Israel leads multinational financial sector cyberattack simulation
Dubbed “Collective Strength”, the simulation included treasury officials from 9 other countries as well as representatives from the World Bank, the IMF and BIS
Mandi Kogosowski
| 12/12/2021
Israel financial-cyber officials take part in a simulation of a major cyber attack on the global financial system with 9 other countries, the World Bank and IMF at the Finance Ministry in Jerusalem December 9, 2021 REUTERS/ Ammar Awad
On average, a financial services employee has access to nearly 11 million files the day they walk in the door, with the number rising to 20 million in large organizations. Nearly two-thirds of financial services companies have over 1,000 sensitive files open to every employee, and over 350 thousand sensitive files per organization. This, according to data compiled by data security company Varonis.
In short, this means that the financial sector is an endless pool of resources for cybercriminals, who can get their hands on lots of information – and potentially lots of money paid as ransom. A recent Sophos survey discovered that 34% of financial services were hit by ransomware in 2020, and 51% of the organizations impacted said that the attackers succeeded in encrypting data. Out of those, 25% paid the demanded ransom.
And so last week, a group of countries and global financial instituted gathered to improve their combat tactics in this ongoing war, led by Israel – whose Ministry of Finance orchestrated an international simulation of a major cyberattack on the global financial system.
Dubbed “Collective Strength”, the simulation included treasury officials from the US, UK, Austria, Switzerland, the UAE, Germany, Italy, Thailand and the Netherlands, as well as representatives from the World Bank, the International Monetary Fund, and Bank of International Settlements (BIS).
According to Reuters, which first reported on this, the simulation featured several types of attacks that impacted global foreign exchange, bond markets, liquidity and more, with the scenario caused by “sophisticated players”.
“This unique, groundbreaking exercise heightened the importance of a coordinated global action of governments together with central banks,” said Shira Greenberg, Chief Economist at the Israeli Ministry of Finance, as quoted on local news site Ice.
Yoni Mor, Head of the Cyber Emergence and Security Division at the Ministry, was quoted by the same outlet as saying that the simulation “made it clear that coordination, trust, and willingness to boldly look at gaps in existing tools are the key to successfully facing the challenges that lie ahead.”
Due to Covid restrictions, the simulation took place virtually. Planned over the course of the past year, It was originally meant to take place during the Dubai World Expo last month, during which the Israel National Cyber Directorate led a multinational drill simulating a cyberattack on the civilian aviation industry.
Last month, three US federal banking regulators issued a rule that requires banks and other financial institutions to notify their primary federal regulator within 36 hours of a computer-security incident that affects their operations. This rule will take effect on April 1, 2022, with full compliance extended by one month.
Dubbed “Collective Strength”, the simulation included treasury officials from 9 other countries as well as representatives from the World Bank, the IMF and BIS
Israel financial-cyber officials take part in a simulation of a major cyber attack on the global financial system with 9 other countries, the World Bank and IMF at the Finance Ministry in Jerusalem December 9, 2021 REUTERS/ Ammar Awad
On average, a financial services employee has access to nearly 11 million files the day they walk in the door, with the number rising to 20 million in large organizations. Nearly two-thirds of financial services companies have over 1,000 sensitive files open to every employee, and over 350 thousand sensitive files per organization. This, according to data compiled by data security company Varonis.
In short, this means that the financial sector is an endless pool of resources for cybercriminals, who can get their hands on lots of information – and potentially lots of money paid as ransom. A recent Sophos survey discovered that 34% of financial services were hit by ransomware in 2020, and 51% of the organizations impacted said that the attackers succeeded in encrypting data. Out of those, 25% paid the demanded ransom.
And so last week, a group of countries and global financial instituted gathered to improve their combat tactics in this ongoing war, led by Israel – whose Ministry of Finance orchestrated an international simulation of a major cyberattack on the global financial system.
Dubbed “Collective Strength”, the simulation included treasury officials from the US, UK, Austria, Switzerland, the UAE, Germany, Italy, Thailand and the Netherlands, as well as representatives from the World Bank, the International Monetary Fund, and Bank of International Settlements (BIS).
According to Reuters, which first reported on this, the simulation featured several types of attacks that impacted global foreign exchange, bond markets, liquidity and more, with the scenario caused by “sophisticated players”.
“This unique, groundbreaking exercise heightened the importance of a coordinated global action of governments together with central banks,” said Shira Greenberg, Chief Economist at the Israeli Ministry of Finance, as quoted on local news site Ice.
Yoni Mor, Head of the Cyber Emergence and Security Division at the Ministry, was quoted by the same outlet as saying that the simulation “made it clear that coordination, trust, and willingness to boldly look at gaps in existing tools are the key to successfully facing the challenges that lie ahead.”
Due to Covid restrictions, the simulation took place virtually. Planned over the course of the past year, It was originally meant to take place during the Dubai World Expo last month, during which the Israel National Cyber Directorate led a multinational drill simulating a cyberattack on the civilian aviation industry.
Last month, three US federal banking regulators issued a rule that requires banks and other financial institutions to notify their primary federal regulator within 36 hours of a computer-security incident that affects their operations. This rule will take effect on April 1, 2022, with full compliance extended by one month.
