Skip to main content

BoC urges banks to co-operate on countering cyber threats.

KACPER PEMPEL/REUTERS

Canada's interconnected banks are vulnerable to a cascading series of cyberattacks that could undermine broad confidence in the financial system, the Bank of Canada warns.

The structural vulnerability could allow for the easy spread of an initial attack that ripples into other sectors such as energy or water systems, says the bank's June financial review.

The report urges banks to co-operate on countering the threats that are not going away any time soon.

Story continues below advertisement

The former head of the U.S. National Security Agency made the same recommendation earlier this month, saying private-sector companies – including banks – have to do a better job of sharing data on attempted hacks in real time to counter the ongoing challenge.

Retired Gen. Keith Alexander told a defence industry trade show that banks have valuable metadata on attempted hacks embedded in the logs of their firewalls and sharing that information can allow them to more successfully fend them off.

Alexander suggested the 2014 cyberattack on the American bank JPMorgan Chase that affected an estimated 80 million accounts could have been prevented if banks had shared information.

Canada's central bank expressed a similar concern in its most recent update.

"The interconnectedness of the financial system could lead to rapid transmission of stress from a cyberattack," the report said.

"This is a structural vulnerability that is unlikely to go away. And because of the interconnections in the system, the public sector has a role in co-ordinating cyber defences."

While those same connected platforms allow the financial services sector to deliver efficient service, they also leave several sectors of the economy vulnerable to attack, said the bank's report.

Story continues below advertisement

"Contagion could occur through financial interconnections or common critical infrastructures in non-financial sectors, such as telecommunications, energy and utilities," it said.

"A prolonged interruption in financial services, compromised data integrity or a loss of confidence could harm the financial system with knock-on effects to the real economy."

There were eight high-profile cyberattacks on banks in 2016, the report said, including an $81-million heist at the Bangladesh Bank.

The report urges private-sector players to work together because protecting against an attack "has benefits beyond an individual institution and can be considered a public good."

The Canadian Bankers Association said recently that its members "constantly update their security systems and protocols to stay ahead of potential threats." The association urged customers to avoid opening suspicious emails and exposing themselves to ransomware, malicious software that locks a user out of their data and demands a ransom for its release.

"Canadian banks are leaders in cybersecurity and continue to invest in cybersecurity infrastructure to protect the financial system and the personal information of their customers from cyber threats," the association said in a May 31 statement.

Story continues below advertisement

However, the federal government has expressed concerns.

Public Safety Minister Ralph Goodale is mindful of cybersecurity in the financial sector, making a point of meeting on the issue in London last year with former Canadian colleague Mark Carney, now governor of the Bank of England.

"Although banks tend to be more resourced and mature than other sectors in dealing with cyber threats, there are still a number of recognized gaps throughout the sector," said an internal Public Safety note to prepare Goodale for the meeting.

It pointed out that the theft from Bangladesh's central bank was carried out by breaching the Society for Worldwide Interbank Financial Telecommunications, or SWIFT, used to authorize payments between accounts.

"This is a clear example of where the system was vulnerable," said the briefing note, obtained through the Access to Information Act.

The note also underscored the importance of identifying threats and improving the sharing of incident information.

In that vein, the independent, not-for-profit Canadian Cyber Threat Exchange aims to promptly share threat information between Canadian businesses and government agencies, as well as provide cyber threat analysis and advice for reducing risk.

Report an error
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • All comments will be reviewed by one or more moderators before being posted to the site. This should only take a few moments.
  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed. Commenters who repeatedly violate community guidelines may be suspended, causing them to temporarily lose their ability to engage with comments.

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.
Cannabis pro newsletter