US senators are urging President Obama to address the topic of cybersecurity at the upcoming Group of 20 Summit in China.
Sherrod Brown of Ohio, a senior Democrat on the Senate Banking Committee, Gary Peters (D-Mich.) and four other Democratic senators say they want a commitment to a "coordinated strategy to combat cyber-crime at critical financial institutions,” according to a letter obtained by Reuters.
The concern stems from the recent attacks using SWIFT, the secure messaging service that banks use to transfer money around the world. Earlier this year, banks fell for various bogus requests for nearly $1 billion from Bangladesh's central bank and an account held at the Federal Reserve Bank of New York; in the end, the industry was left reeling from the theft of $81 million, funneled to shadowy casinos in the Philippines for laundering. There have been other SWIFT-based attacks as well, in Vietnam and in Ecuador, according to reports.
The letter, sent to the White House ahead of the Sept. 4-5 summit, added, "Our financial institutions are connected in order to facilitate global commerce, but cyber criminals—whether independent or state-sponsored—imperil this international system in a way few threats have.”
"We strongly urge you to work with your counterparts and prioritize this discussion at the G20 leaders level in September," it said of the summit to be held in Hangzhou, China, adding that "executive leadership circles across the globe" needed to pay more attention to the risks.
Ineffective third-party cyber-risk management is at the heart of the matter, one industry-watcher says.
“While cybercrime definitely merits discussion at the G20 Summit, what can’t get lost is the impetus for the discussion—the SWIFT attack—was a failure in third-party cyber risk management,” Fred Kneip, CEO, CyberGRX, told Infosecurity. “Collaboration and information-sharing at all levels are the keys to effectively mitigating the persistent and potentially damaging threats posed by cybercriminals. It only takes one vulnerability for increasingly sophisticated attackers to gain access and ride in on a trusted connection, so the G20 discussion needs to include how to effectively share information about third-party cyber risk, including preventing risk from the extended enterprise—outsourcers, customers, vendors, service providers and affiliates.”
Photo © ID1974/Shutterstock.com