“When it comes to cybersecurity, the better educated we are, the better we can protect ourselves. This is a high priority for EBF”
The fight against cybercrime is still a major challenge, in which the banking sector and other stakeholders play a key role. Cybersecurity is a core concern and requires constant attention, especially in the current geopolitical context.
National banking industry federations, such as Febelfin, are developing initiatives and actions ranging from collaboration platforms to awareness raising. On the latter point, we can quote our latest campaign “Outsmart a phisher”. But what about the European Banking Federation (EBF)? Febelfin wanted to see how the EBF is handling the issue of cybersecurity, so we interviewed Alexandra Maniati, Senior Director, Innovation & Cybersecurity at EBF, and Dimos Karalis, Policy Adviser, Cybersecurity & Innovation at EBF.
EBF takes multiple actions to achieve its cybersecurity objective. How does this translate into practice? What is the level of member cooperation on the subject of cybersecurity?
Alexandra Maniati: EBF is the voice of the European banking sector at the European level, uniting 32 national banking associations from all over Europe that together represent over 3,500 banks. Our mission is to express the European banking industry's views to the regulators, legislators, policy-makers and supervisors on proposals and initiatives that have an effect on banks.
In this context, EBF’s main strategic priorities are: financing sustainable growth, prudential policy and supervision, financial education and, last but certainly not least, digital innovation and cybersecurity.
The latter is a vast area. Digitalisation in financial services is all-pervasive and in our work with my team at the EBF we try to identify and prioritize what is most important to our members. So, our current work focuses on: central bank digital currencies and virtual assets, the data economy and open finance, payments, cloud banking, and digital platforms, as predominant and often disruptive elements in the digital transformation of banking. And the workstream that lies underneath of it all, the foundation of any successful and sustainable digital innovation, is our sixth priority: cybersecurity and digital operational resilience.
We have been active in the field of cybersecurity for over 6 years now. We have a dedicated expert group, consisting of cybersecurity experts from our member banking associations and individual banks. With this group and our external strategic partners, such as Europol's European Cybercrime Centre (EC3) and ENISA, the EU cybersecurity agency, we deploy EBF actions on multiple levels. The first is policy making: EBF contributes views and actively engages in the public debate when legislation or regulation on cybersecurity and resilience is discussed (both horizontal and sector-specific) . On the second level, EBF works with a variety of partners on information sharing and exchange of best practices. And thirdly, we work on raising awareness about cybersecurity risks and enhancing cybersecurity skills, both for bank employees and customers.
Let’s talk about phishing: what is EBF's role in this, and what added value does it try to create for its members? What initiatives does it take?
Alexandra Maniati: In our digitalised life, more and more of our daily activities take place online. We access the internet to do business, buy products and services, interact with friends and family, and also to engage with our bank. Along with the tremendous opportunities and convenience that this digitalisation has brought – especially highlighted during the pandemic lockdowns - new risks are the other side of the coin. Cyber criminals may be “invisible” but they are still very real and they can inflict major damage to both individuals and businesses.
Phishing is one of the most common cyber scams. It is the reason why it was included in our cyber scams awareness campaign - created with Europol’s EC3 in 2018 - in which we talk about the most popular scams online. In the campaign, which is aimed at both individuals and professionals, we give tips on how to spot phishing (and its variations of smishing and vishing) and we also give advice on what to do if you become a victim. Criminals try to outsmart you and take advantage of your curiosity or anxiety: their messages urging you to click on a link will be often related to a situation that causes a lot of stress or emotion (e.g. the pandemic or raising money for war refugees). So, it is extremely important to be aware and alert.
Dimos Karalis: It is important to note that our awareness campaigns need to be updated as scams evolve. This is what we did with the CyberScams campaign to reflect the trends we see in online fraud. We relaunched it in October 2021, during the European Cybersecurity Month, with refreshed messages. We have also recently added a new scam related to crypto investments, given the increase in the use of cryptocurrencies and the related scams being deployed. Developments in cybercrime are keeping pace with developments in new technologies, as the latter often come with new vulnerabilities to exploit.
Alexandra Maniati: Our Cybersecurity Expert Group and our partnerships with EC3 and ENISA provide the inspiration for our decisions to include new scams in the campaign. These are the experts who constantly monitor or experience first-hand the new scams, and we are very grateful that they are also helping us elaborate the content. When the final product is ready in English, our members also help with the translation into their national languages. This is important, because, to achieve maximum reach, we need to speak to people in their language. The final block of our collaboration with our members (and partners) is the dissemination of the campaign: for example, through bank branches, but also through the websites and social media of banking associations and banks.
In Belgium, we are seeing a shift from phishing to other forms of fraud in which the victims are pressured into transferring money themselves (romscam, aid fraud…). Is EBF seeing the same phenomenon? What does it do to support its members in this?
Alexandra Maniati: We are seeing an increase in these types of fraud, and that is why awareness is so important. Again, these types of fraud rely heavily on psychology. Criminals will try to win your trust and/or exploit your emotions, which means that the vulnerability is the human factor, and this is what needs to be addressed. The better educated we are as users of digital products and services, the better we can protect ourselves and the organisations we work for. In addition to the campaigns we create, through our expert groups and events we also provide the platform for our members to exchange information and best practices, so that we can learn from each other and constantly improve. Cybersecurity is a never-ending effort, so continuity of action and constant monitoring are essential.
EBF does a lot of business but may not be as well known to many bank employees, who are not in direct contact. How can we improve flow of information, and what can we expect from EBF?
Alexandra Maniati: The information generally flows through our member bank associations, which support and actively help shape the work we do. Febelfin is a long-standing and valuable contributor to our activities. We also organise events such as the EBF Digital Thursdays, and there is plenty of information on our website. Keep checking the EBF website (www.ebf.eu) and our social media posts on Twitter and LinkedIn!
Dimos Karalis: The CyberScams campaign is a good example of how we connect with banks and their employees. Through their national bank association they can participate in all stages of content creation, and of course they receive the material when the national versions are launched, and can further reinforce the messaging (e.g. through their own social media channels) and use it for active outreach to their customers.
What cybersecurity challenges does EBF see for its members in the future?
Alexandra Maniati: We see phishing and other scams continuing. Ransomware and DDoS attacks are on the rise. We also need to keep an eye on the general geopolitical situation. The banks are extra vigilant, and they are monitoring the situation closely.
Dimos Karalis: Every type of situation that disrupts “normality” – the pandemic, and now the war in Ukraine – gives cybercriminals an opportunity to exploit and adapt for greater success. It is usually not about new scams, but more about adapting the content to prevailing circumstances. Another new trend to keep an eye on is the use of cryptocurrencies.
A final word to conclude our interview?
Alexandra Maniati: Trust is fundamental in the relationship between bank and customer. When it comes to digital finance, that trust is safeguarded by ensuring a high level of cybersecurity and digital operational resilience, and the banking sector is considered to be one of the most cyber mature sectors. However, regardless of the systems and mechanisms in place, the human factor can only be tackled by each and every one of us. Take basic cyber hygiene measures for your devices, stay aware, stay alert, and think before you click!
Find out more about the EBF awareness campaign: