Financial firms may need to bolster their defences in the face of rocketing cyber attacks after employees began working from home, the Financial Stability Board (FSB) said on Tuesday.
The FSB, which coordinates financial rules for the G20 group of nations, said remote working since economies went into lockdown to fight COVID-19 opened up new possibilities for cyber attacks. Working from home (WFH) is expected to stay in some form across the financial services industry and beyond.
“Most cyber frameworks did not envisage a scenario of near-universal remote working and the exploitation of such a situation by cyber threat actors,” the FSB said in a report to G20 ministers and central banks.
The report is a first take on lessons learned from the pandemic’s impact on financial stability.
COVID-19 was the first major test of tougher financial rules put in place after the 2008 global financial crisis and most parts of the system coped well, the FSB said.
Lockdown restrictions are easing but financial firms have told employees they will be allowed to work from home several days a week permanently, and the rest of the time in the office.
Cyber activities such as phishing, malware and ransomware grew from fewer than 5,000 per week in February 2020 to more than 200,000 per week in late April 2021, the FSB said.
“Financial institutions have generally been resilient but they may need to consider adjustments to cyber risk management processes, cyber incident reporting, response and recovery activities, as well as management of critical third-party service providers, for example cloud services,” the FSB said.
The FSB, chaired by Federal Reserve Vice Chair Randal Quarles and comprising regulators and central banks from leading financial centres, will publish a final report in October setting out its next steps.
It has already made proposals for strengthening the resilience of money market funds which suffered severed stresses during last year’s market turmoil.