"This regulatory burden can be eased by improving governance of access and identity risk. It is not enough for organisations to just develop external defences to protect against cyber-attacks - serious breaches have arisen in the past thanks to weak internal access management systems," he said.
In June, the International Organization of Securities Commissions (IOSCO) published a report that worried about the potential of DDoS-led cyberattacks to 'down' a major securities exchange such as a stockmarket.
Perhaps the most concerning incident was the widely-ignored but still extraordinary heist last December in which a large number of cybercriminals co-ordinated at least $45 million of thefts from ATM machines in 27 countries. Although a small event in financial terms, the warning is clear. The criminals are now extremely organised, know which bits of the system to attack, and will almost certainly come back for a much large sum the next time.
The best defence? In the case of detecting an ATM attack of large enough scale, temporarily shutting down bank system across the world. In other words, pulling the plug.
Sign up for Computerworld eNewsletters.