Banks face a growing risk of cyber-attacks as the coronavirus crisis accelerates the shift to digital banking and remote working, Moody’s Investors Service said in a report.
“Social distancing has created a surge in demand for contactless payments, digital cash transfers and online banking, as well as remote working by bank employees,” said Alessandro Roccati, Senior Vice President at Moody’s.
Banks’ digital customers are a natural target for fraudsters via phishing emails or social engineering scams. And if bank employees use devices at home to access office networks, they are more likely to be or become infected with malware or spyware; unsecure home Wi-Fi networks may use routers with weaker security.
Cyber-attacks are mostly financially motivated and seek easily monetised data stored by the victim organisations. Attacks have various, and sometimes multiple, goals but the vast majority target personal data, with a minority focused on credentials and bank data, the report said.
Cyber-attacks in the financial sector are mostly perpetrated by external actors (64 per cent of data breaches), mostly through web applications and errors made by company employees, according to a recent report by Verizon. The major motivation is to get easily monetised data (77 per cent of data breaches)
The report added that banks mitigate cyber risk in three ways. The first is strong corporate governance, including cyber-security frameworks, policy enforcement and reporting. The second is risk prevention and response, and recovery readiness. And the third is information-sharing with other banks, and adoption of international standards and regulatory oversight.
These measures combined mean banks’ cyber-readiness exceeds that of most other sectors, Moody’s said.
Corporate managers are well aware of the cyber threat. According to a recent report from the World Economic Forum, the fourth most worrisome fallout for companies from the spread of coronavirus is an increase in cyber-attacks and data fraud.