The white-knuckled weekend of March 9th left some of the most high-profile tech companies and venture capitalists in limbo as the go-to bank for US tech startups came rapidly unglued—dragging down banking shares around the world.
After a high-octane series of events and losing almost $80 billion (about $250 per person in the US) of its market value, many are now wondering if the Silicon Valley Bank crisis is the same or worse than the 2008 Lehman Brothers bankruptcy, an event that triggered a historic financial crisis.
SVB’s meltdown, and its revival under the ownership of regulators, has certainly warranted its fair share of hot takes, but one key takeaway from this fiasco is that banks, no matter how far apart, are intertwined—and the ripple effect of one is bound to hit others eventually. All the more reason security and privacy teams at financial institutions should have proactive measures in place to mitigate the risks of cyberattacks.
More Connected and Less Protected?
In late 2019, G7 Finance Ministers met Central Bank Governors in a meeting organized by finance ministries, central banks, regulators, and financial market authorities, where G7 announced a joint cross-border crisis management exercise on a cyber incident affecting the financial system.
The Panel solemnly agreed that the increasing cyber risks posed a “genuine and growing threat” to the stability and integrity of the global economy and financial sector.
To that note, can operational and technological interconnections be Financial Sector’s Achilles heel?
Banks interconnected through financial and operational networks are vulnerable to a cascading series of cyberattacks. One getting compromised can spur a domino effect on others. The impact of the financial contagion of a central bank can spill over into the broader financial system, throwing a wrench into global finance operations by impairing the flow of credit between financial firms.
What Are the Experts Saying?
In a pre-mortem analysis on “Cyber Risk and the U.S. Financial System”, economists Thomas Eisenbach, Anna Kovner and Michael Junho Lee model how a cyberattack may be amplified through the U.S. financial system, focusing on the wholesale payments network.
“We estimate that the impairment of any of the five most active U.S. banks will result in significant spillovers to other banks, with 38% of the network affected on average.” Write the authors. A reverse stress test also demonstrates that targeting clusters of small banks can have a similar and substantial impact on the entire network.
Clearly, in a nightmare scenario for businesses, governments, and people with money in a bank, the researchers found a successful attack holds the potential to drag the entire economy to its knees.
So, what are the likely scenarios that could trigger the next financial crisis?
A solid triggering point could be an attack by the likes of international hacker groups such as the Syrian Electronic Army, Fancy Bear, Lazarus Group, or Anonymous group.
Carabank, for instance, a mysterious hacking group that surfaced in 2013, has managed to extract almost $ 1 billion from banks worldwide. The sophistication and prudence of such groups are only getting better and more extreme. An assault on a major central bank, stock exchanges, ATM networks, the SWIFT interbank messaging system, or the Federal Reserve could trigger severe economic consequences.
The possibility of an attack from lesser-known actors, including corporate spies, hacktivists, and criminal organizations, that snowballs into something big cannot be overlooked either. The ripple effect of such attacks can quickly escalate beyond its original intent.
The consequences of such attacks, whether intentional or unintentional, could be severe. Financial networks, including payment systems, online banking, and ATMs, could come to a standstill. International banks will be unable to settle transactions causing widespread panic and a sense of financial ambiguity.
Here is how it will lead to financial uncertainty and a potential crisis:
- Service Disruption: A breach that disrupts financial services could lead to substantial financial losses for individuals and businesses. For instance, if an attack takes down a central bank's website or online banking services, customers may not be able to access their accounts, transfer funds, or make payments, leading to financial chaos.
- Market Instability: If hackers manipulate stock prices or disrupt trading platforms, it could lead to market instability and a financial crisis.
- Systemic Risk: Such a situation may occur if a breach targets a clearinghouse or other financial infrastructure that acts as a central hub for transactions between financial institutions. If the clearinghouse fails, it could trigger a chain reaction of defaults and losses that could spread throughout the financial system.
- Data Loss: A cybersecurity breach could also lead to significant data loss, resulting in serious financial consequences.
- Critical Infrastructure Compromise: Financial institutions rely on critical infrastructure such as payment systems, exchanges, and clearinghouses to conduct transactions and manage risk. Transactions could fail as liquidity is trapped, household and companies could lose access to deposits and payments.
While it’s highly likely that the central banks will be quick to bounce back on their feet, the recovery would be slow, and the effects would linger.
Preventing attacks on such a scale is a complex and ongoing challenge that requires a multi-pronged approach involving technical, legal, and diplomatic efforts.
But, if you are a Bank or any other financial institution within the Banking, Financial Services, and Insurance space, then these are some of the questions that you should ponder over.
- Does your data security tool help consolidate the key management operations and help improve efficiency?
- How many manpower resources in finance and banking firms are needed to manage and support the crypto operations using KMS?
- Does the data security tool offer integrated data security with capabilities like Tokenization, Secrets Management, Database Encryption and App-level Encryption from a single pane?
- Is your solution scalable to support higher financial transaction volumes?
- Does it offer specific controls like Hold-Your-Own-Key to meet user-defined compliance policies, such as quorum approval?
Fortanix Data Security Manager: Security You Can Bank On
You can make use of these twelve best practices for banking and financial cybersecurity compliance to get a complete view of your organization’s most critical data and systems and protect them with the right cybersecurity controls.
Fortanix has been working with some of the most prominent names in the banking and financial industry and helping them secure their data through data security services that include but are not limited to data encryption, key management, tokenization, FIPS 140-2 L3 grade HSMs and an array of other data security services.
You can read more about our data security capabilities in the Fortanix Data Security Manager Solution Brief here.
Want to know more? Feel free to reach out to us.
Interested in a free trial? Click here.