Introductory remarks by Fabio Panetta, Member of the Executive Board of the ECB, at the seventh meeting of the Euro Cyber Resilience Board for pan-European Financial Infrastructures
For the past four years we have been working together on the Euro Cyber Resilience Board
(ECRB). With representatives from pan-European financial market
infrastructures and their critical service providers, central banks and
other authorities, this Board is a unique and powerful forum for openly
exchanging our views on cyber resilience and cyber intelligence.
Over
the past few years we have built trust among ECRB members, working
closely with one another to improve cyber resilience across the European
financial sector. The success of our intelligence sharing arrangement –
the Cyber Information and Intelligence Sharing Initiative (CIISI-EU) –
and the numerous projects we are developing together reflects this
trust.
Rather than forming a closed group catering only for
direct members, the ECRB aims to promote the efficiency and safety of
the entire European financial sector. Each ECRB member serves as an
ambassador to the financial community, conveying the Board’s proposals
for improving cyber resilience. We are transparent about the initiatives
we take, with the aim of ensuring they can be applied by other
financial stakeholders or sectors, including those outside Europe. The
publication of our CIISI documentation is one example of our openness.
Today I will discuss the cyber threat landscape we face and the ECRB’s response to it.
The evolving cyber threat landscape
The cyber threat landscape is evolving rapidly and becoming increasingly complex.
According
to some estimates, cyber risk tripled between 2013 and 2020. The
financial sector is now one of the most exposed. And research suggests
that cyber threats are a source of systemic risk for firms and markets,
with cyber risks being increasingly priced in by the stock market.
The
ECRB community reflects awareness of the need to work together to
confront the evolving cyber threats we all face. By cooperating, we can
learn and adapt more quickly.
The use of digital services and the
reliance on technology are making financial market infrastructures more
efficient but leaving them more vulnerable to cyberattacks.
We must therefore continuously improve our cyber resilience and make it
an integral part of any new project. In turn, this calls for a
sustained effort to identify and understand market dynamics.
For
example, crypto assets are increasingly being used to conduct ransomware
attacks. Crypto actors themselves are also exposed to cyber risks.
Often unregulated and having grown quickly, they are an attractive
target. And because crypto-assets are increasingly linked to the
traditional financial system, such attacks could ultimately have an impact on financial stability in the absence of adequate regulation and protection.
Exogenous factors also have an impact on the cyber threat landscape in ways that are difficult to predict.
The
Russian invasion of Ukraine is a prime example of this, with many cyber
threat actors targeting critical infrastructures. Other cyber threat
actors have used the invasion to trick individuals and companies by
carrying out phishing or other social engineering attacks.
As a
result, our CIISI-EU analysis reveals many different threats,
motivations and actors (Chart 1). Cyber threat actors attempt to exploit
information systems for a variety of reasons ranging from appropriating
funds, causing disruption, demanding a ransom or stealing sensitive
information.
Phishing, vishing, social engineering and the human
factor in general are still the main channels used by cyber attackers
to obtain access to our systems. The supply chain cyber threat to IT
service providers and vendors
observed in 2021 remains an ever-present concern in our interconnected
and interdependent infrastructures and calls for the highest levels of
due diligence....
more at ECB
© ECB - European Central Bank
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article