Finance’s increasingly aware of the cyber threat, says France’s ANSSI

In May 2019, a joint international operation halted the actions of a cybercriminal network that hoped to steal $100 million by capturing online banking and personal data using a malware named GozNym.

Every minute, nearly $2.9 million would be diverted by cybercriminals and about 3.5 billion fraudulent connection attempts would target the banking and financial sector, showing the scale and tenacity of the cybercrime threat to the most critical industry of our economies.

In Revue Banque, Grégoire Lundi, finance sector coordinator at France’s National Cybersecurity Agency (ANSSI), says he also observed an increase in “indirect attacks” notably through “trusted relationships established between partners” like providers and customers.

The same goes for “ransomwares” which illustrate the industrialization of cybercrime that especially focuses on targeting the SWIFT financial messaging network as in the attack on the Central Bank of Bangladesh in 2016, explains Lundi.

But the risk is not confined to a specific sector and the infrastructural interdependence unintentionally facilitates the rapid spread of attacks, “just imagine the consequences of switching off the provision of Internet access on the functioning of financial institutions to understand its significance,” writes Grégoire Lundi.

The cyber threat also grows thanks to the increase in the size of ​​the vulnerability and opportunity surface resulting from the increasing digitization of data, and partly offset by the awareness of a needed adaptation at the core of the financial sector whose budgets and cybersecurity initiatives such as attack simulations highlight “a certain maturity (…) about cyber risk.”