Sibos 2018: is a cyber 9/11 event inevitable?

Written by Henry Vilar
25th October 2018

Back in July, FinTech Futures attended the International Cybersecurity Congress in Moscow, where Dmitry Samarstev, CEO of Sberbank’s cybersecurity subsidiary Bi.Zone, told us that its work with international organisations like the Wold Economic Forum or Interpol would set standards on the future of the fight against cybersecurity.

As the biggest bank in Russia, Sberbank and its subsidiaries are in a privileged position to monitor, analyse and share information from the Russian-speaking cybercrime community, the largest and most sophisticated one.

A few months later, in Swift’s Sibos conference in Sydney, his message resonates in a theatre with a much more international audience. He calls for communication, information sharing, and collaboration to fight the growing threat, which nearly triples in capacity, from darkweb organised cybercrime.

“Is a cyber 9/11 event inevitable?” the panellists are asked. Troy Hunt, Aussie independent cybersecurity consultant, paints the horrifying picture of a mass loss of service that could affect business and daily life worldwide in a large scale.

Hunt reminisces, like a veteran dealing with PTSD, of last year’s WannaCry’s attack, which left some services within the UK’s National Health Service inoperative for a few days. Patients couldn’t schedule appointments, surgeries were postponed … what is even worse for many, two years ago, Petnet’s Internet of things (IoT) devices malfunctioned, which had some pets not being fed for over ten hours.

Samarstev explains the worst likely attack scenario for a company is becoming victims of several types of attacks simultaneously such as DDoS and social media manipulation. This may prompt many customers to withdraw their money, which would create myriad problems with cash flow and liquidity, among other things. For an in-depth explanation of how organised cyber-attacks operate, read our reports from Moscow’s ICC on the FinTech Futures website.

A “cyber 9/11 event”, however, would largely disrupt organised crime’s business model – they thrive when these gangs can steal money from running functional networks. So, as the audience poll revealed, nation states would be the most likely threat in perpetrating an attack of this kind.

But the threat of these is overstated, Samarstev said in a follow-up interview with Daily News at Sibos. “Spies will spy, and they will find ways to do so. How governments can access your data through back doors is mostly all hype. Yes, it may happen, but it is nothing in comparison to the threat organised cybercrime entails. We need to do something about it before the damage they do gets out of hand.”

“Even the idea that the NotPetya attack was Russia-sponsored doesn’t make sense – the largest target was Russia’s biggest oil company,” he points out. “Surely government-sponsored attacks could do a better job than that?”

Nevertheless, in Samarstev’s words, “even if nation states are attacking us, we can’t even consider it.” These words resonate, as Samarstev’s calls for collaboration often meet deaf ears, as collaboration among the many and disparate law-enforcement agencies across the world is sometimes thwarted by political obstacles.

This is not something that happens in the cybercrime community. As Jacqueline McNamara, head of cybersecurity at Telstra, Australia’s largest telecom, explains, cybercriminals are not short of incentives to share information and communicate about how regulations, technology, tools and other information that might aid them in launching an attack successfully.

Increasingly, the lack of communication and collaboration channels prevents criminals from being caught. “Many companies can easily identify the criminals themselves, but we can’t catch them ourselves. We need law-enforcement agencies to do that for us,” says Samarstev.

Samarstev concludes: “The industry, in terms of cybersecurity, is clearly not doing enough about it. We can get all the best tech, but we won’t be able to fight off all these attacks if the whole industry doesn’t learn how to behave towards them. It’s like buying a Ferrari and not knowing how to drive.”

Sibos is a great place to kick off the necessary collaboration. Swift’s network is connected to many banks, and it can be the igniting factor to roll out a process of communication and collaboration among financial institutions.

“There’s not much I can do at a governmental level, other than keep putting pressure so law-enforcement agencies start to talk to each other,” states Samarstev with a sigh. “I just hope that, when it comes to it, they talk to tech companies to get the practical expertise to apply in anti-cybercrime efforts.”

Click here to see more of what’s going on at Sibos, including our flagship Daily News at Sibos editions.