Financial Crime World

Switzerland’s Financial Sector Faces Growing Cyber Threats

Cyber security has become a top priority for financial institutions in Switzerland, as the country’s financial sector remains a prime target for cyber criminals. To combat this growing threat, the Swiss Financial Market Supervisory Authority (FINMA) has introduced a series of regulations aimed at fortifying the defenses of the financial services industry.

New Regulations and Certifications

At the heart of these efforts is the National Cyber Security Centre (NCSC), which serves as a valuable resource for expertise and collaboration. Within the financial sector, specific rules have been instituted for banks and financial market infrastructures, guided by the FINMA Circular 2023/1, scheduled for implementation on January 1, 2024.

Emphasis on Internationally Recognized Standards

The adoption of internationally recognized standards and practices in ICT management is also emphasized, aligning with Switzerland’s commitment to enhancing cyber security resilience. However, despite these efforts, the adoption of ISO certifications remains limited, with only a fraction of Swiss organizations having pursued certification.

Balancing Data Security Principles

Achieving a balance between confidentiality, integrity, and availability (CIA) of data is crucial for maintaining customer trust and regulatory compliance. The concept of cyber resilience highlights the need for a holistic approach to data security, emphasizing the importance of alignment on a common definition within an organization.

Key Principles

  • Confidentiality: Protecting sensitive information from unauthorized access.
  • Integrity: Ensuring the accuracy and completeness of data.
  • Availability: Ensuring that data is accessible when needed.

Managing Risk Appetite

Understanding and defining risk appetite is essential for managing cyber risk in financial organizations. Establishing a clear risk appetite framework can help bridge conflicts between competing rationalities and facilitate effective risk management.

Key Considerations

  • Defining risk tolerance and acceptable levels of risk.
  • Identifying and prioritizing risks.
  • Developing strategies to mitigate or transfer risks.

Identifying and Managing Vulnerabilities

Software composition analysis (SCA) is a technique for identifying and managing vulnerabilities in software applications, helping financial institutions identify and patch vulnerabilities before attackers can exploit them.

Benefits of SCA

  • Identifies vulnerabilities in software dependencies.
  • Helps prioritize vulnerability remediation efforts.
  • Reduces the risk of cyber attacks.

Putting Up Holistic Defence Strategies

A variety of defence techniques are available to protect financial institutions from cyber attacks, including diverse teams, integrated knowledge, regulatory adaptation, penetration testing, system backup strategy, and advanced software solutions. These defence techniques should be integrated into a comprehensive cyber security strategy in line with a holistic approach to cyber resilience.

Key Strategies

  • Implementing a defence-in-depth approach.
  • Conducting regular vulnerability assessments and penetration testing.
  • Developing an incident response plan.

Cyber Security is a Continuous Battle

Cyber security in financial services is a continuous battle against evolving threats. By staying vigilant and investing in the right tools and practices, financial institutions can protect their assets, maintain customer trust, and mitigate the ever-present cyber risks.