RBC says it was also targeted by cyberattacks
Similar to what other banks have reported
TORONTO • The chief executive of Royal Bank
of Canada says the lender managed to fend off apparent cyberattacks that bore a similarity to incidents reported by Bank of Montreal and Canadian Imperial Bank of Commerce’s Simplii Financial.
“All I know is that we had built defences to that type of attack, because they tried us, and they couldn’t get in,” said Dave McKay, president and CEO of Toronto-based RBC. “Other non-Canadian groups have tried to do that to us and we’ve been very successful in defending against that for a ... long period of time.”
BMO and Simplii announced in May that they had been contacted about “fraudsters” allegedly accessing the information of approximately 90,000 of their customers. In announcing the incident, BMO said they believed the attack was originated from outside Canada.
McKay told reporters at his bank’s investor day in Toronto that he didn’t know if RBC had faced the same group, but that based on “what we know of the strategy that’s been shared with us, we’ve seen that strategy.”
Cyberattacks present a thorny problem for the banks, which continue to digitize their businesses, and need to maintain a high-degree of customer confidence. A report from PwC noted “cyber risks are an everpresent element in banking, as is the case in other sectors.”
In the case of BMO and Simplii, both banks said they moved quickly to address any issues tied to customer data. BMO chief executive Darryl White said during his bank’s second-quarter earnings call that they take any attack on it and its customers “extremely seriously.”
“Protection of customer privacy is of utmost importance to us,” White added.
Still, the Bank of Canada’s latest Financial System Review again identified one of the key vulnerabilities as, according to Governor Stephen Poloz, “the possibility of a major successful cyber attack on a financial institution or market infrastructure, such as the payment systems that we all rely on every day.”
“Given how interconnected our financial system is, there is concern that a successful attack on one institution could have wideranging effects,” Poloz said in a statement, adding the central bank had been working with major lenders and Payments Canada “to make sure our country’s key payment systems can recover quickly from a successful cyber attack.”
RBC noted at its investor day on Wednesday that it planned to spend approximately $3.2 billion on technology this year, and highlighted that it had doubled investments in cybersecurity in the last four years. The bank also announced in January of this year that RBC was opening a cybersecurity lab and investing $1.78 million into research at the University of Waterloo.
“You certainly are going to play the best defence that money can buy,” McKay said of his bank’s approach to cybersecurity.
McKay highlighted the importance of partnering with advanced commercial companies, such as Californiabased Palo Alto Networks Inc., in addition to the need for a solid defence, to monitor developments and data flows in an organization.
McKay even told reporters the bank had hired a top official from the National Security Agency, the U.S.based electronic spy service. “You need to keep coming at it from so many different angles, because that’s how the criminals are thinking,” McKay said. “But certainly, individually, idiosyncratically, we prepare for the types of outcomes that you hope never happen, but could happen.”
President and CEO Dave McKay said RBC had hired a top official from the National Security Agency, the U.S.-based electronic spy service.