With the increased visibility and impact of cyber-attacks on financial institutions, regulators and other enforcement authorities are enhancing the cybersecurity requirements for the financial services industry. The New York State Department of Financial Services (DFS) has taken a leadership role by imposing specific “minimum standards” for regulated institutions. These standards are intended to address the risks to customer information and the integrity of core banking infrastructure, for which persistent vulnerabilities implicate the very safety and soundness of the broader financial system.
These risks materialized most clearly in the heist at Central Bank of Bangladesh last year, whereby hackers gained access to the bank’s SWIFT messaging system and sent fraudulent wire payments totaling close to $1 billion—$80 million of which were successful. This attack was not isolated. Most recently, on April 10, 2017, the Wall Street Journal reported additional details regarding the elaborate attempted cyber heist of the Union Bank of India in July 2016. Fortunately, quick detection of the malware prevented a loss of close to $170 million. Reports note the similarities in malware used in the attacks on the Union Bank of India and the February 2016 theft from the Bangladesh Central Bank. Some reports have linked the hacking tools used in these bank compromises to those used by North Korea to attack Sony Pictures in 2014 in response to the release of the movie “The Interview.”
