There’s no shortage of threats to the global financial system, but the biggest of them all? Cyber security.
That’s the belief of Securities and Exchange Commission chair Mary White, who warns that despite being aware of the threat of cyber attacks, financial institutions often have “policies and procedures (that) are not tailored to their particular risks”.
So, while it remains important for organizations to meet appropriate compliance mandates, those in the financial sector who want to make sure they are fully protected from the latest threats will need to go further than simply adhering with legislation.
There are numerous examples of what happens when defenses fail and the breach of a suspected 40,000 Tesco Bank current accounts is just another headline-grabbing reminder.
James Maude, Senior Security Engineer at Avecto, comments: “Tesco has had a troubled history in cyber security. It has been previously called out for not following industry best practice by storing passwords in plain text and failing to encrypt all communications.”
“If the figure of 40,000 accounts is accurate, it is likely that attackers have either managed to extract account information on this scale from a vulnerable website or have directly accessed the bank’s systems. The recent attack on SWIFT showed that cyber criminals are getting very adept at targeting financial systems in order to quickly move money around. Attackers will often attempt to fly under the detection radar by moving small sums of money from many accounts to spread the risk and make it harder to trace.”
“Many banks are still reliant on antiquated systems that are simply not designed to take on modern cyber threats. A large proportion of ATMs and POS machines currently run legacy operating systems including out of support Windows XP, and as such are reliant on the network it is connected to remaining completely secure.”