Last week, Access Partnership attended one of the last conferences before Brussels broke up for the summer holidays. Organised by the Austrian Presidency of the Council of the EU, the Austrian National Bank, and hosted by the National Bank of Belgium, the event was a crossover of two critical domains: cybersecurity and finance. While finance is only one of several key verticals for digital and cybersecurity experts, cybersecurity presents a daily challenge for the finance world. The collaborative event gathered experts in policy, security, banking, and the digital domain.
The first panel addressed cyber technologies as a challenge for regulators and supervisors and included speakers from the European Commission, European Central Bank (ECB) and Raiffeisen Bank. As banking moves towards the Finance 5.0 model, finance will be increasingly driven by customer expectations like highly personalised advice, cheaper international personal payments, and disruptive technologies such as blockchain. Regulators are catching up with this new ecosystem, but hackers and other cybercriminals are hot in pursuit. While the majority of speakers argued that the biggest challenges faced by regulators was balancing regulation of emerging new technologies and assisting innovation, Giuseppe Siani of ECB stressed that stability and security in banking is not preventing innovation.
The discussion was followed by an interactive second panel and demonstration by white-hat hacker Andreas Falkenberg of a real-time hacking of a bank account, presented from both the hacker’s and victim’s point of view. Within several minutes of relatively uncomplicated phishing and malware, the hacker produced and stored a screenshot of the victim’s computer, which included sensitive financial information. The demonstration emphasised three points:
- Successful IT attacks on financial institutions are a reality.
- Attackers are already inside your organisation – accept that!
- Attackers spend significant resources and time to reach their goal.
Fortunately, by following best practices in cybersecurity, including using a number of security layers, financial bodies can prevent attackers from reaching the “crown jewels” even after a breach of the first few security layers. Other speakers, including representatives from Europol, SWIFT and HypaSec, argued that “cyber-hygiene” is essential. Just as a human can take all the best drugs in the world but do more by simply washing their hands at the end of the day, so too can finance take the best possible preventative measures, while recognising that it is only a matter time before an attack will happen. The question is whether the institution is prepared enough to stop it.
The final panel on cyber resilience and the financial sector included a speech by European Commissioner for the Security Union Sir Julian King, who focused on the complementary efforts from both the European Union and its member states, such as the EU’s Cybersecurity Act, currently under negotiations. The panel concluded with an eye-opening fact: hundreds of thousands of cybersecurity jobs will need to be filled in the near future, and it is imperative to start training and reskilling workers for this today.
Author: Simona Lipstaite, International Public Policy Manager, Access Partnership