Financial services organizations operate with high volumes of valuable data, making them an attractive target for hackers. They are vulnerable to scams, fraud and banking Trojans, so data security in this sector is critical. IT executives struggle to optimize cybersecurity, as they often deal with low budgets and a lack of skilled workers to implement better security. These are top roadblocks, especially as open banking exposes their data and infrastructure to third-party vulnerabilities.
Cybercriminals have been actively going after banks for years, but the activity has gained popularity in the past couple of years. According to an EY survey, as little as 6 percent of organizations in the financial services sector are confident their security function is in line with their organization’s requirements, but 31 percent are struggling with a major skill gap that keeps from making needed improvements.
Who can banks trust and why aren’t they topping up their security? The Maltese Bank of Valletta (BOV) became the most recent victim after hackers tried to get away with transferring 13 million euros to accounts at banks in the UK, US, Czech Republic and Hong Kong, Times of Malta writes. To mitigate risks, all activity was shut down across Malta, including ATMs, mobile banking, website and email services, leaving customers and businesses unable to make transactions and unaware of what was happening.
Maltese Prime Minister Joseph Muscat assured Parliament on Wednesday that the transactions were blocked within 30 minutes and no funds were stolen. The mobile app resumed operations on Thursday. As the hackers are believed to be operating remotely, Bank of Valletta contacted both local and international law enforcement to start an investigation.
It was the bank’s direct responsibility to ensure the safety of its network and safeguard financial information. MFSA, the country’s local financial regulator, is also keeping a close eye on the status of incident.
"The MFSA follows ECB guidelines with respect to cyber-security threats and attendant risk mitigating factors which need to be followed by licensed institutions," MFSA CEO Joseph Cuschieri told the Times of Malta. "We strongly encourage banks and other licensed financial institutions continuously invest in their IT systems to prevent such occurrences.”
Customers were rightfully worried that their personal data may have been compromised, leading to identity theft and illegal transactions. In the meantime, the bank guarantees that “customer accounts and their funds are in no way impacted or compromised.”
“Customers may now once again make use of BOV services through the Bank’s branch network across Malta and Gozo, ATMs, Internet Banking, Mobile Banking and by making use of their BOV cards when effecting purchases,” announced the bank. “Payments to third parties is currently the only service not yet activated. Developments in this regard will be communicated through future press releases.”