51517
Some big banks are not sharing data on more harmful intrusions because of concerns about regulatory action or damage to their brand.
Some big banks are not sharing data on more harmful intrusions because of concerns about regulatory action or damage to their brand.
  1. World Economy

UK Banks Hiding Cyber Attacks

Cyber security products providers say they have seen first-hand examples of banks choosing not to report breaches
  1. World Economy

UK Banks Hiding Cyber Attacks

Britain’s banks are not reporting the full extent of cyber attacks to regulators for fear of punishment or bad publicity, bank executives and providers of security systems say.
Reported attacks on financial institutions in Britain have risen from just 5 in 2014 to 75 so far this year, data from Britain’s Financial Conduct Authority show, Reuters reported.
However, bankers and experts in cyber-security say many more attacks are taking place. In fact, banks are under almost constant attack, Shlomo Touboul, chief executive of cyber security firm Illusive Networks said.
Touboul cites the example of one large global financial institution he works with which experiences more than two billion such “events” a month, ranging from an employee receiving a malicious email to user or system-generated alerts of attacks or glitches.
Machine defenses filter those down to 200,000, before a human team cuts that to 200 “real” events a month, he added.
Banks are not obliged to reveal every such instance as cyber attacks fall under the FCA’s provision for companies to report any event that could have a material impact, unlike in the US where forced disclosure makes reporting more consistent.
“There is a grey area...Banks are in general fulfilling their legal obligations but there is also a moral requirement to warn customers of potential losses and to share information with the industry,” Ryan Rubin, UK managing director, security & privacy at consultant Protiviti, said.

  Swift Action
Banks are not alone in their reluctance to disclose every cyber attack. Of the five million fraud and 2.5 million cyber-related crimes occurring annually in the UK, only 250,000 are being reported, government data show.
But while saving them from bad publicity or worried customers, failure to report more serious incidents, even when they are unsuccessful, deprives regulators of information that could help prevent further attacks, the sources said.
A report published in May by Marsh and industry lobby group TheCityUK concluded that Britain’s financial sector should create a cyber forum comprising bank board members and risk officers to promote better information sharing.
Security experts said that while reporting all low level attacks such as email “phishing” attempts would overload authorities with unnecessary information, some banks are not sharing data on more harmful intrusions because of concerns about regulatory action or damage to their brand.
The most serious recent known attack was on the global SWIFT messaging network in February, but staff from five firms that provide cyber security products and advice to banks in Britain told Reuters they have seen first-hand examples of banks choosing not to report breaches, despite the FCA making public pleas for them to do so, the most recent in September.
Staff from five firms that provide cyber security products and advice to banks in Britain told Reuters they have seen first-hand examples of banks choosing not to report breaches.
“Banks are dramatically under-reporting attacks, they do what’s legally required but out of embarrassment or fear of punishment they aren’t giving the whole picture,” one of the sources, who declined to be named because he did not want to be identified criticizing his firm’s customers, said.
Apart from Barclays, the other major British banks all declined to comment on their disclosures. The Bank of England declined to comment and the FCA did not respond to requests for comment.

  Keeping Secrets
Targeted attacks, in which organized criminals penetrate bank systems and then lurk for months to identify and profile key executives and accounts, are becoming more common, David Ferbrache, technical director Cybersecurity at KPMG and former head of cyber and space at the UK Ministry of Defence, said.
“The lesson of the SWIFT attack is that the global banking system is heavily interconnected and dependent on the trust and security of component members, so more diligence in controls and more information sharing is vital,” Ferbrache said.
“Big banks are spending enormous amounts of money, $400-500 million a year, but there are still vulnerabilities in their supply chains and in executives’ home networks, and organized crime groups are shifting their focus accordingly,” Yuri Frayman, CEO of Los Angeles-based cyber security provider Zenedge, said.

Short URL : https://goo.gl/jWtmJF
  1. https://goo.gl/FpCnt8
  • https://goo.gl/4lHu5n
  • https://goo.gl/qzfm0j
  • https://goo.gl/g9DQMp
  • https://goo.gl/AEc4kp

You can also read ...

Japan Mulls  US-Free TPP Deal
Japan is ready to relaunch the Trans-Pacific Partnership minus...
IMFC Pledges Joint Efforts  to Reduce Global Imbalances
The IMF’s steering committee adopted the position on trade taken...
Finns are working longer hours for lower pay.
Finland’s economic stewards, used to presenting bad news, are...
Colombia CB Sees Room to Cut Rate
Colombia can cut its policy rate toward a more neutral level as...
Germany Unmoved by US Corporate Tax Plans
German Finance Minister Wolfgang Schaeuble is not worried by the...
France seems to be going from strength to strength as the PMI for manufacturing and services rose to 56.7 in April from 56.4 in March.
Europe’s political fog may finally start to lift in the coming...
Malta BCI Favorable
Malta’s business conditions have remained favorable, according...
Malaysia Reaches 1MDB Bond Deal
The battle over the repayment of 1MDB bonds may be coming to an...

Add new comment

Read our comment policy before posting your viewpoints

Image CAPTCHA
Enter the characters shown in the image.

Trending

Googleplus