A Cyber Attack Could Spark A Run On Banks

A cyber-attack on financial institutions could undermine consumer confidence and spark a run on the banks, warned a new report by the Monetary Authority of Singapore (MAS)

It noted that the level of confidence in the financial system is a significant factor in determining whether such an attack would lead to wider systemic problems.

"Because data integrity is key in the financial sector, the loss of confidence in the damage scenario could be very severe... especially if data manipulation has gone undetected for a prolonged period," said the report by the MAS.

It added that while banks can mitigate the impact of a cyber-attack by ensuring they are underpinned by healthy levels of capital, "the impact of a loss of confidence in a bank can be hard to estimate or predict". The report said: "A loss of confidence is likely to render the bank more vulnerable, with knock-on effects to the wider financial system. For instance, a loss of confidence in a bank could lead to a run on deposits."

It comes on the back of guidelines the Association of Banks in Singapore released earlier this month that aim to strengthen the financial sector's cyber resilience. They provide financial institutions with best practices on how to conduct attacks that test their defences by using the techniques employed by hackers.

Cyber threats are constantly changing and the perpetrators' motivations will continue to evolve, the MAS noted in the review, which was released last Friday.

"The relationship between cyber-attacks and financial stability is increasingly important to understand," it said, warning that no one is immune to such threats. The WannaCry ransomware campaign, for example, hit both companies and countries last year and disrupted operations across the world.

The MAS study considered a range of scenarios, including the theft of money and data from a bank, disruption of its client-facing, trading and payment systems, and the corruption of its database. It said attacks can be prevented from causing systemic problems if the Government works with banks to coordinate crisis communication to ensure consistent messages.

Another avenue is to impose temporary market closures or bank holidays to stop panic spreading into the wider financial system. The authorities could also provide banks with liquidity to tide them over stresses.

Most attacks could have been prevented if institutions practiced basic cyber hygiene, the MAS said.
In September, it started a public consultation to make legally binding a set of six key cyber security steps to protect bank IT systems.

But financial institutions must also do their part by putting in place business continuity plans in case of an attack and to test them regularly in a realistic manner, it noted.

"Early detection and an effective incident response can help to contain the consequences and mitigate the impact of a cyber-attack not just within a bank, but also to the broader financial sector," the MAS said. It also encouraged the global financial industry to work together: 

"One institution's cyber incident can contribute to strengthening the defences of other institutions if information on cyber threats, incidents and lessons learnt are shared.

"Similar to information sharing between financial institutions, regulators stand to gain from sharing cyber threat information as it enhances their supervision and policymaking."

Straits Times:

You Might Also Read:

Singapore’s Giant Healthcare Hack:

Singapore: The Place To Launch Cyber Attacks From:

« US Dept. Of Energy CyberForce Student Competition
AI Will Monitor 3D Printing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Assure Technical

Assure Technical

Assure Technical offers a holistic approach to Technical Security. Our expertise and services span across the Physical, Cyber and Counter Surveillance domains.

Spirion

Spirion

Spirion offers data discovery, classification, and protection tools for your business's privacy, security, and compliance program to avoid gaps and risks.

Eustema

Eustema

Eustema designs and manages ICT solutions for medium and large organizations.

European Business Reliance Centre (EBRC)

European Business Reliance Centre (EBRC)

EBRC is a leader in integrated Data Center, Cloud and Managed Services and a Centre of Excellence in Europe in the Management of Sensitive Information.

ENEA Qosmos Division

ENEA Qosmos Division

Qosmos, a division of Enea, leads the market for IP traffic classification and network intelligence technology used in physical, SDN and NFV architectures.

RunSafe Security

RunSafe Security

RunSafe Security is the pioneer of a patented cyberhardening transformation process designed to disrupt attackers and protect vulnerable embedded systems and devices.

Ellipsis Technologies

Ellipsis Technologies

Ellipsis Technologies is a diversified technology company that develops innovative security software for websites and online applications.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

Nominet

Nominet

Nominet's cyber division offers network detection and response services to governments and enterprises worldwide.

McCrary Institute - Auburn University

McCrary Institute - Auburn University

The McCrary Institute seeks practical solutions to real-world problems in the areas of cyber and critical infrastructure security.

Lattice Semiconductor

Lattice Semiconductor

Lattice Semiconductor solves customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive and consumer markets.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

SRG Security Resource Group

SRG Security Resource Group

SRG Security Resource Group is a Canadian company dedicated to providing world-class Physical and Cyber Security services.

Wadilona Cyber Securities

Wadilona Cyber Securities

Wadilona Cyber Securities' sole aim is to bring and secure Information and Communications Technology (ICT) to and work for humans in its simplest terms.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.

Offenso Hackers Academy

Offenso Hackers Academy

At Offenso we focus on cyber security training focused on producing cyber security professionals with a wide range of abilities to counter threats from the internet and cloud to a business.