Information checkedInformation unaudited Information geprüft Information ungeprüft There is huge potential for danger
Question: what do you need to rob a bank? Previously, the answer would have been “a plan, a gun and a nylon stocking”. Now, you need a plan and a few ones and zeros. After all, the biggest risk of being attacked is now no longer to be found lurking at the counter, but through cyberattacks on the net. LLB, too, has to face up to this new danger.
The number of cyberattacks has increased rapidly over the last twenty years, especially when compared to the era before the pandemic. According to the International Monetary Fund (IMF), the volume of cyberattacks has almost doubled since 2020. Almost a fifth of the cyber incidents reported in the last two decades come from the financial sector, with banks being the most frequent targets. The Head of the Business Risk Management business unit and Group CISO at the LLB Group, Jousry Abdel-Khalek, has also noted this trend: “In principle, our financial centre is not yet as badly affected as the American or Swiss financial centres, for example. But we have noticed an uptick over the last few years and months. We’ve picked up on more activities across all our channels, such as mobile and online banking.”
The largest American bank, JP Morgan, has published an impressive figure in this regard: it sees up to 45 billion suspicious cyber events – every day. Fortunately, attacks aren’t as common among the LLB Group, as we aren’t in cyber criminals’ sights as much as large international financial institutions. Ultimately, however, it doesn’t necessarily matter how many attacks there are, but how successful they are. Jousry therefore has mixed feelings about LLB’s activities on social media, too: “We’ve been very active on social media in recent years. I can understand why. It makes sense, because it makes our brand more significant and boosts our visibility. Of course, though, greater visibility puts us on criminals’ radar more.”
In its latest financial stability report the IMF warns that supposedly small attacks can also have major consequences. As a result, many experts see the cyber threat as being the biggest risk of all to the financial system. The industry is particularly vulnerable, as trust is one of the most important currencies in this domain: if clients’ trust is lost due to a serious attack, the worst-case outcome could be a bank run.
While the threat of cybercrime has increased so much in recent years, there is little information available about specific incidents. For this reason, the IMF also expresses regret that many companies affected by the issue keep cyber incidents under wraps due to the stigma associated with them. The downside: this silence makes it difficult to share information and makes life even easier for criminals. “It would be really important to get more information in this regard. That’s why LLB is a member of various associations and networks so we can benefit from their know-how and cooperation”, explains the Head of BRM.
In addition, the LLB Group’s “Cyber” Group project has undertaken a great deal of work in recent years to increase the bank’s ability to respond in the event of a cyberattack and to introduce new processes for continuous vulnerability analysis. This has been a success: “When the systems now behave unusually, an alarm goes off. This allows us to intervene much earlier, whether in the case of unusual network activities or even when we are attacked.”
Of course, it’s even better if our systems aren’t attacked in the first place. When it comes to naming where our security situation is most at risk, the risk expert has a clear answer: “Human beings are our biggest vulnerability. We’re all emotional and social beings. This also means that we’re sometimes too friendly and can be taken by surprise.” To this end, it’s enough if you open the door to a person you don’t know or pass on information that was not intended for disclosure. What can we do about this? “Constantly provide information, raise awareness and run training until everyone understands how important this topic is.”
In addition to the material damage done, a successful cyberattack could also tarnish the bank’s reputation: “We have a good reputation on the market as a secure and reliable bank. Building a reputation like this is difficult, but holding onto it is even harder. It’s easy to lose it.”
That’s why it’s so crucial for us all to be vigilant and careful when handling data and disclosing information.