David Johnston is a former commander at Scotland Yard specializing in investigating economic crime and now runs Commander Solutions, which advises clients on crisis management and anti-fraud strategies. The internet, though only 22 years old, has arguably triggered the most important development in financial markets for many years.
It offers many benefits and opportunities to banks and their customers but there is a negative side: technology is being exploited by criminals.
This hit the headlines recently when 12 men were arrested over an attempt to take control of a Santander bank computer and steal millions of pounds.
In a separate case, police arrested eight people last week saying a gang had stolen £1.3million by hijacking computers at a Barclays branch.
But banks and central banks are assailed by many cyber-threats that never become public.
And if a serious attack is not thwarted, it could damage not just individual banks, but the financial system as a whole.
The first challenge is to deliver effective regulation to police the electronic highways. No one should be under any illusion about the difficulty of that task. Networks are now mainly privately owned and managed and are international. This raises significant challenges, including questions about sovereignty and how to ensure compliance across national boundaries.
The speed at which technology grows and the rapid introduction of new services mean that regulation is quickly overtaken and rendered impotent. The only solution is a fundamental change in the way that governments, corporations and individuals look at the internet.
Senior managers are increasingly aware of the need for information security, but they also need to focus on the internal threat.
The loss or removal of customers’ personal data has had a massive impact on blue-chip organizations. These incidents are often covered up by blaming the internet or some technical error, so it is not easy to assess the problem. But the growing use of online services will add to the potential for disaster.
Organizations need to put greater effort into training staff to guard against this. There are greater threats than those caused by human error.
Whistle-blowers, such as Edward Snowden, are usually associated with exposing governments, but some financial organizations report infiltration by anti-capitalists who have tried to steal sensitive information.
Whether the target is the public or private sector, the financial damage can be measured in the tens of millions of dollars.
A further danger, particularly in financial markets, comes from fraud and embezzlement and from insiders, usually disgruntled employees who believe themselves wronged by their company. Effective vetting can help, but often companies don’t help their own industry.
The sacked individual can get another job because his previous employer is unwilling to report what has happened for fear of reputational damage. But any anti-fraud strategy must also involve customers, many of whom are uninformed and can provide the criminal with an easy way into an institution.
The criminals understand this all too well, with frequent internet users receiving – according to one recent survey – at least one infected email or attempt to infiltrate their system every week. The problem is compounded because networks are becoming increasingly interconnected.
People no longer connect just via their home addresses but also on tablets, phones and hand-held computers via internet cafes and Wi-Fi hotspots. This dispersed infrastructure makes it more important for customers to understand the security implications.
To date, government regulation has focused on private companies and corporations rather than users. That has to change.
The best way to involve users is to add security to their tariffs, with those who refuse to use up-to-date antivirus or firewall security being declined or charged more – this is, after all, how the insurance market assesses and manages risk.
A longer version of this article appears in Quantum – Finance in Perspective.