Cyberattacks are a crucial part of modern warfare. Functions critical to society, such as communications or payments, can be paralysed with guns and bombs, but also through data networks. For this very reason, financial sector companies and authorities regularly practice their preparedness for cyberthreats. The TIETO22 cybersecurity exercise that tests preparedness for large-scale payment disruptions is currently underway, and the latest financial sector’s joint preparedness exercise (FATO2021) took place last autumn.
For financial companies, cyberthreats are nothing new. The financial sector is an alluring target for cyberattackers, whether they are looking to spread chaos, commit fraud or use hijacked data for blackmail purposes. Banks are regularly the target of denial of service (DoS) attacks and other cyberattacks – according to some estimates, even hundreds of times a day – so their systems are honed to perfection.
On 15 March, the Finnish Financial Supervisory Authority issued a warning that Russia’s military action is increasing cyberthreats in financial sector companies. Other European authorities and private cybersecurity companies have issued similar statements.
The most likely cyberthreat is a DoS attack targeted at a bank or its critical service provider with the purpose of knocking their website offline. The hacktivist collective Anonymous has announced that it has used such attacks to disable the Bank of Russia and a large number of Belarussian banks. It is entirely possible that Russian hackers could do the same in Finland or in some other EU country.
Russia is targeting something larger than individual banks:
the entire European payment system.
But even if Russia did disrupt the operations of a large European bank, let alone a Finnish bank, it would not be much of a victory for the country. Europe has several dozen large banks with a balance sheet of over 100 billion euro and thousands of banks in total. In the grand scheme of things, shutting down one bank would do little harm to European payments. Russia is probably better off not wasting its limited resources on obstructing single banks and might instead target its attacks on the scale of European payment hubs, for example.
And what can I do as an ordinary citizen?
Cyberwarfare is unlikely to target individual citizens, as a major war is not funded with online banking scams. The escalating global situation can, however, inspire crooks and fortune hunters to try their luck, so it is wise to ensure that you have your basic data security in order.
In practice, this means using strong enough passwords and keeping your computer and smart device updates and security software up to date. It is also important to only download applications and software from secure sources. Alarm bells should be ringing if you are asked to do something out of the ordinary, for example to log in to your online bank in a different way.
The situation has highlighted the importance of employees’ cybersecurity competence. These routine skills are continuously developed in the financial sector. Cyberattacks are no wild sci-fi adventures with hackers and laser guns; most data breaches and leaks begin with an innocent-looking phishing message that we have all likely received at one point or another.