The financial sector is currently experiencing an unprecedented number of data breaches.
A recent Freedom of Information (FoI) request to the Financial Conduct Authority (FCA) revealed that the number of declared incidents rose by more than 1,000 percent in the year between 2017 and 2018. What’s more, it found that 60 percent of reports submitted to the watchdog were from consumer banks.
The introduction of the GDPR in May 2018 may be partly responsible for this huge leap, due to the obligation it places on organizations to report certain types of security breaches. But RSM, the tax and consulting firm that submitted the FoI request, believed the spike also reflected a general increase in the number of cyber-attacks on the financial services industry.
In an interview with the BBC, the firm’s cyber-security specialist, Steven Snaith, explained what made these businesses such attractive targets – saying that “the web-enabled systems underpinning the financial services sector hold huge volumes of personal and financial data, which are incredibly valuable for cyber-criminals.”
Financial service providers aren’t unaware of the threats to their customers’ data, of course. Almost half have expressed serious concerns about the safety and security of their online banking services.
According to the FCA, however, “a lot of firms still seem to be trying to get the basics right on cyber security… Only the largest firms have automated their detection systems to spot potential cyber-attacks. Smaller firms are generally relying on old school, manual process – or no processes at all.”
When you consider that seven out of 10 people in the UK now bank online, this is especially concerning.
Increasingly Sophisticated Attacks
Recent high profile attacks have shown the lengths to which criminals will go to get their hands on that all important data.
The online accounts of several thousand of HSBC’s US customers were compromised in October 2018 as the result of the technique known as credential stuffing. People tend to use the same logins and passwords for most of the online services they use. By breaching just one of these services, the login details can be stolen and sold on the dark web, from where they’ll be used over and over again to access other accounts – in this case, HSBC’s online banking service.
A few months later, the free security software offered by RBS to its online customers was found to contain an “extremely serious” security flaw through which criminals could access a user’s computer – enjoying complete visibility over their emails, internet history, and bank details.
In both cases, the onus was on the banks’ customers to protect their own data. HSBC customers were told to change their passwords and reminded that they should have unique passwords for all of their different accounts; and users of the RBS service were expected to download and install an additional security solution.
The responsibility of customer data protection should really lie with the banks themselves, but attack techniques are often now so sophisticated that it can be hard for an organization to recognise when criminals are attempting to gain illicit access to customer accounts.
Protecting user information at the point where customer and bank meet – on the transaction page – is therefore the solution.
Removing Reliance on the Customer
Sitting on a bank’s own IT infrastructure, Trusted Knight’s “agentless” approach to cybersecurity removes the reliance on the customer, improving security and maintaining a satisfactory user experience. And, by simultaneously evaluating activity on both the web server side and the user side, it offers a more comprehensive picture of the threat landscape, allowing more attacks to be stopped.
Injected into each visitor web request, Trusted Knight’s Protector Air protects bank customers from any attempts at stealing their valuable personal and financial information – without the customer ever knowing it’s there.
As the number of attacks continues to rise, banks no longer have to rely on customers protecting themselves.
To find out how Trusted Knight can help protect your customers,