The Group of Seven industrial powers yesterday said they had agreed on guidelines for protecting the global financial sector from cyber attacks following a series of cross-border bank thefts by hackers.
Policymakers have grown more worried about financial cyber security in the wake of numerous hacks of SWIFT, the global financial messaging system, including an $81mn theft in February from the Bangladeshi central bank’s account at the New York Federal Reserve.
“Cyber risks are growing more dangerous and diverse, threatening to disrupt our interconnected global financial systems,” according to the guidelines agreed by G7 finance ministers and central bankers.
The guidelines, which officials described as non-binding principles, were in a three-page document posted on the webpages of G7 government agencies.
The G7 comprises Britain, Canada, France, Germany, Italy, Japan and the United States.
US Deputy Treasury Secretary Sarah Bloom Raskin told reporters in a telephone briefing that G7 officials had surveyed their existing cyber security practices and identified potential shortfalls.
A Treasury official later said the guidance was an effort to encourage regulators and firms to approach cyber security from a risk-management perspective. Fed vice chairman Stanley Fischer said in a statement the guidelines would address the weakest links in global cyber security.
Cyber thieves have targeted large financial institutions around the world, including America’s largest bank JPMorgan, as well as smaller players like Ecuador’s Banco del Austro and Vietnam’s Tien Phong Bank.
The US Federal Reserve’s internal security staff detected more than 50 cyber breaches between 2011 and 2015, with several incidents described as “espionage.”
The guidelines released yesterday instruct governments to ensure that they police their own cyber-security readiness as well as that of companies they regulate, and that public and private institutions continually update their defences.
The goal of the guidelines was also to get firms and regulators across the world to approach risks the same way, according to the Treasury official.
“If we get this right we will drive a common lexicon,” said the official, who asked not to be named.
Governments are also supposed to notify one another about joint threats and cooperate to contain computer system breaches, while firms are encouraged to share information and ask for help when they need it.
“Maintaining trust and confidence in the financial sector significantly improves when entities and public authorities have the ability to mutually assist each other,” according to the guidelines.

Second hacker group targets SWIFT users

Cyber-security firm Symantec Corporation said yesterday that a second hacking group has sought to rob banks using fraudulent SWIFT messages, the same approach that yielded $81mn in the high-profile February attack on Bangladesh’s central bank. Symantec said that a group dubbed Odinaff has infected 10 to 20 Symantec customers with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system. Symantec’s research provided new insight into ongoing hacking that has previously been disclosed by SWIFT.
SWIFT chief executive Gottfried Leibbrandt last month told customers about three hacks and warned that cyber attacks on banks are poised to rise. SWIFT and Symantec have not identified specific victims beyond Bangladesh Bank. Symantec said that most Odinaff attacks occurred in the US, Hong Kong, Australia, the UK and Ukraine. Symantec said it would share technical information about Odinaff with banks, governments and other security firms. The company in May said it believed the Bangladesh heist was carried out by a group known as Lazarus, which was also responsible for attacks on SWIFT customers in Southeast Asia as well as the 2014 hack of Sony Pictures Entertainment.