Banks Attacks Up Sixfold Last Year

Uploaded on 2019-03-20 in BUSINESS-Services-Financial, FREE TO VIEW, TECHNOLOGY--Hackers

The UK’s Financial sector reported 145 attacks in 2018 which was a substantial increase from 2017 when the reported data breaches were just 25. And so the financial services companies in the UK saw almost a six-fold increase in data/cyber breaches in 2018 compared to the year before, according to the Financial Conduct Authority.

These data attacks are on the rise and the financial sector is a focused attack target for hackers. And these types of attacks should now focus the Financial industry’s anxieties as the cyber criminals are focusing on the banking industry.

In April 2018, seven UK retail banks, including Santander, Royal Bank of Scotland, and Barclays, had to shut down their systems after hacking attacks which cost hundreds of thousands of pounds to secure.

Tesco Bank was fined £16.4m by the Financial Conduct Authority (FCA) in October 2018 because of a cyber-attack that helped hackers to steal £2.26m from current accounts.

Cyber-hackers are now targeting investment banks as they find their security is weaker than retail banks.

However, senior management at many of the major banks say that their systems are now under constant attack and they are often prime hacker targets as they obviously often hold important financial data that can be used to steal and traffic to sell on to other hackers and criminals.

Recently the Financial Conduct Authority (FCA) carried out a multi-firm cyber review and one of the areas that has become important is the way cyber information is used, discussed, understood and implemented by banks, business and financial management companies.

One of the most important points is Management Information and the key role it plays for senior management. Directors and senior management should receive more clear cyber risks understanding which is clear, thoughtfully designed and easily understandable.

Main Observations from the FCA’s Findings:

  • Many firms need to do more to ensure that Board and Management Committee cybersecurity decisions are based on careful consideration of the cyber risks arising from the nature, scale and complexity of the firm’s activities and risk profile. This requires regular third party analysis and research as well as information from within the organisation.
  • Firms should take proactive steps to foster a security-centric culture which transforms cyber from an IT issue to an organisation-wide priority.

Questions Board and Management Committee members may want to ask themselves as they consider this area more broadly:

  • How can I assure myself that I have sufficient grasp and understanding of the cyber risks (including those from the use of third parties) that my firm faces and the impact tolerances of our business services so that I can provide effective challenge to the business on an ongoing basis?
  • What can we, as a Board or Management Committee, do to make sure the firm’s second line of defence is able to provide effective challenge to the first line on cyber-related matters?
  • Which aspects of our approach to conduct risk management could we apply to the way we manage our cyber risk. Does this offer value?
  • How confident are we that our incident management plans would be effective in dealing with the aftermath of a cyber incident?
  • How can we best assure ourselves that we have appropriate future goals and timeframes for cyber risk?

Financial Conduct Authority

For further steps and cyber review please contact Cyber Security Intelligence.

You Might Also Read:

A Cyber Attack Could Spark A Run On Banks:

 

 

« US Army Wants To Convert Tanks Into Autonomous Weapons
Knowledge For The Digital Age »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Foregenix

Foregenix

Foregenix are global specialists in Digital Forensics and information security including Penetration testing and Website Security.

Genie Networks

Genie Networks

Genie Networks is a leading technology company providing networking and security solutions for optimizing the performance of large networks.

Lawley Insurance

Lawley Insurance

Lawley is a full-service, independent insurance agency. Specialty insurance products include Cyber Security.

Galois

Galois

Galois specializes in the research and development of new technologies that solve the most difficult problems in computer science.

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

CSO GmbH

CSO GmbH

CSO GmbH provide specialist consultancy services in the area of IT security.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

DeviceAssure

DeviceAssure

DeviceAssure enables organizations to reliably identify counterfeit and non-standard devices with a real-time check on a device's authenticity.

RHEA Group

RHEA Group

RHEA Group offers aerospace and security engineering services and solutions, system development, and technologies including cyber security.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

Allthenticate

Allthenticate

Allthenticate Single Device Authentication (SDA), enables seamless authentication in both the physical and digital words while unifying management in one easy-to-use interface.

24By7Security

24By7Security

24By7Security are Cybersecurity & Compliance Specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

Red Piranha

Red Piranha

Red Piranha's Crystal Eye Unified Threat Management Platform is designed for Managed Service Providers and corporations that need extreme security that is both easy to use and affordable.

Sec-Ops

Sec-Ops

Sec-Ops is a forward thinking cyber security company, formed by a group of security enthusiasts with years of experience and backgrounds in the technology and the government industries.

Moonlock

Moonlock

Cybersecurity tech for humans. At Moonlock, we make software that seamlessly protects you and has your back as you live your life.

Career Smarter

Career Smarter

Career Smarter offers accredited online courses in cybersecurity and other sectors, helping learners gain industry-recognised certifications.