Waiting for the ‘big one’
Certainly, the warning signs are hard to ignore. In its 2018 Global Risks Report, the World Economic Forum cited cyber-security and fraud among the leading threats for the entire world, not just for the finance sector. "Cybersecurity risks are growing, both in their prevalence and in their disruptive potential. Attacks against businesses have almost doubled in five years, and incidents that would once have been considered extraordinary are becoming more commonplace," it warned.
The sophistication of threat actors is increasing at a seemingly exponential rate. Massive data breaches are a frequent, most probably daily, event. And the expansion of the Internet of Things means almost everything can be used as a weapon in a cyber-security attack, and anybody could be a target. At eight billion-plus and rising, the number of devices connected to the internet already exceeds the global human population, and is predicted by Gartner to surge to 20 billion by 2020.
But are we still waiting for the ‘big one’, the seismic ‘cyber 9/11’ event that changes everything? Do we have the tools, the collective mind set and legal provision to withstand this cyber-geddon tsunami, especially if it targets central infrastructures, including those supporting financial services?
Risk levels are mounting, but so are the resources and skills being deployed against attacks. As the number and range of threats to our infrastructures continues to rise, our vulnerability is further exposed by the increasing pace and interconnectedness of digitised networks. A report from the International Risk Governance Council recently highlighted the difficulties of dealing with "complex risks in systems characterised by feedback loops, tipping points and opaque cause-and-effect relationships that can make intervention problematic".
But collective preventative and defensive action is also on the rise. Market infrastructure operators, government agencies and service providers are working increasingly closely, coordinating on large-scale security exercises and sharing information through organisations such as the Financial Services Information Sharing and Analysis Center (FS-ISAC). SWIFT’s own ISAC is increasingly central to industry efforts to maintain vigilance and develop best practice.
These industry coordination efforts have been effective to date, but there is no room for complacency. The need for cybersecurity staff is so intense that PwC has predicted the number of unfilled positions in the US alone will reach 1.5 million next year. Join fellow delegates in the plenary room at 11am Tuesday October 22, as moderator Ed Johnson, Bloomberg’s managing editor for Australia and New Zealand, explores these issues in depth with our panel of experts:
- Jacqueline McNamara, head of cyber security, Telstra
- Alastair MacGibbon, deputy secretary and national cyber security advisor, Australian Department of Home Affairs
- Troy Hunt, independent security architect
- Stanislav Kuznetsov, deputy chairman, executive board, Sberbank
Find out more from our expert panel in the Plenary Room at 11am on Tuesday, 23 October.
Preview the other Sibos 2018 Big Issue Debates here: