SWIFT Institute: Cyber Security 3.0 – Better Together

In ancient Mesopotamia, Babylon’s population is estimated to have reached more than 200,000 – the first known example of large numbers of people living in close proximity with one another. It was very nearly a colossal failure. Cities quickly became breeding grounds for infectious diseases and epidemics that threatened to wipe out mankind. But for the rise of basic hygiene, vaccines and medication, the earliest city dwellers might well have been forced to disband the experiment altogether.

This was the analogy drawn by SWIFT chief executive officer Gottfried Leibbrandt at the start of the SWIFT Institute conference, Cyber Security 3.0 – Better Together, held in London on 30 March. There is no doubt that cyber-attack has become the great existential threat of our age, compromising the online existence of companies and individuals alike. But just as in ancient Babylon, a combination of basic hygiene and detection measures can and are being used to manage and reduce the threat.

During a programme that comprised three academic research presentations and a practitioner panel discussion, delegates were given detailed insight into the evolution of both the threat landscape and the defence mechanisms being employed across the financial services industry today.

In the first presentation, delivered by William Carter, associate director at the Washington- based Centre for Strategic and International Studies (CSIS), the full scale of the threat was laid bare. The global cost of cybercrime was estimated at more than $400 billion per year in a 2014 CSIS study, while the value of the cybersecurity market in 2017 is estimated at just $81.6 billion. Meanwhile the UN estimated in 2013 that as much as 17% of the online population are victims of cyber-crime and digital theft each year, whereas just 5% of the population are victims of physical crime.

The statistics clearly show this to be a rapidly growing problem that is not yet being effectively combated, but some of the underlying trends are even more concerning. The growth of mobile banking, particularly in the developing world, has multiplied the number of potential points of attack, increasing the vulnerability of the sector. The Internet of Things is connecting more and more everyday devices such as fridges and ovens, all of which can be used to launch cyber-attacks in ways that had never previously been anticipated.

The geography of cyber-crime is also evolving, with cybercriminals increasingly launching attacks from and targeting banks in the developing world. Banks in Asia have become a prime target as criminals can take advantage of comparatively weak regulatory environment and security practices.

Infrastructure development in the developing world has led to significant growth in digital banking in Africa, Latin America, and developing Asia, and has also fueled the growth of a cybercrime economy in these regions. Brazil, in particular, has become a hotbed of digital fraud. This is driven in part by the World Cup in 2014 and the Olympic Games in 2016, which brought many wealthy tourists to the country, but also by the growth of digital banking among Brazilians – an estimated 45% of banking transactions in Brazil are digital.

Attacker incentives are also evolving, Carter explained. The nation-state threat to financial institutions is growing again, and is motivated either by pure financial gain, or political gain by countries that might seek to influence their adversaries by threatening the financial system.