Last March, Operation Taiex led to the arrest of the gang leader behind the Carbanak and Cobalt malware attacks on over 100 financial institutions worldwide. This law enforcement operation included the Spanish national police, Europol, FBI, the Romanian, Moldovan, Belarusian, and Taiwanese authorities, as well as private cybersecurity companies. Investigators found out that hackers were operating in at least 15 countries.
We all know that money moves quickly around the world. As Operation Taiex shows, cybercrime is doing the same, becoming increasingly able to collaborate rapidly across borders.
To create a cyber-secure world, we must be as fast and globally integrated as the criminals. Facing a global threat with local resources will not be enough. Countries need to do more internally and internationally to coordinate their efforts.
To begin, the private sector offers many good examples of cooperation. The industry deserves credit for taking the lead in many areas—developing technical and risk management standards, convening information-sharing forums, and spending considerable resources. International bodies, including the Group of 7 Cyber Experts group and the Basel Committee, are creating awareness and identifying sound practices for financial sector supervisors. This is important work.
But there is more to be done, especially if we take a global perspective. There are four areas where the international community can come together and boost the work being done at the national level:
First, we need to develop a greater understanding of the risks: the source and nature of threats and how they might impact financial stability. We need more data on threats and on the impact of successful attacks to better understand the risks.
Second, we need to improve collaboration on threat intelligence, incident reporting and best practices in resilience and response. Information sharing between the private and public sector needs to be improved—for example, by reducing barriers to banks reporting issues to financial supervisors and law enforcement.
Different public agencies within a country need to communicate seamlessly. And most challenging, information sharing between countries must improve.
Third, and related, regulatory approaches need to achieve greater consistency. Today, countries have different standards, regulations, and terminology. Reducing this inconsistency will facilitate more communication.
Finally, knowing that attacks will come, countries need to be ready for them. Crisis preparation and response protocols should be developed at both the national and cross-border level, so as to be able to respond and recover operations as soon as possible. Crisis exercises have become crucial in building resilience and the ability to respond, by revealing gaps and weaknesses in processes and decision making.
Connecting the global dots
Because a cyberattack can come from anywhere in the world, or many places at once, crisis response protocols must be articulated within regions and globally.
That means the relevant authorities need to know “whom to call” during a crisis, in nearby and, ideally, also in faraway countries. For small or developing countries, this is a challenge that needs international attention. Many rely on financial services or correspondent lines provided by global banks for financial connection. Developing cross-border response protocols will help countries understand their respective roles in a crisis and ensure a coordinated response in the event of a crisis.
The Group of 7 countries has made an excellent start at building collaboration on cybersecurity, but this effort needs to be broadened to each and every country.
Here the IMF can play an important role. With a much broader representation than most of the standard-setting institutions, the IMF has the ability to raise the concerns of emerging-market and developing countries to a global level. Because any place is a good place to start an attack, it is in the ultimate interest of advanced economies to work with other countries to share information, coordinate actions, and build capacity.
At the IMF, we work with countries that need to build this capacity, developing the skills and expertise needed to recognize and effectively counter cybersecurity threats. Our international partners are doing the same, and we work regularly with an array of stakeholders in the public and private sector.
Successful cyberattacks have the potential to hamper financial development by creating distrust, especially if personal and financial data are compromised.
If we want to reap the benefits of new technologies that can develop markets and expand financial inclusion, we have to preserve trust, and ensure the security of information and communications technologies. With cybersecurity, there is always more to be done simply because the pace of change is breathtakingly fast.
Written by David Lipton for IMF