Search form

Languages

Do Bank Network Managers need to be Cyber Experts?

Thomas Murray | London | 01 July 2022

Roland Thomas

Corporate Development Manager

First published in Issue #9 of the TNF Journal in June 2022 to coincide with The Network Forum's annual meeting in London

50% of cyber-attacks originate through a third party, but Network Management teams are not doing enough to protect their banks from high-risk providers. Ultimately, this is IT Security’s responsibility, but they cannot be expected to understand the complex ecosystem of custody and post trade counterparties. The answer? Network Management and IT Security need to work hand-in-hand.

There is nothing so terrifying as a risk you do not understand. For most of us, cyber security is one such risk. We all know the horror stories: massive data breaches, crippling financial losses, and shady new-age criminals, sometimes state-sponsored, never found. $81 million was stolen from the Bank of Bangladesh in 2016 following a cyber-attack, and Banco de Chile took nearly two weeks to resume normal services in 2018 when ‘MBR Killer’ malware enabled attackers to transfer $10 million through the bank’s SWIFT system.

We are aware of the risks, and we know that they are growing. Cyber-crime is poised to wipe approximately $10.5 trillion off the global economy annually by 2025, up from $3 trillion in 2015. Most Financial Services companies have invested heavily in building security and resilience, but financial firms are also 300 times more likely than other institutions to experience attacks.


Members of Thomas Murray at The Network Forum Annual Meeting in London
Members of Thomas Murray at The Network Forum Annual Meeting in London


The key statistic, for attendees of The Network Forum, is that almost half of cyber-attacks originate through a third party. Consider what that means for a moment. Your bank may have a first-rate security team, a vast Enterprise Security budget and a tightly controlled attack surface, but that is only 50% of the picture.

Due to the interconnectivity of financial markets, a bank is only as secure as its supply chain, service providers and outsourcers – every third party, in short, that it relies on to deliver services to its clients, and especially those that hold client data and assets. The spillover risk of a cyber-attack on one financial institution is huge and could impact the operations of a market or even affect a bank’s liquidity. What does this mean for Network Managers?

Network Management teams do not need to be cyber experts. However, they do need to work closely with their banks’ IT Security and cyber teams. Some Network Management teams have already built sophisticated working relationships with the cyber experts in their banks: Network Management teams escalate IT due diligence responses for validation, whilst the Security teams provide continuous vulnerability monitoring of agent banks, CSDs, transfer agents and others.

After the infamous SolarWinds breach in late 2020 and the Log4J vulnerability discovered in late 2021, you can be sure that third-party cyber risk is firmly on IT Security teams’ agenda. But while they are cyber experts, they cannot be expected to be risk experts. It is Network Management’s job to educate them about the real-world implications of, for example, a CSD or Exchange halting operations due to Ransomware, a transfer agent suffering a data breach, or an agent bank being fined or shut down by the local regulator.

Do not assume that your bank’s IT Security team understands post-trade risk. Network Managers need to ensure IT Security work with them to reduce the likelihood of downstream service providers, probably unknown or ill-understood by IT Security, introducing vulnerabilities into their banks. Banks can build secure and resilient networks, but only when Network Management and IT Security work hand-in-hand.


Contact us to find out more or book a demo of our Cyber Risk tool to get started.


Robert Smith

Head of SaaS Sales and Customer Success

Contact our experts

Contact me for your free security rating, discuss your requirements or find out more about our Cyber Risk tool.

Book a demo

Want to see the tool in action? Book a demo and a member of our team will guide you through the platform and demonstrate how our tool can help you!

Recommend to read

Thomas Murray - News

25/07/2022 15:26

Cyber risk

Fund managers should not get caught out thinking they are a low-priority target: here’s how to identify risks and build resilience, to protect investor data and assets.

Thomas Murray - News

08/07/2022 13:09

Cyber risk

Philadelphia, PA June 7, 2022—The Business Intelligence Group today announced that Thomas Murray Cyber Risk has won the 2022 Fortress Cyber Security Awards in the Threat Detection category.

Thomas Murray - News

29/06/2022 09:49

Cyber risk

Thomas Murray attended for the first time the InfoSecurity Europe 2022 event at the ExCel London on the 21st – 23rd June

Thomas Murray - News

15/06/2022 11:00

Cyber risk

In a perfect storm of inflation, war and a pandemic, organisations are facing unprecedented pressure on their supply chains. Amid the crisis, supply chain cyber risks cannot be ignored.