Cyber
Bank Negara Malaysia ‘foils’ cyber heist
Central bank assures public no funds were lost during incident involving falsified Swift messages
European cyber resilience board holds first meeting
ECB’s Cœuré will chair board consisting of major financial infrastructure companies
Co-operation key to cyber defence success, says Sarb deputy
Groepe says institutions need to ensure fintech interconnectivity does not cause system failure; new players should be held to the same security standards
Swift warns of greater cyber threats as security control deadline nears
Customers have until December 31 to implement 16 mandatory controls
DNB publishes hacking guide for cyber security exercises
“Red teams” must simulate attacks on critical functions, guide says
Philippine banks face tougher cyber rules
The Central Bank of the Philippines wants more complex banks to implement a round-the-clock “security operations centre”
G7 governors and ministers set out principles for assessing cyber security
The guidelines build on ‘Fundamental principles of cybersecurity’, published in October
FSB members press ahead with new cyber-risk rules
Over 70% of FSB members say they plan to launch new measures in the next year; private sector emphasises need for better training
‘We still don’t do the basics well’ – Chris Gale on cyber security
Central banks are doing “aggressive” and “pretty cool” things to shore up cyber defences, says former Boston Fed VP; notes more could be done in the realm of information sharing
‘Red teams’ will test cyber-security of European financial infrastructure
Bundesbank official praises “bug bounty” programmes that pay hackers to uncover vulnerabilities
Kenya’s central bank issues new cyber security guidelines
Banks will have to report breaches within 24 hours with senior management taking on a greater role
International organisations should lead the way for cyber defence – IMF paper
Working paper outlines holes in current cyber regulatory framework and urges firms to adopt reporting system to improve oversight; cyber risks should be addressed on multilateral level
RBNZ sees no need to impose prescriptive cyber-security rules now
Head of prudential supervision at central bank says it is looking to market discipline to ensure high standards
BoE needs to ‘raise its game’ on cyber threats – BoE’s Habgood
BoE’s Habgood praises institution’s cyber security but says more can be done; new multi-level defence designed to ensure critical bank systems are not breached
PRA urges insurers to act on ‘silent cyber’ risks
Watchdog urges underwriters to embrace cross-policy stress-testing to identify exposure to claims from non-specified risks
OCC warns on cyber risks from subpar patches at US banks
Regulator says banks have good track record overall, but exams reveal weaknesses
Bank of Lithuania carries out cyber security exercise
Banks passed tests but supervisors will continue to be on alert, bank says
Mark Carney ensnared by email prank
BoE chief seemingly caught off guard by the same prankster who tricked Barclays boss Jes Staley
US regulators asked to play greater role in cyber security
Financial institutions cannot battle threats on their own, the CFTC is told
Regulators told to play greater role in cyber security
Companies can’t battle threats on their own, CFTC told
Swift rolls out new cyber defences for central banks
System uses machine learning to spot patterns and anomalies, so central banks and other institutions can act early on suspicious transactions
North Korea linked to Bangladesh Bank heist
North Korean IP address used in theft, claims Russian cyber-security firm; hacker group Lazarus’ fascination with financial gain “relatively new”
Danish central bank advocates specific cyber security testing
Survey shows only 50% of financial institutions specifically test their crisis response plans against cyber attacks; cyber security needs to be backed by senior management
Researchers dig further into ‘Lazarus’ cyber attacks
Latest effort to crack case of cyber criminals unearths “fairly sophisticated” mechanism to target banks and regulators, and less sophisticated efforts to mislead investigators