Will a major bank fail due to a cyber-attack in 2017?
Predictions for trends in technology in 2017 are coming in thick and fast. I shared my own thoughts with you over the New Year. The BBC Technology of Business Editor, Matthew Wall, has now come to the party also with his own views on what will be big in technology in 2017 and cyber security features very large in his thoughts.
Matthew quotes an eminent source, Professor Richard Benham, chairman of the National Cyber Management Centre, who has warned that "A major bank will fail as a result of a cyber-attack in 2017 leading to a loss of confidence and a run on that bank."
We may already have come close to that happened here in the UK. In November 2016 hackers stole £2.5m from 9,000 Tesco Bank customers in a raid that the Financial Conduct Authority described as unprecedented. The lender was plunged into chaos and was forced to suspend all online transactions from current accounts after it detected online criminal activity over a weekend.
If regulators find that failures in Tesco Bank’s systems and controls contributed to the incident the lender could be in hit with a massive penalty from the FCA, on top of the cost of refunding customers affected and any other compensation.
Also in November, the Russian banking regulator reported that five Russian banks had come under intermittent cyber-attack for a two day period, including the state-owned Sberbank. Hackers sought to overwhelm the websites of the banks by deluging them with data in what is known as a Distributed Denial of Service attack. These were reportedly amongst the largest ever seen aimed at Russian banks.
Hackers will continue to target humans, as well as poorly secured devices and networks in order to gain entry to corporate systems. As Professor Benham says "Cyber criminals are targeting human vulnerabilities. Millions is being spent on technology, but nothing on awareness training."
If you are a regular reader of this blog, you will know that this is a message I have been preaching for some time. The weakest link in many organisations is the human factor. Hardening the corporate security perimeter is one thing, and awareness training for employees is another. But ultimately, your employees might still be negligent, or might be deliberately hacking your system themselves.
To cover these eventualities, you also need the additional security of a behavioural monitoring tool in order to track what is happening inside your network. This can alert you in real time to suspicious activity and automatically close down network permissions if the tool detects unauthorised data movement.
The cyber security threat will continue to evolve in 2017, but so will the security response to it. Cyber Security as a Service will continue to provide the answer for most enterprises who cannot afford the resources of a full-time cyber security team.
Head of Cyber Security