Former Federal Reserve chairman Ben Bernanke urged banks to spend more on bolstering their cybersecurity to fend off increasingly sophisticated attacks by hackers to vulnerable international networks.
His comments follow high-profile hacks of major financial institutions such as JP Morgan and Standard Chartered. Bernanke underscored the vulnerability of the banking networks, which are rapidly digitizing, connecting to more banks and reaching across borders.
Cybersecurity fears have risen sharply among bankers, brokers and investors who cited increased an “frequency and sophistication of cyber attacks” since last year, during a survey conducted between January and March by market infrastructure firm Depository Trust & Clearing Corp.
“It is one of the security risks that I would place very near the top of the things that the financial sector needs to work on,” Bernanke said to a gathering of financial professionals in Hong Kong on Tuesday.
Only 42% of chief risk officers felt their financial institution was extremely or very effective when it came to cybersecurity according to a survey by Deloitte Touche Tohmatsu of 71 financial institutions released earlier this month.
“There were many, many attempts to hack the Federal Reserve – and some moderately successful ones, not into the deep information but some of the websites,” said Bernanke who was chairman of the US Federal Reserve from 2006 to 2014.
A British man, Lauri Love, was charged last year with hacking into the Fed’s computer servers between 2012 and 2013.
“It’s something that regulators, governments and the banks should put a lot of resources into,” he added during a Q&A at a lunch hosted by spot gold trader First Asia Merchants Bullion at the Grand Hyatt Hong Kong’s poolhouse.
JP Morgan last year found itself under siege from hackers, who gained access to the e-mail addresses and phone numbers of some 83 million US households and small businesses. Standard Chartered found itself in the cross hairs of Singapore’s regulator last year after bank statements belonging to 647 private wealth clients were stolen from a server at its printing company Fuji Xerox.
Consultants and industry players say banks are boosting spending on cybersecurity. In a 2014 PwC global survey of financial institutions, 75% of respondents said they were set to increase security spending in the next 12 months compared with the previous year.
At a conference last year, shortly after JP Morgan experienced the breach, CEO Jamie Dimon said the US bank would likely double cybersecurity spending in the next five years having spent about $250 million in 2014.
“The awareness is there, people understand how serious it is, but it’s a very difficult challenge because they're very clever and it keeps changing and there are many points of entry,” said Bernanke who is now an economist at the Brookings Institution.
“The financial system is integrating, have to trade between one bank and another, across borders so there are always going to be weak spots,” he said.
Lack of international response
Given the global nature of cyber attacks, industry bodies such as the Asia Securities Industry & Financial Markets Association says that there is a need for more cross-border co-ordination.
However most of the work has been done at individual legislatures. In Hong Kong, the ordinance for data protection was amended in April 2013, introducing tighter restrictions on the use of personal data for direct marketing. Meanwhile, the Hong Kong Monetary Authority in October last year issued a circular to banks and other institutions with enhanced requirements for data protection.
“There is obviously coordination across governments and the like but security agencies don’t necessarily work well together,” sighed Bernanke.
The shift in banking from brick and mortar branches to mobile banking has left customers more vulnerable to cyber attacks. In South Korea, a Chinese cybercriminal group dubbed the “Yanbian Gang” used fake mobile apps to steal data and siphon millions from mobile banking customers over a period starting in 2013. The hacking group targeted customers from KB Kookmin Bank, Hana Bank, Shinhan Bank, Woori Bank, and NH Bank, according to security software firm Trend Micro.
“All the wealth you and I and everyone in the room owns – its all just little electrons in space,”
Additional reporting by Denise Wee