The keys to cyber security in Spanish banking

Late January saw the presentation of the new guide to good practices by ENISA (the European Union's cyber security agency) on managing the Internet infrastructure, and only one month later the Obama Administration announced the launch of CTTIC, a new intelligence agency charged with coordinating the detection of threats on the Internet.

But… how is the most vulnerable private-sector industry –the financial industry– looking ahead to 2015? And more specifically, the Spanish banking sector?

The Spanish banking sector is today fully immersed in the process of adapting to the digital environment. This will open up a host of new commercial possibilities… along with new security risks that were beyond imagining only a few years ago. The banking sector now needs to be concerned not only to design strategies to avoid fraud for its customers, for example … but also to protect its technology systems, as they are now an essential component of the critical infrastructures of any country, and whose crash or malfunction for a few days could seriously compromise any modern society.

This is the reason the leaders of the IEB's innovation and financial technology program have recently drawn up a document containing various key points associated with cyber security in Spanish banking:

What position does Spain occupy in the cyber attack ranking?

Spain is among “the countries receiving most cyber attacks via malware installed in user computers worldwide”, only exceeded by the United States and the United Kingdom. This is why Spain is one of the countries at the forefront of developing security systems for fraud detection, which in the case of Spanish banks is now almost residual. Our banking system has yet to see significant cases of mass cyber attacks, security breaches or theft of customer data.

How much does Spain invest in cyber security?

Currently “Spanish companies spend around 14 billion euros a year in reinforcing their cyber security; about 50,000 workers are dedicated to this field, and the annual turnover is in excess of 6 billion euros”.

How do financial institutions prepare for these challenges?

The management of cyber risks is already a part of a bank's risk management strategies. Spanish banks have systems based on data analysis, user monitoring and predictive algorithms designed to detect inconsistent customer behavior in real-time and thus prevent fraud. Any changes in the patterns of use and navigation in online customers are analyzed, along with their geographic location and habitual platform (or atypical changes that could signal fraudulent access).

What areas do these cyber attacks focus on?

The financial sector is the priority target of cyber criminals, to the point that nearly half of all cyber attacks affect this sector. “In this scenario”, says the IEB document, “ a study drawn up by the European Central Bank indicated that 60% of the volume of bank card fraud involved distance payment with cards –in other words, distance or Internet purchasing– and this percentage continues to rise with the spread of e-commerce”.

What are the main online threats today?

The threats and attacks received every day by the banking system do not come only from individuals like hackers wishing to break through a bank's security system, “but is also becoming common practice among cyber criminals after economic gain, cyber terrorists who want to compromise national security, and for cyber espionage between states”, says the IEB.

What is the government strategy to prevent these cyber attacks?

In view of this, at the end of 2013 the Spanish government approved a National Cyber Security strategy (considered by some experts to leave room for improvement), and one year ago set up the National Cyber Security Council formed by a panel of IT security experts.