EBF addressing challenges in cybersecurity

Safeguarding the integrity of banking networks and the trust of customers in that banks keep their assets and personal data secure has become a very demanding task in which significant amounts of money are invested. In the fight against cybercrime, challenges emerge not only by the multiple modi operandi of the attackers but also by the often overlapping regulations stipulating the actions that banks must take to identify, report, mitigate and prevent cyber risk.

Against this backdrop the European Banking Federation’s work on cybersecurity is focused mainly on:

Intelligence sharing

The EBF promotes industry initiatives to create cyber intelligence sharing platforms, while working closely with Europol’s cybercrime centre (EC3) to facilitate communication with the sector. The recent Wannacry and (not)Petya ransomware attacks - the former having affected thousands of computers in over 150 countries - highlighted once again that cybercrime has no borders. Evidently, the quicker an organization can share information on a cyber threat, the better chances other organizations have to protect their systems. However, sharing of cyber threat intelligence between the industry, law enforcement agencies and other stakeholders often stumbles on legislative fragmentation mainly related to the kind of data that may or may not be shared.

Incident reporting

The EBF promotes industry initiatives to create a common taxonomy for reporting by facilitating the exchange of information and practices between its members and maintaining a dialogue with supervisory and regulatory bodies in the EU.  The European regulatory framework (NIS Directive, PSD2, GDPR, ECB reporting framework) and various national legislations have introduced requirements as to the reporting of cyber incidents by banks. This has created a complex reporting grid where a bank has to report an incident to national and European authorities, in different timeframes and with different or overlapping data.

Awareness and digital skills

More often than not, the weak link in cyberattack prevention is the human factor: us. While attacks constantly evolve, most of us lack even basic knowledge of how to protect ourselves once we go on-line. Using the same password for multiple accounts, failing to download software updates, neglecting to install protection software, opening email attachments from unknown senders make us and the organizations in which we work easy targets. With a view to enhance the digital skills of existing and future customers and employees, the EBF promotes or jointly creates awareness-raising campaigns and events (notably with EC3 and ENISA) and has become a member of the Digital Skills & Jobs Coalition. Looking ahead, EBF will add digital literacy to its financial literacy initiatives (e.g. the European Money Week).

As a partner in ENISA’s European Cybersecurity Month, celebrated every October, the EBF organized its cybersecurity conference with the title “Managing Risk. Deploying Awareness” on 10 October to explore these challenges. We look forward to turning this conference into our annual meeting point for cybersecurity in banking.

Alexandra Maniati, Senior Policy Adviser, Social Affairs & Cybersecurity @ European Banking Federation