Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites.
Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. For avoidance of any doubts and to make it easier, you may consider any links to external websites as sponsored links. Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


Robert Rutherford, CEO of the business and technical consultancy QuoStar

Tesco Bank was the most recent victim of a large scale cyber attack in the UK, with£2.5m drained from customer accounts. Although no personal data was compromised in this instance,the Financial Conduct Authority (FCA) has expressed concern over the cybersecurity of banks across the country. On this occasion, Tesco Bank was able to refund all money stolen but this should serve as a warning to all banks to up their IT security levels. Cyber criminals are changing their methods and even the biggest of companies are becoming easier to target. These hackers are patient and precise, researching months before to understand what the weaknesses are within a business.

Cybersecurity is essential to the financial services industry and attacks like these demonstrate that firms must start to take this subject matter seriously -as the list of victims just keeps on growing. According to the FCA, five cyber-attacks were reported in 2014, opposed to 75 in just the first 10 months of 2016.

Cyber criminals are beginning to implement smarter strategies in order to outsmart IT systems and security controls. Basic security measures are no longer keeping banks safe, so it is important that firms find new and efficient ways to protect themselves from potential data breaches.

Why banks are such easy targets

Cyber criminals want the reward of reputation and money, and they know exactly where to find it. In fact,three quarters of all data breaches have been found to be money-motivated according to a 2016 Verizon study.

Outdated technology creates holes in the system that allows cyber criminals to access a firm’s network. However, it appears that spending money on IT solutions isn’t considered a very worthy investment or even of much importance to companies. Tesco Bank received several warnings prior the cyber attack regarding their IT systems butignored them. Before the attack occurred, hackers were caught on live chat rooms referring to Tesco Bank as a “money machine” as a result of its lax IT security systems.

How staff can help stop cyber attacks

The biggest threat to cybersecurity used to mostly come through external sources back in the ‘hacking for fun’ days over the past two decades. However, the focus has shifted in recent years with the target being the end user of an IT system, such as the employee or customer. A large percentage of attacks comes through social engineering, which refers to a cyber criminal manipulating a member of staff in order to gain access to a firm’s network. For example, a cyber criminal could call a firm pretending to be their IT technician, and ultimately persuade the member of staff to give them all of the network details. Whatever the method used, staff should be aware that these attacks exist and therefore know how to spot the tell tale signs.

Senior management must take responsibility when data breaches happen and they should, at all times, alert employees of any risks or threats to the business. It’s important that staff are aware of the importance cybersecurity has to their business, in addition to the role they play in stopping, reporting and preventing data breaches. A well-tested way to keep employees aware of risks and prevention methods would be to have training in a seminar-based format where someone in a senior position or from the IT team explains cybersecurity to employees and why it’s important to take it seriously.

The methods banks could use to improve cybersecurity

Ensuring that IT systems are up to date at all times with the latest software is crucial for any firms, but this becomes increasingly important in the case of financial services firms holding enormous amounts of data. It is still commonplace for banks to have solely password-protected systems, which is unacceptable in terms of today’s required IT security levels. This practice is dangerous for both banks and their customers, and leaves them highly vulnerable to cyber-attacks.

The ISO 27001 standard can help greatly when it comes to IT security, as it enables financial institutions to identify the risks to their operations, and then assign controls to prevent or minimise the likelihood of them occurring. It’s a living standard that ensures continuous improvement to a firm’s cyber defences.

Whilst technology is usually the final piece of the cybersecurity puzzle, banks must look to update the legacy systems leaving their firms at risk, and train their staff on how to stop, block and report any suspicious activity. With their reputation, funds and data at risk, it has never been more important for banks to fully become cyber secure.