By Dr. Guy Bunker @guybunker
Greg Medcraft, chairman of the board of the International Organisation of Securities Commissions (IOSCO) - a global watchdog this week predicted that the next big financial shock is inevitable and will be the result of a cyber-attack. This news follows a spate of cyber-attacks on major global players, including the Heartbleed bug and eBay data breach.
This warning reiterates concerns that major organisations are not adhering strictly enough to data protection regulations or putting in place basic measures and policies to ensure that 100% of all stakeholders’ information is being safeguarded 100% of the time. In fact, the main leak is still the Enemy Within. Despite 83% of organisations suffering a data security incident in 2012, according to our latest research, focus is misguided with internal threats emerging as more significant danger than external threats
While regulators are looking at producing a global “toolbox” next year to help assess the readiness and strength of firms’ cyber security measures and technology, in the UK we’re already putting in place official certifications. Earlier this month, Barclays became the first major firm to gain cyber security certification. This will naturally prove useful in adding weight to Barclays’ success in digital banking. The major player’s latest digital marketing campaign is heavily focused on educating the older generation on digital skills and, with 34% wary of using mobile banking due to the security fears, it’s clear that cyber security certifications are a strong – and necessary- way to build trust with consumers.
In light of the comments from Richard Horne, cyber security partner at PwC, that “financial markets are globally interconnected and dependent and the financial system is only as strong as its weakest link”, the significance of the UK’s Operation Waking Shark is put in the spotlight. This white hat hacking operation endeavours to expose any weak links in the value chain to prevent cyber hackers gravitating towards them and exploiting them, with serious repercussions. Whether it’s an entry point into a smaller company that has a data exchange in email communication with a larger company, or a direct link to a vast customer data base, all organisations, especially financial institutions, cannot afford to relinquish responsibility for the information they are responsible for.
While it’s clear that in the UK we are putting measures in place to strengthen the cyber security of the finance industry, as well as wider organisations, this can only be relied upon if replicated on a global scale and so IOSCO’s warning is timely. It’s essential that cyber security in the financial markets is a global focus to ensure that all critical information is protected. Too often we’re hearing about reactive activity around data breaches rather than proactive cyber security policies and technologies being instilled by as preventative measures.