Banks Attacks Up Sixfold Last Year

Uploaded on 2019-03-20 in BUSINESS-Services-Financial, FREE TO VIEW, TECHNOLOGY--Hackers

The UK’s Financial sector reported 145 attacks in 2018 which was a substantial increase from 2017 when the reported data breaches were just 25. And so the financial services companies in the UK saw almost a six-fold increase in data/cyber breaches in 2018 compared to the year before, according to the Financial Conduct Authority.

These data attacks are on the rise and the financial sector is a focused attack target for hackers. And these types of attacks should now focus the Financial industry’s anxieties as the cyber criminals are focusing on the banking industry.

In April 2018, seven UK retail banks, including Santander, Royal Bank of Scotland, and Barclays, had to shut down their systems after hacking attacks which cost hundreds of thousands of pounds to secure.

Tesco Bank was fined £16.4m by the Financial Conduct Authority (FCA) in October 2018 because of a cyber-attack that helped hackers to steal £2.26m from current accounts.

Cyber-hackers are now targeting investment banks as they find their security is weaker than retail banks.

However, senior management at many of the major banks say that their systems are now under constant attack and they are often prime hacker targets as they obviously often hold important financial data that can be used to steal and traffic to sell on to other hackers and criminals.

Recently the Financial Conduct Authority (FCA) carried out a multi-firm cyber review and one of the areas that has become important is the way cyber information is used, discussed, understood and implemented by banks, business and financial management companies.

One of the most important points is Management Information and the key role it plays for senior management. Directors and senior management should receive more clear cyber risks understanding which is clear, thoughtfully designed and easily understandable.

Main Observations from the FCA’s Findings:

  • Many firms need to do more to ensure that Board and Management Committee cybersecurity decisions are based on careful consideration of the cyber risks arising from the nature, scale and complexity of the firm’s activities and risk profile. This requires regular third party analysis and research as well as information from within the organisation.
  • Firms should take proactive steps to foster a security-centric culture which transforms cyber from an IT issue to an organisation-wide priority.

Questions Board and Management Committee members may want to ask themselves as they consider this area more broadly:

  • How can I assure myself that I have sufficient grasp and understanding of the cyber risks (including those from the use of third parties) that my firm faces and the impact tolerances of our business services so that I can provide effective challenge to the business on an ongoing basis?
  • What can we, as a Board or Management Committee, do to make sure the firm’s second line of defence is able to provide effective challenge to the first line on cyber-related matters?
  • Which aspects of our approach to conduct risk management could we apply to the way we manage our cyber risk. Does this offer value?
  • How confident are we that our incident management plans would be effective in dealing with the aftermath of a cyber incident?
  • How can we best assure ourselves that we have appropriate future goals and timeframes for cyber risk?

Financial Conduct Authority

For further steps and cyber review please contact Cyber Security Intelligence.

You Might Also Read:

A Cyber Attack Could Spark A Run On Banks:

 

 

« US Army Wants To Convert Tanks Into Autonomous Weapons
Knowledge For The Digital Age »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

IT2Trust

IT2Trust

IT2Trust is one of Scandinavia’s leading value-added distributors of business-critical IT solutions within IT security and networking.

techUK

techUK

techUK represents companies operating in the tech sector in the UK. Focus areas cover all aspects of ICT including cyber security.

Romanian Association for Electronic Industry & Software (ARIES)

Romanian Association for Electronic Industry & Software (ARIES)

ARIES is the Romanian Association for Electronic Industry and Software, the biggest and most influental organization created for the IT&C industry in Romania.

Center for Applied Cybersecurity Research (CACR) - University of Indiana

Center for Applied Cybersecurity Research (CACR) - University of Indiana

CACR serves Indiana and the nation by tackling cyber risk in research and other unusual environments through agile, holistic, principle-based cybersecurity.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

EuraTechnologies

EuraTechnologies

EuraTechnologies, the French incubator and accelerator, is a centre of excellence and innovation for startups and entrepreneurs with a focus on Digital, Data, Cybersecurity and IoT.

Adzuna

Adzuna

Adzuna is a search engine for job ads used by over 10 million visitors per month that aims to list every job everywhere, including thousands of vacancies in Cybersecurity.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

Condition Zebra

Condition Zebra

Condition Zebra has wide experience in providing IT Security Services, Training, and Certification in the field of cybersecurity.

Guardey

Guardey

Guardey protects thousands of SME's environments. Whether your team works at the office, at home, at the customer or remotely. We protect your business. We do this in an accessible and affordable way.

Cyber Security Council UAE

Cyber Security Council UAE

The Cyber Security Council's vision is to protect UAE cyberspace, maintain confidence in our digital infrastructure and institutions, and build a cyber-resilient society.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

PRE Security

PRE Security

PRE Security is leading the transition into the next era of AI cybersecurity with a new model: Predict & Prevent.