30 July 2014

67447

Dan Barnes - Information Corporation

47 | posts 56,903 | views 8 | comments

Future Finance News Analysis

Finextra and Oracle have gathered together some of the industry's top thought leaders to assess the key trends and issues within transaction banking, regulations and retail banking. This group will analyse the latest news on upcoming regulations, new service offerings and industry issues shaping the new financial services landscape with regular blog posts, video interviews, webcasts debates and surveys.

Smartphones can unlock bank vaults

15 April 2014  |  1195 views  |  0

Apps are making the banking sector more vulnerable to cyber-attack, say European regulators, who recommend that firms hold capital as insurance against such an event. The ‘Joint Committee Report on risks and vulnerabilities in the EU Financial System’ is just as applicable to financial institutions elsewhere in the world, providing an assessment of the challenges that they face in delivering innovation, under intense scrutiny from regulators and predatory criminals. If read alongside the reports from last year’s cyber-attack scenarios in the UK and US (Waking Shark 2 and Quantum Dawn 2), it is clear that vulnerabilities are opening up while an industry-wide consciousness of the risks that an attack poses are relatively nascent.

 

Q: Do regulators think that iPhones are going to bring down the markets?

A: The report, produced by the European Securities and Markets Authority (ESMA), the European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA) and the Joint Committee of European Supervisory Authorities, says, “Pressure to get products to markets, particularly in the mobile space, is also a source of risk as sufficient time to test before go-live dates is squeezed.” So really they are warning that competitive pressures might lead to shortcuts. They note that outsourcing and cloud computing should be carefully supervised in the same vein.

Q: Budgets are tight and profits are a bit wobbly…

A: Exactly. So taking risk is the only way to try and keep ones head above water. Or rigging the markets, but no-one would do that.

Q: Haven’t banks passed their annual ‘Virus and hackers’ exam?

A: In the UK and US they underwent tests last year to see if they could weather attacks, however certain banks in the UK (and elsewhere) have seen their websites taken out of action by denial-of-service attacks and a reliance on legacy systems across the industry means that there are a few weak spots which could be vulnerable. Besides, an attack on an app might not want to take a bank out – it might want to keep it alive so it can feed off of its customers’ accounts.

Q: A financial mosquito?

A: Quite. The test showed that it would be hard to take out the whole capital markets infrastructure, even with a lot of aggression (the US event included a sell-off in target stocks using stolen administrator accounts; counterfeit and malicious telecommunication equipment to hamper the investigation into the sell-off; fraudulent press releases on target stocks; a distributed denial of service attack; corruption of the source code of an equity market application; a phishing scam; and a custom virus attacking post-trade processing). Most financial infrastructure firms were hit by cyber-attacks in 2012, goodness knows how much the banks are getting hit for.

Q: So what do regulators recommend?

A: Put more in the IT budget and don’t think of it as a flexible cost – “it is important to ensure that IT systems and related internal controls are safeguarded against adverse budgetary implications.”

They also warn against the use of outdated legacy kit, noting that, “interaction with legacy or heterogeneous IT systems deserves heightened attention, as particular weaknesses, such as inability to cope with volume of use, can be identified here… even the maintenance of existing infrastructures is not sufficiently addressed in some cases, and needs to rapidly adapt to new threats which are not always fully provisioned within existent budgets.”

Q: So buy more technology?

A: Stop using steam engine-run mainframes.

 

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Dan

Google search: What’s my credit score?

01 July 2014  |  1699 views  |  0  |  Recommends 0 TagsRisk & regulationInnovationGroupFuture Finance

Trade finance creates a 10 billion dollar risk

11 June 2014  |  1550 views  |  0  |  Recommends 0 TagsRisk & regulationWholesale bankingGroupFuture Finance News Analysis

Bad as gold

29 May 2014  |  1536 views  |  0  |  Recommends 1 TagsRisk & regulationWholesale bankingGroupFuture Finance News Analysis

Is Bitcoin mo' money or no money?

29 May 2014  |  1165 views  |  0  |  Recommends 1 TagsVirtual currencyRisk & regulationGroupFuture Finance
name

Dan Barnes

job title

Writer

company name

Information Corporation

member since

2013

location

London

Summary profile See full profile »
Award-winning, freelance financial journalist. Specialist in many areas, including; sell-side exe...

Dan's expertise

What Dan reads
Dan writes about

Who is commenting on Dan's posts

Ketharaman Swaminathan
Dave Kershaw
Jorge Yui
Ponnusamy Selvaganapathy
Christopher Mc Carthy