The RBA’s latest Financial Stability Review listed cyberattacks as one of the top non-financial risks to the Australian economy, citing the widespread use of outdated IT systems at Australian banks as one of the vulnerabilities that hackers could exploit.
The RBA also noted that many Australian banks use the same third-party IT systems, creating a systemic vulnerability that could be used to launch an attack against multiple institutions.
Cyberattacks can impact both institutions and customers. Customers can have their identities and finances stolen, while institutions can suffer reputational damage.
“A successful attack on an institution could even lead to a lack of confidence in the banking system more generally, with potential withdrawals of funds from financial institutions and liquidity problems for the financial system,” said the deputy governor of the Bank. RBA, Michele Bullock, at the ABC Global Markets Conference. in 2018.
The lack of accurate data on cyberattacks makes it harder to determine where hackers can strike. Few institutions are willing to disclose this information due to the reputational risks involved.
The Bank of Queensland and AMP were recently victims of data breaches involving third-party suppliers and contractors. In both cases, customers’ personal data was stolen, including their driving licenses and addresses.
An opportunity to make money?
But cybercriminals aren’t the only ones to gain. In the modern world, where everything from transportation systems to homes is networked, cybersecurity is a growing industry.
The global cybersecurity market is currently worth around $197.1 billion and is expected to reach $349.1 billion by 2026.
“The demand drivers for the cybersecurity sector remain strong, and we believe investors will continue to recognize the opportunity to be part of this story and seek investment opportunities that provide access to this sector.
One of the growth areas for the cybersecurity sector is the Indo-Pacific region, where the rapid development of online financial infrastructure has driven demand for ways to protect it.
The Indo-Pacific region will account for a quarter of global cybersecurity spending by 2026, providing ample opportunities for Australian investors to expand their cybersecurity portfolios.
High technology, short lifespan
The ever-changing nature of cybercrime and the lack of awareness of how it is carried out means that few institutions are prepared for a potential attack.
“You’re constantly trying to stay up to date, but cybercriminals act a little faster. »
Large-scale cyber theft can use a number of strategies, including social engineering and phishing, as well as using “insiders” to install malware such as keyloggers that can be used to harvest data. passwords and other personal information from financial institutions.
Even the most sophisticated organizations can fall prey to cyberattacks. Low-tech intrusions can be particularly effective; An Iranian nuclear power plant was crippled when an employee inserted a USB drive infected with a US military virus into one of the plant’s computers.
“We can never give up on being as vigilant as possible,” Mr. Kirk said.
“Cybercriminals work fast and invest a lot of money and time to defeat cybersecurity. »