Global Head of Securities Services
Professional cyber crime
“We have seen an increase in gangs or small criminal cells exchanging cyber attack tools and malware over the dark net. These tools are widely available
and can be acquired cheaply. Historically, criminals viewed cyber attacks as being too hard to perpetrate, but this has changed now that they are able to obtain tools and technical know-how easily and inexpensively. The acumen required to launch cyber attacks today is not that sophisticated,” said Cheri McGuire, Group Chief Information Security Officer at Standard Chartered.
In such an environment, it is inevitable that attacks are on the rise. The Cyber Security Breaches Survey 2016 found that 65% of large UK firms detected a cyber security breach or attack in the previous year. (1)
In the last few months, ransomware and malware has caused enormous business disruption. In May 2017, the UK National Health Service (NHS) was severely disrupted by cyber criminals, while in June 2017 hackers targeted institutions across 64 markets.
Securities services: On high alert
Financial institutions reported just five incidents to the Financial Conduct Authority (FCA) during the whole of 2014, compared to 75 in the first nine months of 2016. (2)
Within the industry, the securities services sector received a huge shock following the breach at Bangladesh Central Bank when $81 million was stolen by criminals using the Bank’s credentials to obtain Swift access and established fraudulent bank accounts to receive and transfer misappropriated funds. (3)
Industry responses to cyber crime
Cyber threats are fluid and are becoming increasingly advanced and sophisticated. Recognizing this, regulators are wary of introducing prescriptive legislation which will become obsolete within a few years or even in a few months’ time. “Prescriptive regulation will solve yesterday’s problem, but it will not solve tomorrow’s problem,” said Nick Seaver, partner at Deloitte’s UK Information and Technology Risk Group.
Where regulations do apply, they are unlikely to be the same across jurisdictions. Inconsistent or divergent applications of cyber regulation create other problems for global organizations as they must implement different solutions on a per market basis creating complexity and therefore risk. It can also exacerbate the likelihood of criminals identifying weak spots to wreak harm on businesses.
Together with the industry responses, financial firms are building stronger security cultures, developing closer collaboration between in-house information security teams and senior management, to help develop security policies that are both expert and authoritative.
As part of building a strong cyber awareness, firms have been educating technical and non-technical staff about the risks of phishing and other forms of social engineering for the past few years, and many have a disciplinary framework in place for those who are casual about the risks.
However, the lack of diversity in cyber teams has given rise to much discussion. Diversity drives at least two key benefits; helping to improve the quality of our thinking and helping to bring more people into the fight against cyber crime.
With regards to better performing teams, Patrick Wheeler, a leading cyber security consultant, makes the case for more diverse groups as follows: “The cyber realm is usually occupied by males over a certain age with a similar technical background. There is a low degree of diversity and with it, cognitive diversity. Hiring more women with the same background as those males is not necessarily going to change things. It is critical not only more women, but also ethnic minorities and persons with different skill sets and personal backgrounds, are introduced into the world of cyber to grow our cognitive diversity,”
Diversity is also key to plugging the enormous talent gap in the cyber security industry.Cybersecurity Ventures said there were an estimated one million cyber job openings in 2016 pointing out that 209,000 cyber roles lay unfilled in the US.(4) Cyber roles at organizations globally are overwhelmingly occupied by males. In APAC, women comprise just 10% of cyber roles, for example. (5) The training and recruitment of women who are already working into those roles would open up a new talent pool to help meet urgent demand.
“The cyber security industry is at negative employment and global leaders in the US, UK, India and other nations have talked about the shortages of expertise in this domain. If institutions want to be able to protect and defend their infrastructure, they need to find the right talent. This is a priority agenda item for many CEOs and government leaders,” commented McGuire.
(1) Klahr, Rebecca, Sophie Amili, Jayesh Navin Shah, Mark Button and Victoria Wang. “Cyber Security Breaches Survey 2016.” GOV.UK, May 2016. [Online]
(2)Cyber attacks against UK financial industry on the rise – FCA.” Financial Times, 21 September 2016. [Online]
(3)“SWIFT action: Preventing the next $100 million bank robbery.” PwC, June 2016. [Online]
(4) Morgan, Steve. “Cybersecurity jobs report.” Cybersecurity Ventures, 2017. [Online]
(5)2017 Global Information Security Workforce Study
About the Author
Euromoney and Standard Chartered will be running a series of webinars on securities services. The next will be ‘The fight against cyber crime in financial services: how prepared are you?’ on September 26. Find out more.
This material has been prepared by Standard Chartered Bank (SCB), a firm authorised by the United Kingdom’s Prudential Regulation Authority and regulated by the United Kingdom’s Financial Conduct Authority and Prudential Regulation Authority. It is not independent research material. This material has been produced for information and discussion purposes only and does not constitute advice or an invitation or recommendation to enter into any transaction.
Some of the information appearing herein may have been obtained from public sources and while SCB believes such information to be reliable, it has not been independently verified by SCB. Information contained herein is subject to change without notice. Any opinions or views of third parties expressed in this material are those of the third parties identified, and not of SCB or its affiliates.
SCB does not provide accounting, legal, regulatory or tax advice. This material does not provide any investment advice. While all reasonable care has been taken in preparing this material, SCB and its affiliates make no representation or warranty as to its accuracy or completeness, and no responsibility or liability is accepted for any errors of fact, omission or for any opinion expressed herein. You are advised to exercise your own independent judgment (with the advice of your professional advisers as necessary) with respect to the risks and consequences of any matter contained herein. SCB and its affiliates expressly disclaim any liability and responsibility for any damage or losses you may suffer from your use of or reliance on this material.
SCB or its affiliates may not have the necessary licenses to provide services or offer products in all countries or such provision of services or offering of products may be subject to the regulatory requirements of each jurisdiction. This material is not for distribution to any person to which, or any jurisdiction in which, its distribution would be prohibited.
You may wish to refer to the incorporation details of Standard Chartered PLC, Standard Chartered Bank and their subsidiaries at http://www.standardchartered.com/en/incorporation-details.html.