"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2020-08-11T17:52:41Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2020/08/11/cybersecurity-work-from-home-threat-steele-intv-firstmove.cnn"
data-branding-key=""
data-video-slug="cybersecurity work from home threat steele intv firstmove"
data-first-publish-slug="cybersecurity work from home threat steele intv firstmove"
data-video-tags="coronavirus,coronavirus pandemic,digital security,diseases and disorders,epidemics and outbreaks,flexible work arrangements,health and medical,home based employment,infectious diseases,labor and employment,life forms,microscopic life,public health,technology,telecommuting,viruses,working hours and patterns"
data-details="">
Video Ad Feedback
Remote work leads to growing concerns over cybersecurity
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2020-08-11T17:52:41Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2020/08/11/cybersecurity-work-from-home-threat-steele-intv-firstmove.cnn"
data-branding-key=""
data-video-slug="cybersecurity work from home threat steele intv firstmove"
data-first-publish-slug="cybersecurity work from home threat steele intv firstmove"
data-video-tags="coronavirus,coronavirus pandemic,digital security,diseases and disorders,epidemics and outbreaks,flexible work arrangements,health and medical,home based employment,infectious diseases,labor and employment,life forms,microscopic life,public health,technology,telecommuting,viruses,working hours and patterns"
data-details="">
Video Ad Feedback
Remote work leads to growing concerns over cybersecurity
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2022-03-22T21:58:40Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2022/03/22/cybersecurity-ceo-cyberattacks-russia-ukraine-invasion-qmb-vpx.cnnbusiness"
data-branding-key=""
data-video-slug="cybersecurity ceo cyberattacks russia ukraine invasion qmb vpx"
data-first-publish-slug="cybersecurity ceo cyberattacks russia ukraine invasion qmb vpx"
data-video-tags="business and industry sectors,business, economy and trade,computer science and information technology,continents and regions,crime, law enforcement and corrections,criminal offenses,cyber attacks,digital crime,digital security,eastern europe,embargoes and sanctions,europe,international relations,international relations and national security,malware,russia,russia-ukraine conflict,software and applications,technology,ukraine,unrest, conflicts and war"
data-details="">
Video Ad Feedback
Cybersecurity CEO: 'More targeted ransomware attacks' by Russia coming
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2021-12-14T20:51:21Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/tech/2021/12/14/us-cyber-warning-software-vulnerability-marquardt-nr-vpx.cnn"
data-branding-key=""
data-video-slug="us cyber warning software vulnerability marquardt nr vpx"
data-first-publish-slug="us cyber warning software vulnerability marquardt nr vpx"
data-video-tags="business and industry sectors,business, economy and trade,computer science and information technology,crime, law enforcement and corrections,criminal offenses,cyberterrorism,digital crime,digital security,international relations and national security,national security,software and applications,technology,terrorism,terrorism and counter-terrorism,unrest, conflicts and war"
data-details="">
Video Ad Feedback
How your device could be at risk of 'one of the most serious' cyber security threats
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2021-08-03T17:51:30Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2021/08/03/solarwinds-ceo-cybersecurity-hacks.cnnbusinesss"
data-branding-key="the-chat-with-julia-chatterley"
data-video-slug="solarwinds ceo cybersecurity hacks"
data-first-publish-slug="solarwinds ceo cybersecurity hacks"
data-video-tags="celebrities,companies,crime, law enforcement and corrections,criminal offenses,cyberterrorism,digital crime,digital security,international relations and national security,julia chatterley,national security,solarwinds,technology,terrorism,terrorism and counter-terrorism,unrest, conflicts and war"
data-details="">
Video Ad Feedback
SolarWinds CEO: Cyber threats need community vigilance
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2021-06-10T14:21:09Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2021/06/10/fireeye-ceo-cybersecurity-ransomware.cnnbusiness"
data-branding-key="the-chat-with-julia-chatterley"
data-video-slug="fireeye ceo cybersecurity ransomware"
data-first-publish-slug="fireeye ceo cybersecurity ransomware"
data-video-tags="business executives,business, economy and trade,companies,compensation and benefits,crime, law enforcement and corrections,criminal offenses,currencies,digital crime,digital currencies,economy and economic indicators,executive pay,fireeye,labor and employment,money, banknotes and coins,technology,workers and professionals"
data-details="">
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2021-06-03T22:01:48Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2021/06/03/companies-ransomware-white-house-marquardt-dnt-vpx.cnn"
data-branding-key=""
data-video-slug="companies ransomware white house marquardt dnt vpx"
data-first-publish-slug="companies ransomware white house marquardt dnt vpx"
data-video-tags="business and industry sectors,business, economy and trade,computer science and information technology,continents and regions,crime, law enforcement and corrections,criminal offenses,digital crime,digital security,eastern europe,europe,food and beverage industry,food production industry,government and public administration,government bodies and offices,malware,politics,russia,software and applications,technology,us federal government,white house"
data-details="">
Video Ad Feedback
White House urges companies to take cyberattack threat more seriously
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2021-05-11T15:04:18Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2021/05/11/ibm-ceo-cybersecurity.cnnbusiness"
data-branding-key="the-chat-with-julia-chatterley"
data-video-slug="ibm ceo cybersecurity"
data-first-publish-slug="ibm ceo cybersecurity"
data-video-tags="companies,government organizations - us,ibm,nasa,space and astronomy,us federal departments and agencies,us government independent agencies"
data-details="">
Video Ad Feedback
IBM CEO: Cybersecurity needs to be a collective effort led by government
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2020-03-13T12:12:56Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2020/03/12/sim-swap-hacker-stole-one-million-sg-orig.cnn"
data-branding-key="unhackable"
data-video-slug="sim swap hacker stole one million sg orig"
data-first-publish-slug="sim swap hacker stole one million sg orig"
data-video-tags="business and industry sectors,business, economy and trade,consumer electronics,consumer products,crime, law enforcement and corrections,criminal offenses,digital crime,digital security,electronics,mobile and cellular telephones,mobile technology,technology,telecommunications industry,wireless carriers,wireless industry"
data-details="">
Video Ad Feedback
A hacker stole $1 million from him by tricking his cell phone provider
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2019-07-23T12:00:39Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2018/09/25/biggest-data-breaches-equifax-orig.cnn-business"
data-branding-key="unhackable"
data-video-slug="biggest data breaches equifax orig"
data-first-publish-slug="biggest data breaches equifax orig"
data-video-tags="banking, finance and investments,big data,business and industry sectors,business, economy and trade,companies,computer science and information technology,consumer credit reporting,consumer loans and credit,credit cards,crime, law enforcement and corrections,criminal offenses,digital crime,digital security,equifax incorporated,information management,linkedin corporation,oath (company),personal finance,target corp,technology,yahoo inc"
data-details="">
Video Ad Feedback
5 of the biggest data breaches?
01:43
Now playing
- Source:
CNN Business
Editor’s Note: This article has been edited from its original version. It was originally published in its entirety in the International Monetary Fund’s Spring 2021 issue of Finance & Development magazine. Tim Maurer is the former director of the Cyber Policy Initiative and a senior fellow in the Carnegie Institute of International Peace’s Technology and International Affairs Program. Arthur Nelson is a research analyst for the Carnegie Endowment for International Peace’s Cyber Policy Initiative. The opinions expressed in this commentary are their own.
Today, the assessment that a major cyber attack poses a threat to financial stability is axiomatic— not a question of if, but when. Yet the world’s governments and companies continue to struggle to contain the threat because it remains unclear who is responsible for protecting the system.
Increasingly concerned, key voices are sounding the alarm. In February 2020, Christine Lagarde, president of the European Central Bank and former head of the International Monetary Fund, warned that a cyber attack could trigger a serious financial crisis. In April 2020, the Financial Stability Board (FSB) warned that “a major cyber incident, if not properly contained, could seriously disrupt financial systems, including critical financial infrastructure, leading to broader financial stability implications.” The potential economic costs of such events can be immense and the damage to public trust and confidence significant.
Two ongoing trends exacerbate this risk. First, the global financial system is going through an unprecedented digital transformation, which is being accelerated by the Covid-19 pandemic. Banks compete with technology companies; technology companies compete with banks. Meanwhile, the pandemic has heightened demand for online financial services and made work-from-home arrangements the norm. Central banks around the globe are considering throwing their weight behind digital currencies and modernizing payment systems.
Second, malicious actors are taking advantage of this digital transformation and pose a growing threat to the global financial system, financial stability and confidence in the integrity of the system. The pandemic has even supplied fresh targets for hackers. The financial sector is experiencing the second-largest share of Covid-19-related cyber attacks, behind only the health sector, according to the Bank for International Settlements.
Who is behind the threat?
The malicious actors behind these attacks include not only increasingly daring criminals — such as the Carbanak group, which targeted financial institutions to steal more than $1 billion during 2013-2018 — but also states and state-sponsored attackers. North Korea, for example, has stolen some $2 billion from at least 38 countries in the past five years.
This is a global problem. While cyber attacks in high-income countries tend to make headlines, less attention is paid to the growing number of attacks on softer targets in low- and lower-middle-income countries. Yet it is in those countries where the push toward greater financial inclusion has been most pronounced, leading many to leapfrog to digital financial services such as mobile payment systems. Although they do advance financial inclusion, digital financial services also offer a target-rich environment for hackers.
An international strategy
To achieve more effective protection of the global financial system against cyber threats, the Carnegie Endowment for International Peace released a report in November 2020 titled “International Strategy to Better Protect the Global Financial System against Cyber Threats.”
Developed in collaboration with the World Economic Forum, the report recommends specific actions to reduce fragmentation by fostering more collaboration, both internationally and among government agencies, financial firms and tech companies. The strategy is based on four principles:
Greater clarity about roles and responsibilities is required. Only a handful of countries have built effective domestic relationships among their financial authorities, law enforcement, diplomats, other relevant government actors and industry. Existing fragmentation hampers international cooperation and weakens the international system’s collective resilience, recovery and response capabilities.
International collaboration is necessary and urgent. Given the scale of the threat and the system’s globally interdependent nature, individual governments, financial firms and tech companies cannot effectively protect against cyber threats if they work alone.
Reducing fragmentation will free up capacity to tackle the problem. Many initiatives are underway to better protect financial institutions, but they remain siloed. Some of these efforts duplicate each other, increasing transaction costs. Several of these initiatives are mature enough to be shared, better coordinated and further internationalized.
Protecting the international financial system can be a model for other sectors. The financial system is one of the few areas in which countries have a clear shared interest in cooperation, even when geopolitical tensions are high. Focusing on the financial sector provides a starting point and could pave the way to better protection of other sectors in the future.
Among actions for strengthening cyber resilience, the report recommends that the FSB develop a basic framework for supervising cyber risk management at financial institutions. Governments and industry should strengthen security by sharing information on threats and by creating financial computer emergency response teams (CERTs), modeled on Israel’s FinCERT.
Financial authorities should also prioritize increasing the financial sector’s resilience against attacks targeting data and algorithms. This should include secure, encrypted data vaulting that allows members to securely back up customer account data overnight. Regular exercises to simulate cyber attacks should be employed to identify weaknesses and develop action plans.
To reinforce international norms, the report recommends that governments make clear how they will apply international law to cyberspace and strengthen norms to protect the integrity of the financial system. Responses can include sanctions, arrests and asset seizures.
Governments can support these efforts by establishing entities to assist in assessing threats and coordinating responses. Intelligence gathering should include a focus on threats to the financial system, and governments should share such intelligence with allies and like-minded countries.
Building capacity
The comprehensive strategy outlined in the Carnegie report depends in turn on building the cybersecurity workforce, expanding the financial sector’s cybersecurity capacity and safeguarding gains in financial inclusion that have resulted from the digital transformation.
Elevated unemployment due to the pandemic provides an important opportunity for training and hiring talented people to strengthen the cybersecurity workforce. Financial services firms should invest in initiatives to build the talent pipeline, including high school, apprenticeship and university programs.
Building cybersecurity capacity also means focusing on providing assistance where it is needed. The IMF and other international organizations have received many requests for cybersecurity assistance from member states. G20 governments and central banks could create an international mechanism to build cybersecurity capacity for the financial sector, with an international agency such as the IMF designated to coordinate the effort. The Organisation for Economic Co-operation and Development and international financial institutions should make cybersecurity capacity-building an element of development assistance packages and should significantly increase assistance to countries in need.
Finally, maintaining progress in financial inclusion requires strengthening cybersecurity. This is particularly urgent in Africa, with many countries on the continent experiencing a significant transformation of their financial sectors as they extend financial inclusion and move to digital financial services. A network of experts should be created to focus specifically on cybersecurity in Africa.
The time has come for the international community — including governments, central banks, supervisors, industry and other relevant stakeholders — to come together to address this urgent and important challenge. A well-thought-out strategy, such as the one above, provides a blueprint for turning words into action.