Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







ECB Assesses Europe Financial Sector’s Cyber Resilience

Executive Summary

The IT systems of banks have become attractive targets for criminals, and the European Central Bank (ECB) has observed an increasing number of cyberattacks. In response, the ECB’s banking supervision is conducting a stress test to identify vulnerabilities in banks under its direct supervision and evaluate their cyber resilience against potential cyber threats.

ECB’s Concerns

Anneli Tuominen, ECB banking supervisor, emphasises the increasing threat, stating that the number of cyberattacks on IT systems has surpassed pre-COVID-19 levels. While banks in the eurozone have demonstrated resilience so far, Tuominen warns of the possibility of a severe attack destabilising institutions or the banking system.

That is a concerning possibility, given the global incidents that have resulted in significant operational disruption and financial impact. For example, the ransomware attack on the Industrial and Commercial Bank of China (ICBC), which is known as the world’s largest bank by assets. Please refer to our news article for more information about that attack.

Additionally, the supervisors are closely examining areas where banks outsource IT processes to third-party providers. Tuominen expresses the view that cost-saving measures through outsourcing do not necessarily align with good risk management. The ECB is keen on understanding and mitigating the risks associated with outsourcing, especially in relation to external service providers like IT or cloud providers.

As a result, the ECB has decided to conduct its first stress test on cyber risks in January. The test will involve 109 significant banks that the ECB directly supervises in the eurozone.

Stress Test Details

The goal is to conduct a thorough assessment of the banks’ cybersecurity measures, incident response protocols, and overall resilience to cyber threats.

Anneli Tuominen, ECB banking supervisor, has highlighted the importance of this test in evaluating how banks respond, recover, and resume normal operations in the event of a significant cyber threat.

Out of the 109 significant banks directly supervised by the ECB, 28 will undergo an extended version of the stress test. This extended test will require these banks to provide more detailed information, although the specifics of the additional information have not been disclosed.

A Recent Cyberattack Targeting German Banks

Highlighting the urgency, a recent cyberattack on the account switching service provider Majorel resulted in a significant data breach. Cybercriminals stole over 144,000 records from major German private customer banks, including Postbank, a subsidiary of Deutsche Bank, and ING Germany. The stolen data is reportedly available on the Darknet.

Closing Comments

The ECB’s stress test reflects the urgency of securing financial institutions.

Tuominen’s warning serves as a reminder of the potential vulnerabilities, emphasising the need for continuous vigilance and preparedness in the face of evolving cyber threats.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.