Cyber threats to Nordic banks are on the rise, pushing financial institutions to take proactive steps in managing risk and enhancing their internal cybersecurity. In Norway, Finans Norge, the main umbrella organization for banks, has set up the Cyber Threat Support Unit (CTSU). This unit teams up with bank members to provide expert support and a shared resource for navigating cyber risks and improving IT network protection.
The creation of the CTSU is a clear answer to the increasing frequency and severity of cyber attacks on banks. There’s a worrying trend where some criminals are working with bank employees to steal insider information and siphon off funds.
To help its members tackle these challenges, Finans Norge launched the Guide to Personnel Security in the Financial Industry (GPSFI). This guide aims to assist organizations in managing internal risks associated with fraud while utilizing advanced technology, including AI, to limit access to sensitive areas. As Therese Høyer Grimstad, Norge Finans’ director of labor relations, pointed out, the goal is to protect assets while respecting employees’ rights and privacy.
The GPSFI addresses legal issues related to employment law, ensuring that security measures against internal fraud comply with Norway’s discrimination and data protection laws. Grimstad emphasized that enhancing personnel security prepares financial sector members to handle complex threats more effectively.
Internal fraud is becoming a significant concern for Norway’s 123 banks, and Økonomisk Kriminalitet has reported an uptick in investigations involving bank employees colluding with criminals to defraud. Pål Lønseth, the director general of Økokrim, highlighted the alarming rise in digital threats where disloyal personnel assist external criminals, ultimately targeting bank funds.
New threats loom on the horizon, notably quantum computing, which could render existing encryption methods useless. Deepfake technology complicates financial fraud further, enabling bad actors to impersonate bank executives using AI tools. A recent survey found that under 20% of bank executives see quantum computers as a serious future threat, while around 40% consider malware and ransomware to pose a greater risk.
To bolster cybersecurity, Norwegian banks are lobbying for the swift incorporation of the EU’s NIS2 directive into national law. This directive aims to create a solid framework for cybersecurity across the financial sector. Being a part of the European Economic Area, Norway has strong trade ties with the EU, making this legislative update crucial for the banking industry.
Norwegian banks are intensifying collaboration with their Nordic counterparts to establish information-sharing platforms focused on enhancing cybersecurity. Countries like Denmark and Sweden are ahead in assessing AI-related cyber risks and developing tools to counteract sophisticated attacks from the dark web.
In Denmark, the financial services union is urging banks to invest in AI training to strengthen their online security. Dorrit Brandt, the chairman of Finansforbundet, stated that while AI offers many benefits, managing data control is crucial. The financial sector in Denmark anticipates significant changes due to AI, with a recent study indicating that nearly all jobs will be affected to some degree.
Nordic banks are stepping up their spending on training programs that keep pace with AI advancements. Specialized training initiatives aim to educate employees about the evolving security threats posed by AI and how to adapt traditional cyber defenses accordingly.
Brandt stressed the necessity of a comprehensive upskilling program for generative AI across the financial sector, stating that the industry must stay vigilant and in control during this transformative technological shift.
