Threat assessment for banks in Sweden 2024

Threat assessment for banks in Sweden 2024

The banks’ security organisations conduct an annual industry-wide threat identification and assessment based on the banks’ operations. The banks closely monitor the threat situation and contuct structured work to manage the risks.

The banks’ specialists when it comes to physical security, identification, cybersecurity, information security, fraud, card security, money laundering, outsourcing, sanctions and security protection contribute to the report.

The security policy situation has been deteriorating for a number of years. Russia’s ground invasion of Ukraine in February 2022 has redrawn the threat landscape. The invasion is affecting the banks in most areas of their security activities, and they have placed increased focus on civil defence and contingency issues.

Summary

There were no bank and cash in transit robberies in 2023, but there were five attacks on Bankomat AB’s ATMs.

As regards harassment, personal threats and violence against bank staff, the banks have been reporting increased tension and tougher customer behaviour in recent years. Many employees are afraid to represent the bank in legal contexts. The exposure of individual employees can increase the threats towards the individual rather than the bank. A safe working environment for bank staff is not only the responsibility of the banks, but also part of a broader societal commitment.

An insider/enabler, acting on behalf of criminals or a foreign state, can exploit their insights into the bank to carry out illegal transactions or manipulate financial flows. In this way, threat actors can also influence a bank’s decisions, information flows and business strategies. Foreign states can employ networks of insiders to gather intelligence, destabilise the economy or influence political decisions.

During the year, the field of information and cyber security has been characterised by threats from criminal and state-sponsored actors, particularly following Russia’s attack on Ukraine. The number of financial companies affected by ransomware attacks has increased, albeit from a low starting point. Denial-of-service attacks against banks have continued, but with limited impact. The threat to critical infrastructure has been highlighted by the sabotage of gas pipelines and telecommunications cables in the immediate area. One growing threat is the rapid exploitation of technical vulnerabilities on the part of threat actors, as well as the use of AI for fraudulent purposes against both customers and bank staff.

According to the Police, almost half of fraud offences are linked to organised crime and gang crime. During the year, consumers and businesses have become even more vulnerable to fraud, with even greater consequences, and this is also affecting the banks. Social manipulation has meant that crime has become more targeted and personalised. Bank customers and businesses are subjected to a variety of fraud schemes, with vishing, smishing, investment, romance and credit fraud all having increased in 2023. The number of straw men who are enabling these schemes remains a problem.

Money laundering threats persist and have their origins in areas such as fraud, drug trafficking and tax crimes. Companies are increasingly being employed as tools for financial crime, with straw men being used to hide the real operators. Other risk areas in relation to money laundering are the exploitation of the welfare system, currency exchange, cash handling, cryptocurrencies, the real estate market, luxury consumption and the gambling sector.

In recent years, the number of cases of suspected terrorist financing via cryptocurrencies has increased. One risk factor is the fact that the banks often have no access to information about how such financing is carried out and who is involved.

As geopolitical tensions intensify, international sanctions have become an increasingly important means of exerting pressure on foreign and security policy. At the same time, it has become increasingly difficult for operators to understand and apply the sanctions. Greater information is required here, along with cooperation and dialogue between the actors in the field of sanctions.