A Cyber Attack Could Spark A Run On Banks

A cyber-attack on financial institutions could undermine consumer confidence and spark a run on the banks, warned a new report by the Monetary Authority of Singapore (MAS)

It noted that the level of confidence in the financial system is a significant factor in determining whether such an attack would lead to wider systemic problems.

"Because data integrity is key in the financial sector, the loss of confidence in the damage scenario could be very severe... especially if data manipulation has gone undetected for a prolonged period," said the report by the MAS.

It added that while banks can mitigate the impact of a cyber-attack by ensuring they are underpinned by healthy levels of capital, "the impact of a loss of confidence in a bank can be hard to estimate or predict". The report said: "A loss of confidence is likely to render the bank more vulnerable, with knock-on effects to the wider financial system. For instance, a loss of confidence in a bank could lead to a run on deposits."

It comes on the back of guidelines the Association of Banks in Singapore released earlier this month that aim to strengthen the financial sector's cyber resilience. They provide financial institutions with best practices on how to conduct attacks that test their defences by using the techniques employed by hackers.

Cyber threats are constantly changing and the perpetrators' motivations will continue to evolve, the MAS noted in the review, which was released last Friday.

"The relationship between cyber-attacks and financial stability is increasingly important to understand," it said, warning that no one is immune to such threats. The WannaCry ransomware campaign, for example, hit both companies and countries last year and disrupted operations across the world.

The MAS study considered a range of scenarios, including the theft of money and data from a bank, disruption of its client-facing, trading and payment systems, and the corruption of its database. It said attacks can be prevented from causing systemic problems if the Government works with banks to coordinate crisis communication to ensure consistent messages.

Another avenue is to impose temporary market closures or bank holidays to stop panic spreading into the wider financial system. The authorities could also provide banks with liquidity to tide them over stresses.

Most attacks could have been prevented if institutions practiced basic cyber hygiene, the MAS said.
In September, it started a public consultation to make legally binding a set of six key cyber security steps to protect bank IT systems.

But financial institutions must also do their part by putting in place business continuity plans in case of an attack and to test them regularly in a realistic manner, it noted.

"Early detection and an effective incident response can help to contain the consequences and mitigate the impact of a cyber-attack not just within a bank, but also to the broader financial sector," the MAS said. It also encouraged the global financial industry to work together: 

"One institution's cyber incident can contribute to strengthening the defences of other institutions if information on cyber threats, incidents and lessons learnt are shared.

"Similar to information sharing between financial institutions, regulators stand to gain from sharing cyber threat information as it enhances their supervision and policymaking."

Straits Times:

You Might Also Read:

Singapore’s Giant Healthcare Hack:

Singapore: The Place To Launch Cyber Attacks From:

« US Dept. Of Energy CyberForce Student Competition
AI Will Monitor 3D Printing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Code42

Code42

Code42 CrashPlan, is an enterprise SaaS solution that backs up all distributed end-user data on a single, secure platform.

Nimbusec

Nimbusec

Nimbusec scans your website around the clock and informs immediately if it has been hacked or manipulated

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

Cycode

Cycode

Cycode is the industry’s first source code control, detection, and response platform.

River Loop Security

River Loop Security

River Loop Security specialize in solving complex cybersecurity challenges in the IoT and embedded devices space.

Cyber Intelligence House (CIH)

Cyber Intelligence House (CIH)

Cyber Intelligence House provides risk exposure solutions for a wide range of audiences including companies, government agencies, regulators, investors, law enforcement and consumers.

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

FPT Software

FPT Software

As a leading technology service provider, FPT assists customers of all sizes and from any industries in implementing and adapting digital technologies including cybersecurity.

Dutch Institute for Vulnerability Disclosure (DIVD)

Dutch Institute for Vulnerability Disclosure (DIVD)

DIVD's aim is to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them.

ACI Learning

ACI Learning

ACI Learning - Training tomorrow’s industry leaders with formats for all types of learners in Audit, Cybersecurity, and IT.

Silence Laboratories

Silence Laboratories

Silence Laboratories is a cybersecurity company that focuses on the fusion of cryptography, sensing, and design to support a seamless authentication experience.

Sardine

Sardine

Sardine is a leader in financial crime prevention. Using unparalleled device intelligence and behavior biometrics, Sardine applies machine learning to detect and stop fraud before it happens.

Quantum Dice

Quantum Dice

Quantum Dice is an award-winning venture-backed spinout from Oxford University’s world-renowned quantum optics laboratory.