Banks and other financial institutions present a prime target for cybercriminals due to the large amounts of financial and personal data they store.
“The potential for people to steal money, the potential to steal people’s identities, is particularly high,” Dr Jacqueline Craig FTSE, a research fellow at the Australian Academy of Technology and Engineering (ATSE), told Fintech Business.
A report from the ATSE says that financial institutions – along with many other digital soft targets – can never be entirely safe from cyber attack and need to focus on enhancing their “cyber resilience”.
That involves understanding critical dependencies and system vulnerabilities, as well as creating techniques for predicting likely threats, tools for achieving real-time comprehensive cyber situational awareness, and methods for ensuring business continuity in the face of cyber attack.
“It’s very important for any industry but particularly for the financial industry,” Dr Craig said.
The ATSE report also suggested that the federal government establish regulation regarding the liability of providers of cyber goods and services for data security and privacy.
Many banks and other financial institutions use outdated or “legacy” IT systems that are more vulnerable to attack.
In its October Financial Stability Review, the RBA also noted a high degree of common system use across banks, meaning that attempts to disrupt financial markets could easily spread to multiple targets.
“A successful attack on an institution could even result in a lack of confidence in the banking system more broadly, with potential withdrawals of funds from financial institutions and liquidity issues for the financial system,” RBA assistant governor Michele Bullock told the CBA Global Markets Conference in 2018.