BCBS Calls on Banking Sector to Enhance Cyber Defences

Remote work arrangements and digital financial services have “enlarged banks’ attack surfaces”, creating opportunities for malicious actors, the BCBS said. 

The BCBS (Basel Committee on Banking Supervision) is calling for increased efforts to strengthen banks’ cyber security and improve their resilience to cyber threats.

In a newsletter, the BCBS said cyber threats and incidents – such as ransomware attacks – pose risks to the safety and soundness of individual banks, as well as the stability of the financial system.

Amid the pandemic, remote work arrangements and the increased use of digital financial services have “enlarged banks’ attack surfaces”, creating opportunities for increasingly sophisticated malicious actors, the newsletter said.

“Targeted attacks on banks’ third-party service providers, including third-party software banks commonly use and intragroup entities, are also a stark reminder that cyber security measures should take into account operational dependencies on such providers.”

The newsletter highlights two BCBS documents that can help bolster bank resilience to cyber incidents, including those arising from outsourcing arrangements. These are the Principles for the Sound Management of Operational Risk (PSMOR) and the Principles for Operational Resilience (POR).

The BCBS urges banking authorities to encourage financial institutions to adopt tools, effective practices and frameworks for cyber risk management that are aligned with widely accepted industry standards.

These include the National Institute of Standards and Technology (NIST) Cybersecurity Framework, International Organization for Standardization (ISO) 2700x, and the Center for Internet Security Critical Security Controls.

“Adopting such approaches will allow banks to better identify, assess, manage and mitigate their exposures to cyber risks, including those arising from third-party service providers,” the BCBS said. “The Committee believes that in the current environment banks must continually strive to improve their resilience to cyber security threats and incidents.”

The BCBS said it will monitor and assess efforts by banks to safeguard the…