Cyber risks (2023/1)

Cyber risks remain one of the biggest operational risks for supervised institutions. The Swiss financial sector has not been left unscathed by cyberattacks. Successful cyberattacks can cause significant damage as various examples in the past have demonstrated. Although the number of reports received by FINMA was unchanged, there is ongoing pressure on the financial institutions to keep a close eye on the current threat level, react quickly if needed and continuously test their own infrastructure for any vulnerabilities.

The media regularly reports on successful cyberattacks on established companies. Attackers recently exploited a vulnerability in the data transfer programme MOVEit to extract data and subsequently blackmail the companies involved. For many supervised institutions it is a challenge to identify these “zero-day” attacks that exploit previously unknown weaknesses in a system. These weaknesses cannot be identified by traditional means such as vulnerability scanners and closed afterwards.


Distribution based on cyber reports received by FINMA over the last twelve months


Distributed denial of service (DDoS) attacks also remain common (see chart “Distribution based on cyber reports received by FINMA over the last twelve months”). In these attacks, a system (e.g. a web page) is overwhelmed by a huge number of requests. Politically motivated groups recently used this method to attack the websites of the Swiss federal administration and other public authorities, for example. Supervised institutions were also affected, but were able to fend off the attacks. Compared to the DDoS attacks at the end of 2020 which led to significant outages, the financial institutions were very well prepared on this occasion. Nonetheless, the threat of politically motivated cyberattacks is on the increase. 


Number of reports of cyberattacks by supervisory category


The reports by supervised institutions to FINMA on cyberattacks confirm the trend that smaller institutions are attacked more often (see chart “Number of reports of cyberattacks by supervisory category”). In addition, insurers (around 30% of attacks) and asset managers (around 20%) are more often becoming the focus of cyberattacks compared to the past and to banks. The existing trend of successfully attacking companies via service providers has also continued (see chart “Attack vector”). For example, attackers compromised data from supervised institutions in two separate ransomware attacks on service providers. The number of companies affected reached double digits. Such attacks do not necessarily only affect customer data, but can also involve other data classified as critical by the company, for example information on staff, confidential business information, investment strategies, etc. 


Attack vector

 

(From the Risk monitor 2023)

FINMA Risk Monitor 2023

Updated: 09.11.2023 Size: 0.47  MB
Add to personal download list
Cyberrisiken 2023 1
Backgroundimage