BCBS calls on the banking sector to strengthen cyber defenses
Remote working arrangements and digital financial services have “widened the attack surfaces of banks,” creating opportunities for malicious actors, the BCBS said.
The BCBS (Basel Committee on Banking Supervision) calls for redoubled efforts to strengthen the cybersecurity of banks and improve their resilience in the face of cyberthreats.
In a newsletter, the BCBS said cyber threats and incidents – such as ransomware attacks – pose risks to the security and soundness of individual banks, as well as to the stability of the financial system.
Amid the pandemic, remote working arrangements and increased use of digital financial services have “widened the attack surfaces of banks,” creating opportunities for increasingly sophisticated malicious actors, according to the bulletin.
“Targeted attacks against banks’ third-party service providers, including third-party software commonly used by banks and intragroup entities, are also a stark reminder that cybersecurity measures must take operational dependencies into account. of these suppliers. “
The bulletin highlights two documents from the BCBS that can help strengthen banks’ resilience to cyber incidents, including those resulting from outsourcing arrangements. These are the Principles for Sound Operational Risk Management (PSMOR) and the Principles for Operational Resilience (POR).
The BCBS urges banking authorities to encourage financial institutions to adopt cyber risk management tools, practices and frameworks aligned with widely accepted industry standards.
These include the National Institute of Standards and Technology (NIST) cybersecurity framework, the International Organization for Standardization (ISO) 2700x, and the Center for Internet Security Critical Security Controls.
“Adopting such approaches will allow banks to better identify, assess, manage and mitigate their exposures to cyber risks, including those from third party service providers,” said BCBS. “The Committee believes that in today’s environment, banks must continually strive to improve their resilience to cybersecurity threats and incidents. “
The BCBS said it will monitor and evaluate the efforts of banks to protect the confidentiality, integrity and availability of their data and systems in the face of cyber threats.
The newsletter’s publication follows the BCBS meetings held on September 15-20, where risks and vulnerabilities in the global banking system were assessed and supervisory and policy initiatives were discussed.
The BCBS also discussed climate-related financial risks, seeking to assess to what extent the current Basel framework adequately mitigates these risks.
As part of this work, the BCBS is developing a set of related supervisory practices, which it plans to review later this year. It will also consider whether additional disclosure, monitoring and / or regulatory measures are required.
The meetings also discussed the impact of the ongoing digitization and disintermediation of finance on the banking system, with a focus on retail banks.