The bank mobilizes 200 people to combat the risks and strengthens prevention and vigilance on these activities.
The International Monetary Fund has confirmed this in one of its latest reports: cyber risks have become the main threat to financial stability. And BBVA knows why: organized crime has set its sights on banking and its cyberattacks have intensified.
“During 2019, the bank detected an increase in the number of attacks, accentuated by the presence of specialized crime groups specialized in the banking sector,” says the entity chaired by Carlos Torres in his management report referring to the activity of the year that it just closed. BBVA has included for the first time a section specifically dedicated to cybersecurity in its annual accountability.
The arrival of banking cybercrime specialists has had a direct effect on the potential harm to their activities. Cyber attacks have evolved and have become “more sophisticated”, warns BBVA. The bank has reacted by strengthening its “prevention and monitoring” efforts and mobilizing 200 people to defend itself.
It has done this through its Global Computer Emergency Response Team (CERT), which is the bank’s first line of detection and response to cyber attacks targeting global users and the group’s infrastructure, and which Shares information with the most global Threat Intelligence Unit.
Although the CERT’s operating base is in Madrid, the team provides services in all the countries where BBVA operates and is operational 24 hours a day throughout the week. There are two main lines: one dedicated to fraud and the other to cybersecurity.
More cybercrime and more costs
BBVA’s reaction is in line with the increasing importance that global authorities are giving to cyber risks. “Cybercrime is growing in scale and complexity,” Pablo Hernandez de Cos, governor of the Bank of Spain, said a few weeks ago in a speech. “The consequence is that the costs associated with these attacks are increasing rapidly and the banking sector is being particularly affected. Paradoxically, the best way to deal with the risks emanating from these new technologies is to invest more in technology, “he added.
This was done by BBVA last year, according to what is stated in its management report. The bank increased its ability to control and monitor its systems, “paying special attention to the critical assets that support business processes to prevent threats from materializing and, where appropriate, immediately identify any security incident that may occur ».
The entity also strengthened its ability to prevent, detect and respond to incidents. The use of integrated sources of information, more analysis and the use of automated platforms were his weapons.
“These measures are intended to guarantee an immediate and effective response to any security incident that may occur, with the coordination of the different business areas and the support of the bank involved, the minimization of possible negative consequences and, in case of being necessary, the report in time and form to the corresponding supervisory or regulatory entities ”, explains BBVA.
To that another tool is added. To test its strategy, the bank attacks itself with simulation exercises “in the areas of physical security and digital security. The result of these exercises is a fundamental part of a feedback process designed to improve cyber security strategies, “says the bank.
BBVA is not the only one that uses these practices to find its defensive weaknesses. Santander has hired the US company Synack and its network of hackers to discover their vulnerabilities before others with criminal intent do so and can put a stop to them without causing further damage.