Britain's financial firms need to pull together to fight cyber crime, working with government and law enforcement to attack criminals' infrastructure and put them out of business, a report by KPMG and industry body UK Finance said on Monday.
The report argues the growing threat cyber crime poses to the financial sector cannot be countered just by spending more money, and that a revamped approach is needed. This includes working together and with governments and law enforcement to render the markets, tools and systems cyber criminals use ineffective, it said.
"(That) imposes cost on them (the criminals), because they then have to reconstruct that botnet, those phishing sites," said David Ferbrache, technical director and head of cyber and space at KPMG. "For us it's very much a bit of a call to arms across the community ... There's a lot more we can do," he said.
Some groups, such as the Cyber Defence Alliance, whose members include some of the world's biggest banks, are already doing this, but different initiatives need to be linked up, report authors Ferbrache and Dan Crisp, interim director of technology and digital policy at UK Finance, told Reuters. Cyber crime is big business, with the global impact exceeding $450 billion a year, and is now second only to political risk in terms of challenges facing the financial sector, according to the report.
The attack on the Bank of Bangladesh in 2016, where hackers made off with $81 million, shows the growing sophistication of attacks on financial firms, it said. Banks' cyber chiefs have also warned that tools previously only available to nation states are now being used by criminals.
While UK banks alone spent $360 million on IT in 2016, it continued, approaches are often slow and constrained by regulation relative to the methods used by cyber criminals, who can operate beyond borders and the law and are constantly updating their methods.
This requires a quicker and more collaborative response, both within and among affected firms and law enforcement and governments, the report said. "Ultimately, the financial sector as a community needs to organise this themselves," said Ferbrache.