A successful cyber attack on one of the nation’s biggest banks is all but inevitable, the Reserve Bank says as it prepares for an assault that could put at risk trillions of dollars worth of deposits and loans.
Major financial institutions have been put on notice by the central bank in its latest Financial Stability Review, which says a major hack that gets around technological defences is now “inevitable”. The number of cyber attacks, including on financial institutions, increased over the past 18 months as staff worked remotely during the pandemic and the demand for digital services escalated.
Cyberattacks could put the nation’s financial stability at risk.Credit:
The banks hold about $1.2 trillion worth of deposits from households, are owed more than $1.8 trillion in investment and home mortgage debt and the finance sector is the biggest contributor to Australia’s economy.
While the RBA acknowledges significant resources can be provided for cyber defence by large companies like banks, and they are typically seen as among the most secure, the higher number of cyber attacks is still considered a major source of concern.
“[Given] the very large number of attacks, it seems almost inevitable that at some point the defences of a significant financial institution will be breached,” the review says.
“Whether such an attack could result in systemic financial instability will depend not only on the part of the financial institution or system impacted and potential network effects, but also the cyber resilience of that institution and financial system.
“In Australia and internationally, financial institutions and regulators are focusing on strengthening the resiliency of individual institutions and the financial system to a substantial cyber attack.”
The bank says cyber attacks and malfunctions are considered a key concern by the financial businesses themselves, regulators and governments. With digital platforms becoming more critical to economies and increasing in complexity, this risk has increased.
Cyber criminals and state-sponsored attackers are increasingly sophisticated and technically skilled, the RBA warns, prompting regulators, governments and private businesses to work together more closely.
There have been relatively few cyber attacks and issues that have led to serious disruption and financial loss in Australia, but incidents increased in 2020-21 compared to the years before.
“While the impact of incidents to date has been limited, given the large number of attempts, a significant cyber event that has the potential for systemic implications is at some point inevitable,” the review says.
“A resulting loss of public confidence could lead to widespread stress in the financial system.”
Another concern is that increasing connections between the financial system, with many organisations in one industry relying on the same third-party service provider, increases the likelihood of rapid transmission of a cyber issue.
Evidence provided to the House of Representatives economics committee shows that in the second quarter of 2020 when the pandemic hit, National Australia Bank blocked 260 million cyber attacks and scams. Australian Prudential Regulation Authority chairman Wayne Byres has described hacking and compromised technology as the “biggest risk” in modern-day banking.
The International Monetary Fund also warned a major cyber attack threatening financial stability is “not a question of if, but when”.
A recent research article from the IMF said the pandemic had accelerated the shift to digital services and working from home and malicious actors were taking advantage of the technological transformation.
Research from the Bank for International Settlements shows the financial sector faced the second-largest share of COVID-19 related cyber attacks, behind the health sector, with those involved in malicious attacks including criminals, terrorists, industrial spies, “hacktivists” and state-sponsored actors.
“In some circumstances, cyber attacks could have systemic implications and cause serious economic dislocations,” the bank found.
Most Viewed in Politics
From our partners
Source: Read Full Article