EBF takes multiple actions to achieve its cybersecurity objective. How does this translate into practice? What is the level of member cooperation on the subject of cybersecurity?
Alexandra Maniati: EBF is the voice of the European banking sector at the European level, uniting 32 national banking associations from all over Europe that together represent over 3,500 banks. Our mission is to express the European banking industry's views to the regulators, legislators, policy-makers and supervisors on proposals and initiatives that have an effect on banks.
In this context, EBF’s main strategic priorities are: financing sustainable growth, prudential policy and supervision, financial education and, last but certainly not least, digital innovation and cybersecurity.
The latter is a vast area. Digitalisation in financial services is all-pervasive and in our work with my team at the EBF we try to identify and prioritize what is most important to our members. So, our current work focuses on: central bank digital currencies and virtual assets, the data economy and open finance, payments, cloud banking, and digital platforms, as predominant and often disruptive elements in the digital transformation of banking. And the workstream that lies underneath of it all, the foundation of any successful and sustainable digital innovation, is our sixth priority: cybersecurity and digital operational resilience.
We have been active in the field of cybersecurity for over 6 years now. We have a dedicated expert group, consisting of cybersecurity experts from our member banking associations and individual banks. With this group and our external strategic partners, such as Europol's European Cybercrime Centre (EC3) and ENISA, the EU cybersecurity agency, we deploy EBF actions on multiple levels. The first is policy making: EBF contributes views and actively engages in the public debate when legislation or regulation on cybersecurity and resilience is discussed (both horizontal and sector-specific) . On the second level, EBF works with a variety of partners on information sharing and exchange of best practices. And thirdly, we work on raising awareness about cybersecurity risks and enhancing cybersecurity skills, both for bank employees and customers.
Let’s talk about phishing: what is EBF's role in this, and what added value does it try to create for its members? What initiatives does it take?
Alexandra Maniati: In our digitalised life, more and more of our daily activities take place online. We access the internet to do business, buy products and services, interact with friends and family, and also to engage with our bank. Along with the tremendous opportunities and convenience that this digitalisation has brought – especially highlighted during the pandemic lockdowns - new risks are the other side of the coin. Cyber criminals may be “invisible” but they are still very real and they can inflict major damage to both individuals and businesses.
Phishing is one of the most common cyber scams. It is the reason why it was included in our cyber scams awareness campaign - created with Europol’s EC3 in 2018 - in which we talk about the most popular scams online. In the campaign, which is aimed at both individuals and professionals, we give tips on how to spot phishing (and its variations of smishing and vishing) and we also give advice on what to do if you become a victim. Criminals try to outsmart you and take advantage of your curiosity or anxiety: their messages urging you to click on a link will be often related to a situation that causes a lot of stress or emotion (e.g. the pandemic or raising money for war refugees). So, it is extremely important to be aware and alert.
Dimos Karalis: It is important to note that our awareness campaigns need to be updated as scams evolve. This is what we did with the CyberScams campaign to reflect the trends we see in online fraud. We relaunched it in October 2021, during the European Cybersecurity Month, with refreshed messages. We have also recently added a new scam related to crypto investments, given the increase in the use of cryptocurrencies and the related scams being deployed. Developments in cybercrime are keeping pace with developments in new technologies, as the latter often come with new vulnerabilities to exploit.
Alexandra Maniati: Our Cybersecurity Expert Group and our partnerships with EC3 and ENISA provide the inspiration for our decisions to include new scams in the campaign. These are the experts who constantly monitor or experience first-hand the new scams, and we are very grateful that they are also helping us elaborate the content. When the final product is ready in English, our members also help with the translation into their national languages. This is important, because, to achieve maximum reach, we need to speak to people in their language. The final block of our collaboration with our members (and partners) is the dissemination of the campaign: for example, through bank branches, but also through the websites and social media of banking associations and banks.