Mexico cenbank emphasizes cyber threats to stability
Mexico’s central bank warned that technology-based attacks are “the most relevant challenge facing” the financial system today.
Central bank governor Alejandro Díaz de León said IT-based attacks were particularly relevant due their “potential, systemic impact and speed of infection,” with nine major cyberattacks so far in 2019 causing almost 785mn pesos (US$40.5mn) in damage.
As such, the threat to information today has replaced the threat to liquidity of 25 years ago.
In his report on the state of the financial system, Díaz de León also said that while the system is well prepared to confront a peso crash similar to that of 1994, the surge in cyberattacks requires urgent attention.
According to the report, the biggest attack occurred in May. It targeted systems used by investment banks and the attackers stole 462mn pesos.
That attack, reported the central bank, was allegedly executed by third-party personnel inside the institution, utilizing a flawed batch deposit system that allowed false deposits over three days.
The central bank stepped up its prevention efforts following a highly publicized attack on commercial banks in April 2018 that cost institutions some 300mn pesos.
In July 2018, it issued memoranda with new rules for using cryptocurrencies, and requirements at banks to step up internal security to protect other institutions utilizing the national inter-institutional electronic payments system (SPEI).
As part of the new rules, banks had to increase efforts to determine the trustworthiness of employees handling SPEI transactions, requiring participants to establish and implement tests of trust and integrity both with internal personnel and any third parties they are working with in relation to the SPEI.
Yet, reports of information-based attacks have been growing in line with the number of incidents financial institutions reported to the authorities, from 1 per quarter in 2018 to 4 per quarter in 2019, according to the central bank.
“In addition to registering a greater number of attacks, it was observed that the affected services were more diverse, from electronic transfers to ATMs and, similarly, the means of computer attacks were also varied, including software violation, fraudulent operations executed by third parties working inside the institution, password theft, abuse of deficiencies in the validation of balances, equipment breach of telecommunications, among others,” added the central bank.
The surging attacks on the financial system are also reflected in business perception of cybersecurity in Mexico.
In Kroll consultancy’s latest fraud and risk report, Mexican respondents listed data theft as the largest risk today (89%), while the threat of large-scale, coordinated cyberattacks was second at 71% along with the risk of a breakdown intergovernmental mechanisms for dispute resolution, free trade, and so on.
“In the wake of high-profile cyberattacks on the national financial system and elsewhere, respondents in Mexico are less confident than most in their cybersecurity (68% vs. 81% globally) and have almost universally prioritized mitigating against data theft (89% vs. 76% globally),” the report said.