly looking for ways to steal large sums of money at speed, financial organisations are being urged to be more vigilant, and take further steps to address the vulnerabilities outlined in this report.
Sanjay Samuel, Financial Services Director at BAE Systems said “It’s all too easy to be lulled into a false sense of security, and place too much faith in systems which cyber attackers can exploit. While the threat is greatest in the securities market, every part of the global financial services sector needs to be aware that cyber crime is evolving. Threats are becoming more intelligent, and criminals are increasingly focused on generating an ROA – return on attack – as quickly as possible.”
“There’s a wide range of cyber threats out there, and that’s why a holistic approach is becoming critical. Cyber security is no longer just a technical issue, as attackers are exploiting weaknesses in market operations, people and processes. So security needs to be embedded and coordinated across all levels and sectors of financial services organisations.”
Brett Lancaster, Managing Director, Global Head of Customer Security at SWIFT said “Over recent years, SWIFT has made good progress supporting financial institutions in their fight against well-organised cyber attackers – but this report shows that now is not the time to sit back and take the this progress for granted.”
“As cyber criminals become ever more innovative and agile, we need to continue to work together to build even stronger defences. Through our Customer Security Programme, we have been assisting the payments, securities, trade finance and foreign exchange sectors to better protect their immediate surroundings, and have facilitated better information sharing to help equip the industry with the tools it needs to combat cyber crimes. This report is a timely reminder that we need to go further still to keep ahead of the criminals.”