The CISO’s toolkit for data driven risk management

Is Online Banking Really Secure?

Raconteur

Enterprise security – protecting big data is worth its weight in hard cash

Last year, Tesco Bank was forced to take hard look at its cyber security strategy after being forced to pay out £2.5 million to 9000 customers following a hack of its system in November. Criminals wasted no time in boasting about how they were milking £1000 per day from the bank with no resistance.

Banks understand the threat and the need to constantly assess their cyber security strategy, but despite their best efforts they are falling prey to cyber-attacks repeatedly. Why is this, and what are they doing to beat the cyber security challenge head on? Let’s see what they’re up against.

What is the most common threat?

Large rewards for low risk

The fact is that because of the amount of sensitive information that banks hold, this data alone is worth stealing even before a penny is stripped from any private bank accounts. Simply stealing the debit card data for “live” accounts will bring rich pickings for the recipients of the information, with people in the criminal underworld paying anything up to £100 each.

Easy access to cyber tools

Compared to the past when stealing from a bank meant significant risk, today’s criminals are taking minimal risk to potentially win greater rewards. Anyone with a little basic knowledge and access to the dark web can get their hands on cyber tools for stealing data for very little financial outlay.

Cyber crime is everywhere

No wonder there are between 20 and 30 data loss incidents every day across the UK financial services industry, according to the Intel 2016 Data Protection Benchmark Study. Hence the importance of the enterprise security industry today.

The human factor

The main threat seems to be coming from phishing and, in particular, the use of a tactic called spear phishing, which is targeted at an individual within the organisation to be hacked. The criminals will aim to win this person’s trust and they will take their time in doing so, often via social media.

This highlights the fact that any cyber security strategy must account for the way people behave – how they are recruited, their levels of integrity and awareness of cyber criminal tactics. The people who are phished are often not the main target. They are a stepping stone to the bigger fish – the organisation itself.

Security risk management becomes a fact of life

Greater digitisation will bring greater risk and the need for security risk management and cyber security strategy.

Nik Whitfield, founder of enterprise security firm Panaseer, which specialises in big data analytics tools, has been meeting with cyber-security leaders at the UK’s biggest banks to gain more insight into the cyber security challenges they are facing. Nik puts it like this:

“The question is not whether a bank is 100 percent secure, but whether a bank is secure enough.” This means defining a “risk appetite” at board level that assesses some of the worst scenarios a bank is likely to face and determining a level of loss and a frequency that they are willing to accept. Security risk management is an essential part of the overall cyber security strategy.

Some say it is like being in an arms race against the cyber criminals and fraudsters. Banks and industry partners are having to collaborate and share intelligence on the criminals who are seeking to attack the system. Firms like Panaseer, with their skills in cyber security risk management and enterprise security, represent the cavalry.

The battle between the criminals and those creating cyber security strategies to protect data is definitely set to continue, and is discussed in further detail here.

No comments yet. Be the first one?

Leave a Reply