Getty Images

Sibos 2018: ‘Black swan’ cyber event is inevitable

With security experts and bankers expecting a 9/11-style cyber event, deeper collaboration between companies and governments is necessary to identify emerging threats before they occur

Cyber security experts and most of the world’s leading bankers believe a 9/11-style cyber event is now inevitable.

As 7,000 bankers and bank technologists gathered in Sydney for the Sibos 2018 global conference this week, cyber security, artificial intelligence, robotics and quantum computing were the key technology issues on the agenda.

An online poll of more than 1,000 people attending one of the cyber security sessions revealed that 83% now expect some sort of 9/11 or Black Swan-type cyber event will happen.

The three panellists at the session – Jacqueline McNamara, Telstra’s head of cyber security; Dmitry Samartsev, CEO of Bi.zone, the security arm of Russian bank Sberbank; and independent security architect Troy Hunt – agreed with that view.

Samartsev said current geopolitical turbulence made such an event more likely than not, and painted a chilling picture of what such a cyber catastrophe might look like.

The worst scenario, he said, could be cyber criminals launching a distributed denial-of-service (DDoS) attack on bank networks, coupled with a huge information attack on social networks to spread fear among people that the banks are going down.

This could lead to a domino effect if citizens rush to withdraw their money, leading to a run on the banks.

“So you have trouble with liquidity, trouble for the central banks and the government,” said Samartsev, noting that it was critical for companies and governments to collaborate in order to identify emerging problems and shut down organised cyber criminal operations quickly.

Agreeing, McNamara said cyber security cooperation should be part of proactive planning for cyber events, and not be viewed as a distraction from normal operations. However, she thought the scenario suggested by Samartsev, although credible, would have a different author.

McNamara said a massive 9/11-style cyber attack would most likely be orchestrated by nation states rather than cyber criminals, because such an event would lead to a loss of liquidity – which means criminals would lose access to cash.

However, McNamara and Samartsev agreed on the need to continually educate staff about the risks of phishing.

Read more about cyber security in Australia

When Bi.zone started running its own phishing tests to gauge the risk of employees downloading malware by clicking on a suspect email, 60% of Sberbank’s 300,000 employees fell for the scam. That figure has now dropped to 1%.

McNamara said Telstra had run a three-year phishing education campaign, but it was still possible to trick employees into clicking a link.

One campaign in October 2018 appeared to send staff a colleague’s payslip, she said, “and 60% of people opened it”. This proved the need for ongoing education programmes, she added.

While internal cyber security education is a must, the Reserve Bank of Australia also raised the prospect at Sibos of local banks being subjected to annual penetration testing to assess their cyber security preparedness.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close