US banks are preparing for retaliatory cyberattacks after Western nations slapped a raft of stringent sanctions on Russia for invading Ukraine, cyber experts and executives said.
Tensions between Russia and the West escalated on Saturday as the United States and its allies moved to block some Russian banks from the SWIFT international payment system and placed curbs on the Russian central bank's international reserves.
Western governments have warned for weeks that the tensions could spark massive cyberattacks from Russia or its supporters. Some executives said the latest measures may be the trigger.
"There will be some retaliatory measures taken by them, and I think in the least costly way that they can do it - that means some kind of cyberattack," said Steven Schweitzer, senior fixed income portfolio manager at the Swarthmore Group in New York.
Global banks, already top targets for cyberattacks in peacetime, are increasing network monitoring, drilling for cyberattack scenarios, searching their networks for threats and lining up extra staff in case hostile activity surges, according to cybersecurity experts.
Among the threats they are preparing for: ransomware and malware attacks; denial-of-service attacks that take down websites; and data wiping and theft, possibly simultaneously.
"Banks are incredibly prepared. They have taken out their playbooks and it's practice, practice, practice," said Valerie Abend, who leads Accenture's ACN.N global financial services security group.
The largest US banks, JPMorgan Chase & Co JPM.N, Citigroup Inc C.N, Bank of America Corp BAC.N, Wells Fargo & Co WFC.N, Morgan Stanley MS.N and Goldman Sachs Group Inc GS.N, either did not respond to requests for comment or declined to discuss their cybersecurity plans.
As guardians of critical national financial infrastructure, global banks are subject to strict operational risk rules and have some of the highest cyber security standards in corporate America, according to cyber experts.
The industry regularly plans for attacks and completed a massive, system-wide ransomware drill in November, according to the Securities Industry and Financial Markets Association, which led the exercise.
Leading up to the invasion, there has been a more concerted industry effort to ensure banks' incident responders are on high alert and that they had increased monitoring, Abend said.
The New York Department of Financial Services and the US Cybersecurity and Infrastructure Security Agency have warned private companies to be vigilant for cyber threats.
"We wouldn't be doing our due diligence if we weren't preparing for that," said Teresa Walsh, global head of intelligence at the Financial Services Information Sharing and Analysis Center, an international group of institutions that share cyber intelligence.
"Right now, they've been warning in generalities - just be prepared. We are trying to put some more specificity to it," Walsh added.
Walsh said banks have been brainstorming risk scenarios based on tactics Russian hackers have used in the past. The 2020 SolarWinds Corp SWI.Nsoftware breach that gave hackers access to hundreds of companies using its products, is top of mind.
That has increased lenders' focus on third-party providers such as big cloud and software-as-a-service firms. While banks themselves have big IT budgets and strict compliance programs, if such providers are hacked their data could be exposed.
Banks are urging such partners to ensure they have the right security protocols, according to Walsh and Abend.
They are also "threat hunting," searching for known malicious behaviors inside bank IT systems, examining potential vulnerabilities and testing anything they had to recently patch, Walsh said.
"It's all about being prepared and not waiting for when the crisis happens," Walsh added.