The financial services industry may have better cyber defences than most but they can still be breached, as demonstrated by numerous high-profile cases.
These include Travelex, the UK foreign currency dealer, which was infected with ransomware on New Year’s Eve 2019, and forced to take its systems offline for weeks to prevent it spreading; and UniCredit, Italy’s largest lender, which had a file containing details of three million customers illegally copied in October that year.
Meanwhile, Capital One, the US banking and payment card giant, was fined $80m by the regulators in August 2020 for poor controls that allowed a hacker to steal the details of 106 million credit card customers and applicants in July 2019.
Range of threats
So who are the perpetrators and what should banks be doing to improve their cyber security and resilience?
Attacks come from a wide variety of ‘threat actors’, according to Jenny Menna, deputy chief information security officer (CISO) at US Bank. “Banks have always been targets for criminals. The old saying ‘Why do people rob banks? Because that’s where the money is’, was true in the stagecoach days and it is true today as we evolve into our digital interactions with customers,” she says.
“Banks are also targeted by hackers and hacktivists of various stripes. And they face nation state attacks such as distributed-denial-of-service [DDoS] attacks in response to sanctions, or from state adversaries that are interested in everything from intellectual property to raising funds to support their regimes.”
Ransomware is one of the main evolving threats. Banks are good at warding off such attacks, but many of their suppliers and customers can be more vulnerable. “Ransomware has been around for a long time, but this is not old school ransomware, it’ ..
Support the originator by clicking the read the rest link below.
