by Theodoros Alogogiannis, Member of the Financial Affairs Research Team

Introduction

$81 million! That is the amount of money lost during the notorious 2016 cyber attack against the central bank of Bangladesh (Das & Spicer, 2016). Hackers, capable enough of breaking into the lightly protected Bangladeshi electronic/digital financial system, managed to send fake payment orders and steal a fortune, of which many could only dream. In addition, it is a matter of fact that cyber attacks targeting the financial sector boomed by an astonishing 238% between February and April of 2020 (Kellermann 2020). Therefore, it becomes more and more evident that cyber crime poses an imminent danger, not only to financial institutions, but also to individuals all around the globe.

Overview

This research aims at shedding light on the close relationship between cyber crime and economy. Firstly, a brief history of cyber attacks will be presented, in an attempt to follow their evolution and distinguish them. Then, the focus will be shifted on specific vulnerabilities that endanger financial entities, before the impact of cyber criminals on the economy is assessed. Finally, a few suggestions concerning the protection from online attacks will be provided, while a perspective for the future of cyber security will also be presented.

Evolution of cyber attacks

Initially, since the dawn of the internet itself, cyber attacks have been out and about, posing a threat to users and institutions alike. According to an article authored by NATO (2013), the first cyber crime ever took place in 1988 by graduate student Robert Tappan Morris (Robert Tappan Morris and the Morris worm n.d.). His creation, the so-called “Morris worm” exploited a weakness in the UNIX operating system to infect computers and slow them down, rendering them unusable in the process. However, as years passed by, technology advanced rapidly and empowered machines to an unimaginable extent. This is perfectly highlighted by the Moore’s law, which states that the number of transistors in every silicon chip doubles every year (later on, the timeframe was 2 years) (Moore’s law 2019), thus continuously improving the speed and capability of modern computers (Tardi, C 2021). For this reason, cyber attacks are increasingly becoming more and more powerful and have damaged even whole nuclear facilities, as indicated by the Stuxnet attack at Iran’s Natanz uranium enrichment site, that heavily impacted the country’s nuclear programme (What Is Stuxnet? n.d.).

Forms of illegal cyber activity

However, not all cyber crimes are the same. According to tech company Cisco (What Are the Most Common Cyber Attacks? n.d.) there is a variety of ways hackers can come up with to cause harm. One major strategy lies in the transmission of malware -or malicious software- in numerous forms, via email for example. Once access to the victim’s system is obtained, malware can block several features and demand ransom in turn, disable major functions and render the computer inoperable or simply communicate the user’s data to its creator (in this case it is called spyware). What is more, a really determined cyber criminal could exploit specific unknown security vulnerabilities in the system itself, before the software company has even identified them. In that case, the attack is denounced as a zero-day exploit. Albeit, it is not even necessary for one to have advanced computer knowledge, in order to undertake a cyber attack. For example, phishing is the practice of trying to steal sensitive personal information (such as credit card or login credentials) while pretending to be a reputable source. In fact, it constitutes one of the most common online threats nowadays (What Are the Most Common Cyber Attacks? n.d.).

Vulnerabilities of financial entities

To make matters worse, numerous firms have been found to suffer from certain vulnerabilities, when it comes to protecting their electronic systems. On the one hand, poor technical design constitutes a major challenge. The Council of Economic Advisers (2018) reports that for every 1.000 lines of code written, there are on average 25 errors, thus underpinning the security of the whole programme. Additionally, flaws related to the infrastructure of a company itself, like compromised hardware, can lead to serious invasions that are difficult to overcome. On the other hand, there are hazards lurking in the mere operations of a system. For instance, the high interconnectivity of modern banks means that the financial institutions’ chain is only as strong as its weakest link. It is reported that were one of the five most active U.S. banks to be compromised, almost 40% of the total network would be affected (Kuepper 2020). However, the greatest threat to the financial sector may in fact come in the form of state-sponsored hacking (Miller 2020), due to the fact that national agencies often have both the necessary resources and knowledge at their disposal to orchestrate attacks on such a large scale.

Cost of cyber crime

As a consequence, in a report by Lewis (2018), it is estimated that cyber crime costs the world almost $600 billion on a yearly basis. What is even more impressive, is that according to the same report, the average cost of a data breach (or data theft) reaches $3.6 million; a remarkable amount for a hit medium-sized company. Although the cost of a cyber attack can seem devastating, its true aftermath involves a far worse undermined reputation, which is bound to take a long time to be restored and may even affect the company’s stock value. Moreover, the loss of intellectual property (IP theft) or leakage of confidential information due to cyber espionage could really bring a firm to its knees (Lewis, 2018). At this point, another costly aspect of cyber crime often goes without consideration; the actual costs related to security. It is estimated that a company might have to invest up to $20.000 for protection against cyber crime (How Much Does Cyber Security Cost? Common Cyber Security Expenses & Fees n.d.). Especially, when it comes to financial entities, which Maas (2018) reports to be amongst the most threatened.

Protection against cyber criminals

All things considered, it all boils down to one question: How can firms be protected from a cyber attack? First and foremost, they are advised to invest in a variety of technologies, such as blockchain and sophisticated authentication procedures (The Council of Economic Advisers, 2018). Furthermore, it is high time information concerning possible threats was communicated via inter-firm intelligence sharing platforms, so as for companies to be updated on any latest security issues in their industry. Additionally, the ever-growing cyber insurance market could also facilitate institutions in managing and overcoming adverse cyber events. However, the public sector should implement certain initiatives for good measure. Lewis (2018) calls for increased cooperation among national law enforcement agencies with the signing of international treaties against cyber crime. Technologically developed countries should also ensure that the developing ones can keep up with the latest advancements in cyber security as inadequate protection may also put neighbouring countries in danger.

Conclusion

To sum up, computers have tremendously evolved over the past half-century, thus allowing hackers to exploit a variety of technologies, so as to attack public and private institutions alike. While cyber warfare has been planned and executed by humans to this day, this trend is most likely to change. McKeon (2019) believes that artificial intelligence (AI) systems will be the ones responsible to devise and carry out cyber attacks in the future. Indeed, those pieces of software are far more adept at analysing and invading secure networks, hence causing disruptions on a larger scale. As such, it is now up to security experts to make major breakthroughs, on the way to keeping their systems safe and sound.

Bibliography

[1] Das, K, Spicer, J 2016, ‘How the New York Fed fumbled over the Bangladesh Bank cyber-heist’, Reuters Investigates, 21 July, Available here.

[2] How Much Does Cyber Security Cost? Common Cyber Security Expenses & Fees n.d., Available here.

[3] Kellermann, T 2020, ‘Modern Bank Heists’ Threat Report Finds Dramatic Increase in Cyberattacks Against Financial Institutions Amid COVID-19, VMware Carbon Black, Available here.

[4] Kuepper, J 2020, Cyberattacks and the Risk of Bank Failures, Investopedia, Available here.

[5] Lewis, J 2018, Economic Impact of Cybercrime – No Slowing Down, McAfee, Available here.

[6] Maas, S 2018, ‘Economic and Financial Consequences of Corporate Cyberattacks’, The Digest, no. 6, p. 1, Available here.

[7] McKeon, C 2019, What Is The Future of Cyber Warfare?, VHR, Available here.

[8] Miller, M 2020, ‘Financial firms facing serious hacking threat in COVID-19 era’, The Hill, 16 June, Available here.

[9] Moore’s law 2019, The Editors of Encyclopaedia Britannica, Encyclopaedia Britannica, Available here.

[10] NATO 2013, The history of cyber attacks – a timeline, Available here.

[11] Robert Tappan Morris and the Morris worm n.d., Available here.

[12] Tardi, C 2021, Moore’s Law, Investopedia, Available here.

[13] The Council of Economic Advisers 2018, The Cost of Malicious Cyber Activity to the U.S. Economy, Available here.

[14] What Are the Most Common Cyber Attacks? n.d., Available here.

[15] What Is Stuxnet? n.d., Available here.