Banks and insurance firms: a range of initiatives to strengthen security for IT systems

Could cybercriminals throw the entire financial sector into turmoil? IT security in the banking and insurance sector is a major concern for cybersecurity experts and organizations such as the French Financial Market Authority (AMF) and the European Banking Authority (EBA).

Worries only continue to mount within the financial sector, especially after a series of hacks like the one that affected global banking network SWIFT. A report on cybercrime in Russia revealed that in 2017 hackers used the SWIFT network to steal €4.8 million from a bank in the country. And that wasn’t the first time. In recent years, multiple large-scale cyberattacks have hit .

Banks – the prime target for hackers

According to an EfficientIP survey of 1000 business across the world, several financial companies said that their DNS security was critical. Nearly 40% of firms in the financial sector reported experiencing at least 5 attacks targeting their DNS infrastructure. The survey also revealed that 34% of institutions in the sector were victims of malware attacks. Moreover, 30% of businesses were hit by hackers, with the damage estimated to be worth between €500,000 and €5,000,000.

ANSSI engages with ACPR…

Some authorities are taking these threats very seriously, specifically the French National Cybersecurity Agency (ANSSI), the French Financial Market Authority (AMF) and the French Prudential Supervision and Resolution Authority (ACPR). On January 17, 2018, ANSSI and the ACPR – the body responsible for supervising banking and insurance in France – joined forces and committed to digital security by jointly signing a letter of intent to cooperate on IT security. The banking and insurance sector are especially vulnerable to cybercrime.

“This agreement seeks to ensure regular communication between the two organizations, particularly when it comes to incidents affecting the security of IT systems. Above all, it highlights the desire for increased collaboration to enhance digital security,” ANSSI and the ACPR announced in a press release.

…and the AMF

One month after the letter of intent was signed with the ACPR, ANSSI also engaged in a similar partnership with the AMF to boost protection in the financial sector. This new agreement also intends to ensure regular communication on matters of IT security, as well to ensure cooperation in managing any potential crises.

ANSSI is responsible for responding to threats to organizations in the public and private sector, particularly concerning , and coordinating government action to protect IT systems. The AMF, on the other hand, is in charge of ensuring that financial markets run smoothly. In that capacity, it shares joint responsibility with ANSSI for digital security in this vulnerable sector.

EU directives on cloud usage          

Security is also a major concern at a European level when it comes to banks and their digital transformation. The European Banking Authority (EBA) has published guidelines on usage of the cloud in the financial sector. The EBA maintains that there are 5 conditions that need to be met before the cloud can be used in banks:

• The systems used must be auditable
• Supervisors must be aware of data hosting that is being outsourced
• Data must be hosted in the country where it is collected
• The security of the data needs to be guaranteed
• Banks need to be able to transfer the data in case of a fault with their data hosting outsourcer

The authority’s recommendations will become binding on July 1, 2018, for institutions under its supervision.

A constant concern for Oodrive

Here at Oodrive, we pay special attention to securing and protecting our customers’ sensitive information. We work with relevant organizations to continuously strengthen our applications and guarantee their level of security by obtaining the most stringent certifications.