Cyberattacks are one of the top three operational risks that banks face, according to the Office of the Comptroller of the Currency, highlighting a type of email scam that the agency says has cost businesses more than $2.3 billion over the past couple of years.
“Operationally, banks are dealing with existing and constantly evolving cybersecurity threats and increasingly rely on third parties for essential services,” Comptroller of the Currency Thomas J. Curry said, rolling out the OCC’s Semiannual Risk Perspective this week. The report adds “resiliency planning” to that list of operational risks.
“These areas require heightened management attention and continuous vigilance,” Curry said.
In the twice-yearly report, the regulator references “[r]ecent cyber attacks against interbank networks and wholesale payment systems” — i.e. the SWIFT attacks — saying they demonstrated the high-end capabilities of cybercrime gangs.
The report also notes that “[c]yber criminals increasingly target businesses, including banks and their customers, using social engineering attacks on … employees that request expedited wire transfers to pay phony vendor invoices.”
Known as business email compromise, or BEC, such attacks cost businesses globally more than $2.3 billion from October 2013 through February 2016, according to the report.
“Banks may not adequately incorporate resiliency considerations, including recovery from cyber events, into their overall governance, risk management, and strategic planning processes,” states the report.