Cyberattacks and computer fraud remain among the primary concerns of banks today. As money is kept and transacted by banks digitally, modern-day bank robbers use cyberspace to do their work. Cyberspace is a better option for them as it’s typically more difficult to catch them there.
This announcement, coming from a member of the ECB’s board, indicates the priority put on this issue by European regulators. Similar to the data breach notifications under the General Data Prevention Regulation (GDPR), it goes to show that being transparent about the cyberattacks that have affected your financial organisation is perhaps the most important step when it comes to cybersecurity. Security is, at its core, about managing risk. So, if we focus on prevention and we empower the industry to think differently, we can succeed in bringing that risk down to acceptable levels.
Banks have already collaborated with financial industry forums like the IS-ISACs on the impact of cybercrime to their industry. Much like the Cyber Threat Alliance has moved the needle on how and why the security industry collaborates, the ECB requirements have the opportunity to improve lessons learnt and identify the common components that make up attackers’ playbooks during incidents to prevent future threats.
Data security is the cornerstone of meeting the ECB’s goals. Too much of cybersecurity is legacy technology. But, legacy systems are just not fit for purpose to meet the ECB goals. Legacy is not just technology, it starts with mindset. The IT world evolves at a great pace, which requires a rethink of the fundamental goals to be achieved. In cybersecurity businesses are too often caught up in responding to the ongoing attacks. GDPR, and now the ECB announcement, present a rare opportunity to step back and re-examine if the processes, procedures and technology are fit for the current and future requirements. What’s needed is a system that securely processes sensitive financial data and is able to act before a breach has occurred. Therefore, banks and financial institutions regulated by the ECB must take into consideration more modern technologies and practices when deciding how to mitigate the risks associated with the sensitive data they hold.