19 Jun 2019
A state-backed cyber-attack could secretly corrupt the records of British financial institutions over a period of months, posing a risk that banks would probably struggle to guard against on their own, a senior Bank of England policymaker said.
Banks have focused mainly on stopping service outages, but the falsification of transaction records and other data was an even bigger danger, Anil Kashyap told lawmakers on Tuesday.
“If you wanted to do maximum damage, that is what you would probably do if you were a state actor,” he told a parliament committee.
Britain’s security services have warned about the risk of cyber-attacks by Russia and other countries, and the BoE has urged banks to boost their preparedness to avoid disruption to one of the world’s largest financial centers.
But British financial institutions might not be able to guard against this type of attack on their own, Kashyap said.
“If you think it is a state actor, I don’t know if you think any particular firm can defend itself,” he added.
Attacks on bank records would be especially damaging as it would not be easy to identify which records were accurate and which had been corrupted.
“You have this difficult situation where you have to restore the system, where you could be restoring a corrupt system,” Kashyap said.
Financial institutions also risked focusing too much on dangers that would damage their individual reputations, rather than threats to the system as a whole, such as overreliance on a handful of providers of cloud computing services.
“I don’t really care if bank ‘x’ is offline for a week, even if it’s disastrous for their share price, if the services that they provide, that are critical, can be delivered in some other way,” Kashyap said. “What is tricky is it could be the case that the (bank) board’s incentives of what to worry about are misaligned with the general incentives.”
By David Milliken, Reuters, 18 June 2019
Read more at Reuters
Count this content towards your CPD minutes, by signing up to our CPD WalletFREE CPD Wallet