The worst nightmare for the banking industry is a successful cyberattack against them, and now the U.S. bank executives are watching a cyberattack unfold across government agencies in what could be one of the biggest hacks in the country’s history.
However, there has yet been no clear evidence that Wall Street was a victim of the attack, which also hit Microsoft Corp.’s systems. Still, according to experts in the field, it will take many months, at a minimum, to determine how deep the infiltration is. This is a stark reminder of the risk and challenges that hang over an industry that has spent billions to strengthen up its defences in recent years.
“Based on what we have seen as of today, there has not been specific focus against the financial sector, nor have we seen reports indicating negative impact amongst our members,” the Financial Services Information Sharing and Analysis Center (FS-ISAC) said in an emailed statement according to Bloomberg.
While representatives of the biggest U.S. banks declined to comment on the attack, FS-ISAC, a network of financial firms sharing information about cyber threats, said it’s been working as much as possible with banks and its thousands of members, offering “strategic and tactical reports detailing the attack vectors and offering best practices to mitigate risk.”
According to a Deloitte & Touche LLP survey, cyber spending jumped 15% this year as all finance companies and elements have ramped up spending on cybersecurity for at least the past four years as services move online and attacks escalate, especially during the pandemic, as staff worked from home, and customers embraced online products and services. That takes the total to almost $1 billion for each of the largest U.S. banks.
Consulting firm Accenture has talked about in a report that Financial firms “have made great strides when it comes to not only preventing security attacks but also bouncing back from breaches quickly.” Banks have bolstered their securities well, so the hackers are choosing different victims.
Hundreds of Fortune 500 companies as well as Government agencies, are still analysing the damage done by the cyberattack. The attack involved code embedded in updates for a network-management software which is widely used made by SolarWinds Corp.
“It is a wake-up call for all,” said Haiyan Song, a cybersecurity expert, formerly head of security markets at Splunk Inc. “While the world has shifted to more cloud environments, software-development life-cycle management may not have been given enough attention for its security and integrity.”
The hacks point out the vulnerabilities in Washington and beyond, even as the banking sector is put on high alert for cyberattacks. When lawmakers last year questioned the chiefs of the largest U.S. banks intensely and relentlessly, State Street Corp. CEO Ron O’Hanley called cyber risk a “clear and present danger” that needs bank officials to cooperate.
One of the largest known cyberattacks against a U.S. bank involved JPMorgan Chase & Co. in 2014. It was found that more than 80 million clients of JPMorgan had data stolen when last year, a Russian hacker pleaded guilty to the charges.
However, Accenture’s latest survey of financial firms comes with a little positivity that direct cybersecurity attacks on banking and capital-markets firms fell 2% last year, and actual breaches were 25% lower.