The financial sector is synonymous with cybercrime in many ways; after all, it’s all about the money. Fraud, bank account theft, money-laundering, personal data breaches and terrorist funding are some of the attack types affecting financial institutions. The financial sector is critical infrastructure and as such, is a prime target for cybercriminals. This is borne out by the fact that according to the Financial Conduct Authority (FCA), in 2017, there was an 80% increase in cyber-attacks against financial institutions. The report in 2017, Cost of Cybercrime Study by Accenture and the Ponemon Institute, found that financial services had higher costs associated with cybercrime than any other sector. In the UK, the figure for financial losses due to fraud, stands at £705.7 million for the first half of 2018.
The many facets of financial cyber-attacks have revealed themselves over the years. Going back over the last five years, we have seen severe incidents hitting the financial sector. This includes the data breach in 2017 at payday lender, Wonga, which affected 270,000 people. The attack, which involved over 146 million people, 15 million of them in the UK, resulted in a large share price drop for Equifax. It also saw Equifax fined £500,000 in the UK, the maximum amount before the GDPR was enacted in 2018.
When banks design their journeys toward a unified operating model for financial crime, fraud and cybersecurity, they must probe questions about processes, people and organisation, data and technology and governance. Most banks begin the journey by closely integrating their cybersecurity and fraud units. As they enhance financial crime and fraud in the age of cybersecurity, information sharing and coordination across silos, greater risk effectiveness and efficiency become possible. To achieve the target state they seek, banks redefine organisational lines and boxes and, even more importantly, the roles, responsibilities, activities and capabilities required across each line of defence.
Most have stopped short of fully unifying the risk functions relating to financial crimes, though a few have attained a deeper integration. A leading US bank set up a holistic centre of excellence to enable end-to-end decision making across fraud and cybersecurity. From prevention to investigation and recovery, the bank can point to significant efficiency gains. A global universal bank has gone all the way, combining all operations related to financial crimes, including fraud and AML, into a single global utility. The bank has attained a more holistic view of customer risk and reduced operating costs by approximately US$100 million.
As criminal transgressions in the financial services sector become more sophisticated and break through traditional risk boundaries, banks are watching their various risk functions become more costly and less effective. Leaders are, therefore, rethinking their approaches to take advantage of the synergies available in integration. Ultimately, fraud, cybersecurity and AML can be consolidated under a holistic approach based on the same data and processes. However, most of the benefits are available in the near term through the integration of fraud and cyber operations.
Non-state actors and the financial market
North Korea is an emerging actor overall, but they could fall into the established category for cybercrime. During the past decade, the North Korean government has sponsored cyber operations of increasing sophistication aimed at financial gain for the regime and intelligence collection. They have also used cyber attacks as a means of signalling displeasure for perceived slights to the power. Across this range of motives, the North Koreans have shown a higher risk tolerance for aggressive cyber activity than other emerging actors.
The North Korean regime has used cyber means to acquire funds to avoid international sanctions since at least 2015. The vast sums stolen in multiple operations spanning years suggest this country may fall in the established category in our framework, at least in cybercrime. Their success likely stems in part from adroit exploitation of technological trends by North Korean cyber actors. They have taken advantage of security weaknesses in financial institutions, the difficulty of tracing cryptocurrencies and global money laundering networks.
According to press reports, North Korea has used cyber operations to steal as much as US$2 billion to generate income and sidestep United Nations (UN)-imposed sanctions. A criminal complaint was lodged in June 2018 by the US Department of Justice (DOJ) against North Korean actor, Park Jin Hyok. In August 2019, that detailed a still-unpublished UN report was investigating at least 35 reported instances of DPRK actors attacking financial institutions, cryptocurrency exchanges and mining activity designed to ear foreign currency in some 17 countries, according to the same press report. The transfer in February 2016 of US$81 million from the Bangladesh Bank and in computer intrusions and cyber heists having attempted losses of over US$1 billion from 2015 to 2018. A South Korean intelligence agency in early 2018 reportedly informed South Korea’s National Assembly of North Korean involvement in the heist in January 2018. Despite North Korea as success with cyber-enabled theft, the global Wannacry malware outbreak in May 2017 highlights the potential dangers of unintended consequences from cyber operations employing virulent software exploits.
North Korea is not connected to the global financial system. Then how they gain financially remains a question unanswered.
By Sanjana Rathi
For more information about CyberPeace Dialogue 2020, please visit: https://thecyberdiplomat.com/cyberpeacedialogue/