Roughly 20,000 customers of Tesco Bank, a large bank in the U.K., found their checking accounts missing amounts ranging from $25 to $745 as the bank fell victim to a cyber hack in early November.
The incident is another example of an institution that has taken proper cyber security precautions, yet those precautions are not sufficient to stop cyber breeches. Also, the incident reveals that cyber criminals are having more success in hacking these prominent systems.
“Banking fraud is unfortunately very prevalent, and has been for a while,” said Tom Kirchmaier, a researcher at the London School of Economics. “The industry is not very forthcoming with sharing data with the police, and so we only hear about the worst cases, and Tesco’s can be considered such instance.”
The cyber security breach adds to the trend of prominent financial institutions like JPMorgan Chase & Co., HSBC Holdings Plc and the Federal Reserve Bank of New York becoming targets for cyber attacks. The second quarter of 2016 shows a 50 percent increase in hackers targeting financial institutions with malware worldwide.
The U.K. Financial Conduct Authority is aware of the matter and currently working with the bank. Customers can still use their accounts and any losses will be handled by the bank.
Although the attack came at a time when banks have been understaffed and will respond more slowly, Cliff Moyce, global head of financial services at DataArt, said that the incident could not have been prevented by more employees at desks.
Update: Ransomware Victim
The Lansing Board of Water and Light in Michigan recently Lansing Board of Water and Light fell victim to a cyberattack via ransomware. The attack locked the board’s internal communication system by freezing e-mail, phones, computers, printers, and other technology. It took the board and insurance company about a week for the board to regain control of their system.
Fortunately, the Michigan board had a “Cyber Edge” insurance policy in place at the time of the attack. The policy covered almost $2 million of the $2.4 million the board spent on unlocking their system, paying the ransom, and installing new technology to prevent another attack. General Manager, Dick Peffley, said that paying the ransom was, ‘distasteful and disgusting, but sadly necessary.’
Study: One Third of Targeted Attempts to Breach Corporations Succeed
If nothing else the constant talk of ‘leaked emails,’ ‘private servers,’ and ‘Russian hackers,’ phrases that dominate today’s news cycle, should raise awareness that cyber security threats is something that even the highest ranks of the United States government is having trouble controlling.
With cyber security threats on the rise, governments, corporations, and individuals look for cyber defenses to catch up and keep their data from being stolen.
According to a study conducted by Accenture, a third of targeted attempts to breach corporations’ cyber defenses succeed. However, roughly three quarters of executives at the corporations like the ones under siege, remain confident in their security strategies.
“On average, an organization will face more than a hundred focused and targeted breach attempts every year, and respondents say one in three will result in a successful security breach,” Accenture’s Report, Building Confidence: Facing the Cybersecurity Conundrum.
The organizations Accenture’s report refers to are high-profile cases like that of Sony Corp., Target Corp., and the U.S. Office of Personnel Management, and leaks from the e-mail accounts of Democratic Party Officials. However, cyberattacks on smaller businesses and individuals that holds data hostage are becoming common.
“Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behavior requires more than the best practices and perspectives of the past,” Kevin Richards, managing director of Accenture Security, North America, said. “There needs to be a fundamental different approach to security protection starting with identifying and prioritizing key company assets across the entire value chain.”
Regulations have been put in place by Federal and state authorities that require stricter levels of protection and transparency. However, compliance with such regulations is not sufficient protection against cyber threats.
The U.S. Department of Homeland Security advocates that, “A robust cybersecurity insurance market could help reduce the number of successful cyber attacks by promoting the adoption of preventative measures in return for more coverage and by encouraging the implementation of best practices by basing premiums on insured level of selfprotection.”
As cyber threats evolve security defending data and intellectual property must evolve as well. Accenture’s report writers conclude that compliance with regulations is not enough and they purport that a reboot of cybersecurity is needed. “Just as adhering to generally accepted accounting principles does not ensure protection against financial fraud, cyber security compliance alone will not protect a company from successful incursions,” Accenture’s report says.
As of now, it seems the best defense against cyber attacks is awareness. Knowing the frequency and effects of a cyber attack helps draw attention to vulnerable areas. Moving forward, better defense is needed, but that will take more time and may never be completely secure without users taking proper precautions.
Download This Article