The Maltese public was negatively impacted this week by a cyberattack on one of Malta’s leading banks – Bank of Valletta (BOV). This occurrence raised questions as to whether the Maltese banking system is at risk, what is the probability that something similar will happen again to one or more local banks, and whether similar instances have been reported internationally.

The term ‘cybercrime’ refers to illegal acts, whereby the computer is either a tool, a target or both and involves the use of information and communication technologies.

Various reports commissioned worldwide do conclude that all evidence points to the fact that organisations such as banks and financial institutions among others, are more likely to be the targets of such attacks. This is because of the nature of the business they operate in.

Cybercriminals gain remote access to systems such that they can administer and manipulate data. The result of this unlawful act can yield one or more of the following adverse effects – financial losses by making false transactions, steal confidential information, hindering the organisation’s day to day operations or dent the firm’s public image. BOV was at the receiving end of false and malicious transactions, which resulted in an attempt for capital outflows towards international banks worth a total of €13 million.

The immediate detection, action and recovery of the bank has ensured that the Bank’s reputation has remained intact and has provided reassurance that the local system deals with such threats seriously.

Digitalisation and the ever-increasing electronic methods adopted in financial markets worldwide, has in the past decade, spared no continent from cyber-attacks. Banks in the United States (US), including Bank of America, JPMorgan Chase and Citigroup among others reported a cyber-attack in 2012, while European counterpart, Royal Bank of Scotland, also suffered from a cyber attack on its online services in 2015. Incidents of cyber crime were reported in Russian banks in 2016 and HSBC a year later, while Asian, African and Australian cyber crime occurrences were registered in recent years.

The risk of internet-based crime on financial services can never be overstated. Attempts to prevent such criminal acts cost financial services firms more to address than firms in any other industry. The seriousness and magnitude of this threat is supported by the fact that, among financial services firms in the US, banks lost $16.8 billion to cybercriminals in 2017. Unsurprisingly, the US Treasury views cyber attacks as one of the key threats to financial stability and that cyber security is one of the most important sustainability issues for the financial services sector.

According to a White Paper to the industry issued in March 2018 by Oliver Wyman Management Consulting Company, in collaboration with the Depository Trust & Clearing Corporation, a capital market company, the difficulties to deal with a cyber attack are represented by three main factors. The first factor is that of detection, as it is difficult to identify that an attack has occurred, while the inability to respond in an effective manner to such attacks follows suit. 

The latter is brought about by the level of interconnectivity between financial institutions around the globe. Last but not least comes recovery. It is, in fact, no easy task to identify and revert back to the ‘last known good’ state of data, as this comes at a financial cost and is also time consuming.

The risk of internet-based crime on financial services can never be overstated

Following the detection of suspicious international transactions to banks in the UK, US, Czech Republic and Hong Kong shortly after the start of business on Wednesday morning, BOV responded in an effective manner by, first of all, confirming that this was indeed a cyber attack and by immediately shutting down all of its operations to contain damages. Correspondent banks were informed straight away and the process to reverse the €13 million worth of transactions was initiated.

The bank worked overnight to resume its operations as soon as possible and managed to do so for practically all of its areas of business less than 24 hours after the detection of the cyber attack. 

The local banking industry was safeguarded further by the action of another bank, APS Bank, which decided to suspend some services as a precautionary measure, due to the interdependence of some of its systems on BOV.

More information in relation to the nature of this attack on BOV is to be expected as we go along. From a trading perspective, the equity’s price has remained stable and unaffected by the recent events. At the time of writing, the price declined by a mere €0.01, to €1.27, from Wednesday’s opening price.

Reputable financial institutions around the world, including Malta, have their own audit teams to supervise and implement internal checks and balances, as well as external security consultants who help in the optimisation of cybersecurity.

European financial regulators – the Malta Financial Services Authority (MFSA) in Malta – follow European Central Bank (ECB) guidelines in this regard and act as supervisors on industry stakeholders in order to ensure that systems are in place to mitigate risk factors.

As technology is developing at a fast pace, firms invest heavily in cyber security systems to try and be one step ahead of attackers with malicious intent. They also invest resources in having personnel constantly trained and share information of threats encountered with their industry peers. This helps maintain an intact level of trust in the industry in spite of the fact that cyberattacks are nowadays a global issue and are, therefore, not boundary restricted.

This article was prepared by David Baldacchino, MSc Wealth Management (Edinburgh), B.Com (Hons) Banking and Finance (Melit.), DipFA, is investment adviser at Jesmond Mizzi Financial Advisors Limited. This article does not intend to give investment advice and the contents therein should not be construed as such. The company is licensed to conduct investment services by the MFSA and is a member of the Malta Stock Exchange and a member of the Atlas Group. The directors or related parties, including the company, and their clients are likely to have an interest in securities mentioned in this article. Investors should remember that past performance is no guide to future performance and that the value of investments may go down as well as up. For further information contact Jesmond Mizzi Financial Advisors Limited of 67, Level 3, South Street, Valletta, on 2122 4410 or e-mail david.baldacchino@jesmondmizzi.com

www.jesmondmizzi.com

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.