Banks are failing to report security breaches

Next story

Britain’s banks are failing to report full extent of cyberattacks to government regulators: in general fulfilling legal obligations but ignoring the moral requirements to inform customers of potential losses.

Image

Reported attacks on British banks have increased by a radical amount, reaching 75 breaches getting through in 2016 alone, from just 5 in 2014, according to Britain’s Financial Conduct Authority (FCA).

However, experts say many more attacks are taking place than the general public are aware of. Banks being almost always under attack, which primarily firmware and software defend against, then a physical team of cybersecurity experts step in to defend against the few that get through.

Mark James, ESET IT Security Specialist, explains why Banks are constantly under attack and how they can hope to mitigate the damage.

“Financial organisations suffer cyberattacks on a daily basis, so it stands to reason that if you’re doing what you do for financial reasons, then why not target the source directly.

“Reporting every one of those attempts would indeed clog the system down with lots of unnecessary information, but there will be a lot that never make the light of day as far as the public are concerned.

“The problem, of course, is perceived security, as more and more breaches happen, and more malware is being used to target financial systems. The problems then caused when things go wrong can, in some cases, cause incredible damage.

“Decisions will be made to keep it quiet, as the public are becoming more aware of the damage caused by lapsed security and this knowledge may influence the decision on who is to look after their future savings or daily finances.

“Effective protection is made up of multiple layers of security.

“This involves, but is not limited to, identifying current threat vectors, education, software protection, data flow monitoring and keeping your systems updated and patched.

“Sharing information enables better defences, it allows authorities and regulators a better understanding of the wider picture, and should help investment in the correct placement of funds to combat future attacks.

“Also, the public have a right to know what a company is doing regarding security and privacy, only then can they make an informed decision based on facts.”

This advice couldn’t be more timely consider the breach of Tesco Bank, which impacted 9,000 people and cost around £2.5m in losses. To Tesco’s credit they responded very quickly to the breach and refunded those affected.


Do you think the Tesco Bank breach was well communicated? Let us know on Twitter @ESETUK


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.