Cyberattack could be next shock to UK banking system

Innovation might not be enough, frets KPMG

The UK's biggest banks are making good progress rebuilding balances shattered during the economic shock of 2008, but might the next crisis be digital rather than financial?

According to KPMG's half-year Road to Recovery? What the Future Holds for UK Banks report, the country's biggest firms have dragged their economic model back into the black despite having to cope with unprecedented regulatory pressure.

That said, banks will probably never return to the sort of pre-2008 returns, and have to put up with returns of half or less than the gargantuan profits made during the good times. But to borrow a phrase from the report, is worrying about future the size or reserves and future profitability a case of banks fighting the wrong war?

"Traditionally, banks have been leaders in IT security, at the cutting edge of innovation, but their ability to combat future security threats is increasingly debatable. After years of improvement, UK banks suffered a 12 percent increase in online account fraud last year," said KPMG.

"Furthermore, the motivation for cyber assaults is shifting, from financial crime to political and ideological attacks, with the number of state-sponsored hacking and 'hacktivist' revenge incidents growing."

The authors sketch over which form of cyber-incident might constitute a serious shock for banks - a huge data breach or mega-DDoS? - but noted growing worries about the potential trouble that might lie ahead. It was only a small pull-out box in a much larger report but a number of commentators seized on it.

"KPMG is right to highlight the imminent cyber threat that is currently hanging over UK banks. This has been building over the past year and if financial institutions haven't already made security their top priority, they should do so immediately," said McAfee EMEA CTO, Raj Samani.

"Where Europe has been the primary target for financial fraud rings - such as Operation High Roller - in the past, McAfee's research has found thefts are spreading outside Europe, including the United States and South America."

Others have argued that by working on the assumption that an attack was bound to succeed eventually, banks might be less likely to experience it as a mortal shock.

"By accepting that it is a case of when, not if, a breach will occur, financial organisations can focus on protecting data at its core, rather than on layers of perimeter security which are no longer up to the job of offering adequate defence," said SafeNet vice president EMEA, Gary Clark.

At the very least, the growing threats from cyber-risk were likely to raise costs for the industry at a time of relative weakness, said Marc Lee of risk management firm, Courion.

"This regulatory burden can be eased by improving governance of access and identity risk. It is not enough for organisations to just develop external defences to protect against cyber-attacks - serious breaches have arisen in the past thanks to weak internal access management systems," he said.

In June, the International Organization of Securities Commissions (IOSCO) published a report that worried about the potential of DDoS-led cyberattacks to 'down' a major securities exchange such as a stockmarket.

Perhaps the most concerning incident was the widely-ignored but still extraordinary heist last December in which a large number of cybercriminals co-ordinated at least $45 million of thefts from ATM machines in 27 countries. Although a small event in financial terms, the warning is clear. The criminals are now extremely organised, know which bits of the system to attack, and will almost certainly come back for a much large sum the next time.

The best defence? In the case of detecting an ATM attack of large enough scale, temporarily shutting down bank system across the world. In other words, pulling the plug.

Join the CSO newsletter!

Error: Please check your email address.

Tags Configuration / maintenancekpmgsecurityhardware systemsData Centre

More about CourionKPMGMcAfee AustraliaSafeNet

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place