Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cybersecurity threats that keep the banks up at night

Scott Carey | May 3, 2017
The threat landscape is always changing

Last year saw the biggest data breach at a bank in UK history. Tesco Bank was hit by an attack which saw 20,000 compromised users lose money from their accounts. The banking wing of the supermarket giant is in the process of paying back £2.5 million to customers who had their accounts compromised.

4. Missing a breach

Brendan Goode, regional CISO for UK and Ireland at Deutsche Bank said he most fears the feeling of "did we miss something? Where you look back at the logs and it is right there."

This failure of the system to alert to a potential breach is a major part of a modern cyber security strategy, and would keep any CISO worth their salt up at night.

5. Customers

As the February 2016 hack of the Bangladesh Central Bank showed, customer accounts can be the most vulnerable point of entry to a bank's systems. The hackers used stolen privileged credentials to steal $81 million before they were caught.

Matt Middleton-Leal, regional vice-president UK, Ireland and Northern Europe at security software vendor CyberArk, said: "Banks fear attacks which hide behind insider privileges because they allow cybercriminals to appear as legitimate users, giving them unprecedented freedom to work their way up to their most valuable financial assets."

Gottfried Leibbrandt, CEO at the financial messaging vendor SWIFT admitted that the bank's customers "will always be the weakest link, but at the same time the response should not be 'let's fix the weakest link' but you have to take an end-to-end view."

"Yes the weak link will always be the customer at the end of the day," he said, "but in retail banking the banks have been able to put in controls after it gets into the bank to respond to suspect logins, fraudulent transactions and do real risk scoring."

6. Ruthless adversaries

Craig Rice, director of security at Payments UK and the CSO at BACS said that the threat shouldn't be considered a technology problem but more like organised crime.

"They are ruthless shadow operations that work outside of a regulatory regime," he said. "They are quicker than you are, they are more ruthless than you are and they are more willing to be pragmatic than you are. That's a really tough competitor you are dealing with, so stop thinking about this as a technology problem."

So, how do the banks confront these issues?

How do the banks deal with this ever-changing threat landscape?

Communication and intelligence

The main theme of the day regarding cyber security and fraud was a shift from a walled-garden approach to a holistic one, and this comes down to better communication and intelligence sharing.

JF Legault at JP Morgan laid out his approach to contending with the new threat landscape: "I am responsible for collecting threat and fraud intelligence to ensure that we know where adversaries are going and what they are going after."


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.