Bank of America CTO: Cyberattacks on banks “surged” during pandemic

Bank of America’s chief operations and technology officer, Cathy Bessant, says the bank has boosted spending on cyberdefenses in recent years to about $1 billion annually.

The bank’s global information-security unit spends the majority of this budget on staff and technology.

Cathy Bessant, Bank of America’s chief operations and technology officer

Bessant added in a briefing on Monday, as reported by Bloomberg, that cyberattacks have surged dramatically during the pandemic.

“Criminals are by definition very crafty, very entrepreneurial – and times of stress produce opportunities,” says Bessant. “There’s no question that the rate and pace of attacks, and the nature of attacks, has grown dramatically.”

The bank is, as a result, constantly on guard against an “Armageddon scenario”, according to its technology chief.

Cyber-related spending jumped 15% in 2020, according to a Deloitte & Touche survey.

This percentage equates to roughly $1 billion for each of the largest US banks. Which highlights that Bank of America is simply one of many US banks ramping up their cyberdefences.

Deloitte also reckons 64% of finance executives expect cybersecurity budgets to keep rising.

2021’s cyberattacks so far

Several financial firms have suffered major data breaches and cyberattacks in recent months.

In March, Michigan-based Flagstar Bank fell victim to a data breach caused by a vulnerability in its Accellion file sharing service.

According to Vice, criminals posted the personal details of bank employees online via the dark web following the breach.

The same month, a cyberattack forced the European Banking Authority (EBA) to shut down its entire email system.

The attack was part of a widespread assault on organisations running Microsoft Exchange servers.

KrebsOnSecurity reports suggested more than 30,000 firms in the US and 10,000 internationally were affected by the attack. It was traced back to Chinese hacking group “Hafnium”.

This year kicked off with New Zealand’s central bank also falling victim to a hack via third-party file-sharing system Accellion – the same platform which caused Flagstar Bank’s breach.

Auckland University computer science professor, Dave Parry, told Radio New Zealand in January that this breach was likely the work of a nation-state, rather than a criminal ring.

“Ultimately if you were coming from a sort of like criminal perspective, the government agencies aren’t going to pay your ransom,” he said. “So, you’d be more interested probably coming in from a government-to-government level.”

Cyber risk beats financial crisis

In April, Federal Reserve chairman Jerome Powell told CBS News he’s more worried about cyber risk than another financial crash.

Powell said, “a cyber event” could have “a broad part” to play in the financial system “coming to a halt”. But that the risk of a 2008-style financial collapse is “very, very low”.

“I would say that the risk that we keep our eyes on the most now is cyber risk,” Powell told CBS News.

He said the US central bank is therefore monitoring it very carefully and investing heavily in the prevention of major breaches.

“That’s really where the risk I would say is now, rather than something that looked like the global financial crisis.”

Read next: Federal Reserve chair says cyber risk a greater threat than another financial crash