Banks Attacks Up Sixfold Last Year

The UK’s Financial sector reported 145 attacks in 2018 which was a substantial increase from 2017 when the reported data breaches were just 25. And so the financial services companies in the UK saw almost a six-fold increase in data/cyber breaches in 2018 compared to the year before, according to the Financial Conduct Authority.

These data attacks are on the rise and the financial sector is a focused attack target for hackers. And these types of attacks should now focus the Financial industry’s anxieties as the cyber criminals are focusing on the banking industry.

In April 2018, seven UK retail banks, including Santander, Royal Bank of Scotland, and Barclays, had to shut down their systems after hacking attacks which cost hundreds of thousands of pounds to secure.

Tesco Bank was fined £16.4m by the Financial Conduct Authority (FCA) in October 2018 because of a cyber-attack that helped hackers to steal £2.26m from current accounts.

Cyber-hackers are now targeting investment banks as they find their security is weaker than retail banks.

However, senior management at many of the major banks say that their systems are now under constant attack and they are often prime hacker targets as they obviously often hold important financial data that can be used to steal and traffic to sell on to other hackers and criminals.

Recently the Financial Conduct Authority (FCA) carried out a multi-firm cyber review and one of the areas that has become important is the way cyber information is used, discussed, understood and implemented by banks, business and financial management companies.

One of the most important points is Management Information and the key role it plays for senior management. Directors and senior management should receive more clear cyber risks understanding which is clear, thoughtfully designed and easily understandable.

Main Observations from the FCA’s Findings:

  • Many firms need to do more to ensure that Board and Management Committee cybersecurity decisions are based on careful consideration of the cyber risks arising from the nature, scale and complexity of the firm’s activities and risk profile. This requires regular third party analysis and research as well as information from within the organisation.
  • Firms should take proactive steps to foster a security-centric culture which transforms cyber from an IT issue to an organisation-wide priority.

Questions Board and Management Committee members may want to ask themselves as they consider this area more broadly:

  • How can I assure myself that I have sufficient grasp and understanding of the cyber risks (including those from the use of third parties) that my firm faces and the impact tolerances of our business services so that I can provide effective challenge to the business on an ongoing basis?
  • What can we, as a Board or Management Committee, do to make sure the firm’s second line of defence is able to provide effective challenge to the first line on cyber-related matters?
  • Which aspects of our approach to conduct risk management could we apply to the way we manage our cyber risk. Does this offer value?
  • How confident are we that our incident management plans would be effective in dealing with the aftermath of a cyber incident?
  • How can we best assure ourselves that we have appropriate future goals and timeframes for cyber risk?

Financial Conduct Authority

For further steps and cyber review please contact Cyber Security Intelligence.

You Might Also Read:

A Cyber Attack Could Spark A Run On Banks:

 

 

« US Army Wants To Convert Tanks Into Autonomous Weapons
Knowledge For The Digital Age »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Vanguard Integrity Professionals

Vanguard Integrity Professionals

Vanguard Integrity Professionals is an independent provider of enterprise security software solutions that address complex security and regulatory compliance challenges.

Varonis

Varonis

Varonis provide a security software platform to let organizations track, visualize, analyze and protect their unstructured data.

Nutanix

Nutanix

The Nutanix enterprise cloud platform provides performance, robust security, and seamless application mobility for a broad range of enterprise applications.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

IntelliGO Networks

IntelliGO Networks

IntelliGO Networks is a cybersecurity company focused on Managed Detection and Response (MDR).

ABL Cyber Academy

ABL Cyber Academy

ABL provide certified training courses in the field of cyber security and IT project management.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

SoftLock

SoftLock

Softlock is a regional leader in Information Security providing solutions, consulting, integration and testing services to protect information assets, identities and supporting infrastructure.

ExpressVPN

ExpressVPN

ExpressVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Deepnet Security

Deepnet Security

Deepnet Security is a leading vendor in Multi-Factor Authentication (MFA) and Identity & Access Management (IAM).

Cognyte

Cognyte

Cognyte are a market leader in security analytics software that empowers governments and enterprises with Actionable Intelligence for a safer world.

FYEO

FYEO

FYEO is a threat monitoring and identity access management platform for consumers, enterprises and SMBs.

Kaesim Cybersecurity

Kaesim Cybersecurity

Kaesim are a global team of cybersecurity experts protecting businesses since 2015. We stop bad people damaging your business, your data and your reputation.

Cybit

Cybit

Cybit is the one-stop-shop for digital transformation that scales in line with your growth.

CIP Cyber

CIP Cyber

CIP Cyber is an online learning community with a mission of connecting, training, and certifying cybersecurity professionals to protect critical infrastructure.

NuKuDo

NuKuDo

NukuDo redefine the boundaries of cybersecurity talent development. We are dedicated to cultivating top-tier professionals equipped to tackle the complex challenges of cybersecurity.