Spotlight on cyber attacks within banking

lines of computer code

In 2016, the X-rated dating site Adult Friend Finder was hacked. Details of its account holders were leaked online. All 400+ million of them.

It was one of the largest data breaches ever recorded, and linked to at least three suicides. Of course, incidents like these are unsettling enough for anyone who prefers to keep their affairs (business and personal) private. However, there are also potential problems for their employers.

Here’s why.

Leaky addresses

Many of the accounts hacked were from work email addresses.

A significant proportion of the workforce will visit websites they’d rather the world did not know about. The problem is when they use their work email addresses to sign up and log in. Many workers use the same passwords for work and leisure.

This means a hack of their ‘outside work’ account puts corporate systems at risk. IT admins could take action by installing a strict filtering system on work computers. But these vary in quality, and can alienate staff who feel they’re automatically judged as guilty.

IT departments have a vital role to play in educating staff members about the threats they face. After all, internal staff are seen as the biggest threat to IT security, whether deliberate or not.

The National Crime Agency say the number of people reporting cyber blackmail attempts has gone from 385 in 2015, to 864 by 2016. So this is a fast-growing problem. And banking is one of the industries most affected.

$100,000 per hour

DDoS attacks on banking institutions ‘have the potential to lose approximately $100,000 per hour, because of downtime-related costs and possible fraud’.

Lloyds Bank was a victim earlier this year, getting hit over a two-day sustained period. Halifax and Bank of Scotland were also affected. This form of cybercrime is a trend expected to continue throughout 2017, putting financial institutions under unprecedented pressure to stay secure.

However, the problems with DDoS don’t stop there.

They’re often launched as a diversionary tactic, to hide bigger attacks. While a bank is dealing with the DDoS fallout, hackers may launch the ‘real’ attack. This is often the strategy employed when it comes to ransomware. Last year, the US Federal Financial Institutions Examination Council highlighted a sharp rise, ‘and the implications for financial services – ransomware attacks on businesses increased three-fold’.

The IoT question

Gartner estimates 20.8 billion devices will be connected by 2020. This exponential growth offers many opportunities for businesses, along with plenty of challenges. Particularly in banking, where fintech-fuelled innovation has transformed the way people do business with their finances. Whether it’s mobile payments, smart wallets, or banking apps.

Banks are therefore caught in the middle of a dilemma. Customers require new ways of doing business, their expectations shaped by new technology. However, banking isn’t the type of industry where it’s possible to launch a Minimum Viable Product and fix bugs and vulnerabilities as they arise. This makes it all the more important for banks to have the right partners in place, to support their transformation.