Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


By Gary Newe, Sr. Systems Engineering Manager, F5 Networks

In the news yesterday, we saw that the European Central Bank has been hacked, with attackers stealing email addresses and contact data from the bank’s public website. Worryingly, the theft came to light after an anonymous email was sent to the bank seeking financial compensation for the data.

In this instance without the full information, it looks like the application was to blame and an exploit like SQL injection, a code injection technique used to attack data-driven applications, may have been used. The welcome news for customers is that the attacker was not able to get to their internal systems, meaning that the bank must have used a Demilitarized Zone (DMZ) or full system separation for the internal and external systems – something that all organisations holding sensitive data should have in place.

Gary Newe
Gary Newe

This attack is the latest to deliver a clear message to businesses across Europe – the assets we protect are no longer the infrastructure or the networks, it is the information contained in the applications that we need to address. To protect this information we need to have the full context of the user’s interaction with the application. We need to use tools like web application firewall (WAF), proxy functionality, and contextual awareness to understand and separate legitimate users from those with more suspicious motives and better protect our data using these insights in real-time.

Another question to ask is, why isn’t all personal information encrypted? In this case, while most of the data was encrypted, parts of thedatabase included email addresses, some street addresses and phone numbers were not. The database also contained data on downloads from the website in encrypted form. With this information, we have to ask why we are still only encrypting the bare minimum of information. Just because someone’s credit card number is not exposed, there can still be enough personal information available which proves valuable to hackers.

Recently the black market has been flooded with credit card numbers, meaning that there has been a significant drop in the cost for someone to acquire them. The higher value items are a whole identity, such as the combination of an email address, telephone number and street address. With this information there is a lot more it can be used for, including selling phone numbers to targeted advertisers, spam and identity theft.

Over the past couple of years we have seen a rise in the amount of cyber-attacks carried out on banks, including China’s central bank in 2013 and Russia’s central bank a few months ago. With the sophistication of cyber-attacks developing at such a vast rate, and with this recent incident in mind, it is now more important than ever that organisations take note and put stringent processes in place to prevent more attacks like this from happening. The tools are available and straightforward to implement, but it’s down to businesses to prioritise cyber in their planning.