Banks Attacks Up Sixfold Last Year

Uploaded on 2019-03-20 in BUSINESS-Services-Financial, FREE TO VIEW, TECHNOLOGY--Hackers

The UK’s Financial sector reported 145 attacks in 2018 which was a substantial increase from 2017 when the reported data breaches were just 25. And so the financial services companies in the UK saw almost a six-fold increase in data/cyber breaches in 2018 compared to the year before, according to the Financial Conduct Authority.

These data attacks are on the rise and the financial sector is a focused attack target for hackers. And these types of attacks should now focus the Financial industry’s anxieties as the cyber criminals are focusing on the banking industry.

In April 2018, seven UK retail banks, including Santander, Royal Bank of Scotland, and Barclays, had to shut down their systems after hacking attacks which cost hundreds of thousands of pounds to secure.

Tesco Bank was fined £16.4m by the Financial Conduct Authority (FCA) in October 2018 because of a cyber-attack that helped hackers to steal £2.26m from current accounts.

Cyber-hackers are now targeting investment banks as they find their security is weaker than retail banks.

However, senior management at many of the major banks say that their systems are now under constant attack and they are often prime hacker targets as they obviously often hold important financial data that can be used to steal and traffic to sell on to other hackers and criminals.

Recently the Financial Conduct Authority (FCA) carried out a multi-firm cyber review and one of the areas that has become important is the way cyber information is used, discussed, understood and implemented by banks, business and financial management companies.

One of the most important points is Management Information and the key role it plays for senior management. Directors and senior management should receive more clear cyber risks understanding which is clear, thoughtfully designed and easily understandable.

Main Observations from the FCA’s Findings:

  • Many firms need to do more to ensure that Board and Management Committee cybersecurity decisions are based on careful consideration of the cyber risks arising from the nature, scale and complexity of the firm’s activities and risk profile. This requires regular third party analysis and research as well as information from within the organisation.
  • Firms should take proactive steps to foster a security-centric culture which transforms cyber from an IT issue to an organisation-wide priority.

Questions Board and Management Committee members may want to ask themselves as they consider this area more broadly:

  • How can I assure myself that I have sufficient grasp and understanding of the cyber risks (including those from the use of third parties) that my firm faces and the impact tolerances of our business services so that I can provide effective challenge to the business on an ongoing basis?
  • What can we, as a Board or Management Committee, do to make sure the firm’s second line of defence is able to provide effective challenge to the first line on cyber-related matters?
  • Which aspects of our approach to conduct risk management could we apply to the way we manage our cyber risk. Does this offer value?
  • How confident are we that our incident management plans would be effective in dealing with the aftermath of a cyber incident?
  • How can we best assure ourselves that we have appropriate future goals and timeframes for cyber risk?

Financial Conduct Authority

For further steps and cyber review please contact Cyber Security Intelligence.

You Might Also Read:

A Cyber Attack Could Spark A Run On Banks:

 

 

« US Army Wants To Convert Tanks Into Autonomous Weapons
Knowledge For The Digital Age »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Indium Software

Indium Software

Indium Software is an Independent Software Testing Company offering software testing services (including security testing) and offshore Quality Assurance solutions.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

Awake Security

Awake Security

Awake Security offer a security solution built on an AI platform that acts like the human brain to sense, detect, and respond to threats you may not even know exist.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

Ribbon Communications

Ribbon Communications

Ribbon Communications delivers global communications software and network solutions to service providers, enterprises, and critical infrastructure sectors.

CYOSS

CYOSS

CYOSS, an ESG Group company, is a specialist in Cyber Security and Data Analytics. We focus on the opportunities of a networked world and make security risks manageable.

Intracom Telecom

Intracom Telecom

Intracom Telecom is a global telecommunication systems & solutions vendor offering a complete range of professional services and solutions including Information Security.

Cygna Labs

Cygna Labs

Cygna Labs is a software developer and one of the top three global DDI (DNS, DHCP, and IP address management) vendors.

Covenant Technologies

Covenant Technologies

Make Covenant Technologies the only choice for your IT and cybersecurity recruitment needs. We deliver quality candidates at the forefront of the cybersecurity and IT industry.

DeXpose

DeXpose

DeXpose is a hybrid dark/deep web monitoring and attack surface mapping platform to help you find compromised data or exposed assets related to your organization way before threat actors.

Nortal

Nortal

Nortal is a strategic digital transformation partner for leading companies and governments around the world.

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.

Chorology

Chorology

Chorology is a leading provider of intelligently automated, data compliance and posture enforcement solutions.