The First Deputy Managing Director, International Monetary Fund, Mr David Lipton, has said countries need to do more internally and internationally to coordinate their efforts to tackle cybersecurity threats.
Lipton, in a piece published on Monday, noted that last March, Operation Taiex led to the arrest of the gang leader behind the Carbanak and Cobalt malware attacks on over 100 financial institutions worldwide.
He said the law enforcement operation included the Spanish national police, Europol, FBI, the Romanian, Moldovan, Belarusian, and Taiwanese authorities, as well as private cybersecurity companies.
According to him, investigators found out that hackers were operating in at least 15 countries.
Lipton said, “We all know that money moves quickly around the world. As Operation Taiex shows, cybercrime is doing the same, becoming increasingly able to collaborate rapidly across borders. To create a cyber-secure world, we must be as fast and globally integrated as the criminals. Facing a global threat with local resources will not be enough.”
“To begin, the private sector offers many good examples of cooperation. The industry deserves credit for taking the lead in many areas — developing technical and risk management standards, convening information-sharing forums, and spending considerable resources.”
According to him, international bodies, including the Group of 7 Cyber Experts group and the Basel Committee, are creating awareness and identifying sound practices for financial sector supervisors.
Lipton said, “But there is more to be done, especially if we take a global perspective. First, we need to develop a greater understanding of the risks: the source and nature of threats and how they might impact financial stability. We need more data on threats and on the impact of successful attacks to better understand the risks.
“Second, we need to improve collaboration on threat intelligence, incident reporting and best practices in resilience and response. Information sharing between the private and public sector needs to be improved — for example, by reducing barriers to banks reporting issues to financial supervisors and law enforcement.”
The IMF boss said different public agencies within a country needed to communicate seamlessly, adding that information sharing between countries must improve.
He said, “Third, and related, regulatory approaches need to achieve greater consistency. Today, countries have different standards, regulations, and terminology. Reducing this inconsistency will facilitate more communication.
“Finally, knowing that attacks will come, countries need to be ready for them. Crisis preparation and response protocols should be developed at both the national and cross-border level, so as to be able to respond and recover operations as soon as possible.”
According to Lipton, because a cyberattack can come from anywhere in the world, or many places at once, crisis response protocols must be articulated within regions and globally.
He said, “That means the relevant authorities need to know “whom to call” during a crisis, in nearby and, ideally, also in faraway countries. For small or developing countries, this is a challenge that needs international attention.
“Many rely on financial services or correspondent lines provided by global banks for financial connection. Developing cross-border response protocols will help countries understand their respective roles in a crisis and ensure a coordinated response in the event of a crisis.”
Lipton noted that the Group of 7 countries had made an excellent start at building collaboration on cybersecurity, but the effort needed to be broadened to each and every country.