Companies, states, non-governmental organizations and citizens themselves fear cybercrime. But, one of the business sectors most concerned and sensitized by computer attacks is banking. They are the target of cybercriminals: more than 50% of computer attacks in Spain last year were against bank customers, according to the IX report on cybercrime in Spain, prepared by the Ministry of the Interior.
Of a total of 240,100 victims, 92,199 people suffered fraud through their bank cards, either credit or debit, and 28,863 people suffered bank fraud. The data comes from the different police forces that operate throughout Spain and from the autonomous ones, such as the Mossos d'Esquadra, the Ertzainta or the Navarre Foral Police. Every time there is an attack on the financial sector, the banks report what happened to the police, who alert citizens through social networks.
The Spanish José Manuel Campa, president of the European Banking Authority, admitted a few days ago that "cybersecurity is the highest risk that is presented to the financial sector at the moment." Faced with the rise of cybercrime, the three banking employers in Spain (AEB, CECA and Unacc) together with the Association of Financial Users (Asufin) are going to launch a television campaign to warn people never to share their bank details or passwords, nor answer suspicious emails, sms or phone calls, even if they pretend to come from your own financial institution.
Banks can be attacked on two sides: their customers and the institution's own technological infrastructure. “In the last three weeks, attacks on online banking have proliferated to disable their operations in countries such as Poland, Norway, Sweden or Finland. This phenomenon is spreading throughout Europe. And in some of these cyberattacks Russian hackers have assumed the origin”, warns Jesús Romero, partner responsible for business security solutions at PwC. They are attacks that seem to be related to the war in Ukraine and the climate of confrontation between Europe and Russia.
Hence, "the Spanish bank has raised the level of alert, which has meant a greater investment in cybersecurity," explain sources in the sector. A large financial institution has suffered this type of attack for a few hours.
A report by the consulting firm PwC shows that, worldwide, 61% of banks in 2022 planned to increase their cybersecurity budget by between 5 and 15%. That same study shows that in the banking sector, 16% of their investments in security are dedicated to uploading their information to the cloud safely and 15% to equipping themselves with technological mechanisms that detect threats in real time.
"Entities do not make public their investments in protecting themselves against cybercrime because they are very strategic data," says Marc Martínez, partner responsible for cybersecurity at KPMG in Spain.
The most common crime -explains Martínez- “in the last two years is ransomware, which consists of kidnapping the banks of their clients' data and then asking for a ransom to recover them”. "This type of ransom is paid in bitcoin so as not to identify the author," underlines the expert, although he adds that the slogan is not to pay the terrorists, but to recover the data with their own servers and backup copies.
Less mature financial institutions will have to make a greater effort to comply with DORA, the regulation on operational digital resilience that will come into force at the end of 2024 and is imposed by the European Central Bank.
"With cyberattacks on companies, terrorists make a lot of money quickly and benefit from the fact that the legislation of each country is different, which makes it sometimes difficult to follow their steps," concludes Romero.
