Banks Attacks Up Sixfold Last Year

The UK’s Financial sector reported 145 attacks in 2018 which was a substantial increase from 2017 when the reported data breaches were just 25. And so the financial services companies in the UK saw almost a six-fold increase in data/cyber breaches in 2018 compared to the year before, according to the Financial Conduct Authority.

These data attacks are on the rise and the financial sector is a focused attack target for hackers. And these types of attacks should now focus the Financial industry’s anxieties as the cyber criminals are focusing on the banking industry.

In April 2018, seven UK retail banks, including Santander, Royal Bank of Scotland, and Barclays, had to shut down their systems after hacking attacks which cost hundreds of thousands of pounds to secure.

Tesco Bank was fined £16.4m by the Financial Conduct Authority (FCA) in October 2018 because of a cyber-attack that helped hackers to steal £2.26m from current accounts.

Cyber-hackers are now targeting investment banks as they find their security is weaker than retail banks.

However, senior management at many of the major banks say that their systems are now under constant attack and they are often prime hacker targets as they obviously often hold important financial data that can be used to steal and traffic to sell on to other hackers and criminals.

Recently the Financial Conduct Authority (FCA) carried out a multi-firm cyber review and one of the areas that has become important is the way cyber information is used, discussed, understood and implemented by banks, business and financial management companies.

One of the most important points is Management Information and the key role it plays for senior management. Directors and senior management should receive more clear cyber risks understanding which is clear, thoughtfully designed and easily understandable.

Main Observations from the FCA’s Findings:

  • Many firms need to do more to ensure that Board and Management Committee cybersecurity decisions are based on careful consideration of the cyber risks arising from the nature, scale and complexity of the firm’s activities and risk profile. This requires regular third party analysis and research as well as information from within the organisation.
  • Firms should take proactive steps to foster a security-centric culture which transforms cyber from an IT issue to an organisation-wide priority.

Questions Board and Management Committee members may want to ask themselves as they consider this area more broadly:

  • How can I assure myself that I have sufficient grasp and understanding of the cyber risks (including those from the use of third parties) that my firm faces and the impact tolerances of our business services so that I can provide effective challenge to the business on an ongoing basis?
  • What can we, as a Board or Management Committee, do to make sure the firm’s second line of defence is able to provide effective challenge to the first line on cyber-related matters?
  • Which aspects of our approach to conduct risk management could we apply to the way we manage our cyber risk. Does this offer value?
  • How confident are we that our incident management plans would be effective in dealing with the aftermath of a cyber incident?
  • How can we best assure ourselves that we have appropriate future goals and timeframes for cyber risk?

Financial Conduct Authority

For further steps and cyber review please contact Cyber Security Intelligence.

You Might Also Read:

A Cyber Attack Could Spark A Run On Banks:

 

 

« US Army Wants To Convert Tanks Into Autonomous Weapons
Knowledge For The Digital Age »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cybsecurity Foundation (CSF)

Cybsecurity Foundation (CSF)

Cybsecurity is a non-profit NGO, which aims to work on improvement of security levels in the Polish cyberspace.

InformationWeek

InformationWeek

InformationWeek is the world's most trusted online community for business technology professionals like you.

NICE Systems

NICE Systems

NICE Systems provide software solutions to ensure compliance, fight financial crime, and safeguard people and assets.

Security Brigade

Security Brigade

Security Brigade is an information security firm specializing in Penetration Testing, Vulnerability Assessment, Web-application Security and Source Code Security Audit.

NetLib Security

NetLib Security

NetLib Security’s powerful, patented data security platform helps companies control data loss prevention (DLP) by managing what data can be transferred outside of their network.

Herbert Smith Freehills

Herbert Smith Freehills

Herbert Smith Freehills is a leading professional services including data protection and privacy.

H-ON Consulting

H-ON Consulting

H-ON Consulting develops and applies robust cyber security procedures enabling control systems to be secure.

CYSEC SA

CYSEC SA

Cysec is equipped to deliver agile security solutions for the most challenging IT infrastructures around the world.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

InferSight

InferSight

InferSight can help you design an architecture that takes into account security, performance, availability, functionality, resiliency and future capacity to avoid technological lock in and limitations

Samurai Digital Consulting

Samurai Digital Consulting

Samurai Digital Security are a cyber and Information security services provider, specialising in penetration testing, incident response, user awareness and information governance solutions.

Noerr

Noerr

Noerr is one of the top European law firms with 500 professionals in Germany, Europe and the USA. We provide solutions to complex and sophisticated legal matters including cyber risks.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

Entro Security

Entro Security

Entro is the first holistic secrets security platform that detects, safeguards, and enriches with context your secrets across code, vaults, chats, and platforms.

Astute Technology Management

Astute Technology Management

Astute Technology Management helps businesses take control of their technology and work with greater confidence.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

Focus Group

Focus Group

Focus Group are one of the UK’s leading independent providers of essential business technology. Here to take care of all your telecoms, IT and connectivity services.