In 2016 we asked our clients and network of agents and partners what they saw as the biggest challenges facing businesses in 2017. Apart from business disruption caused by uncertainties related to terrorism and potential economic turmoil from the Brexit fallout, Cyber Crime tops the list again – no surprises there then.
However, we enter 2017 with a worrying prediction from Prof Richard Benham chairman of the National Cyber Management Centre and Director of Research at The National Cyber Research Centre. He has said: “A major bank will fail as a result of a cyber attack in 2017 leading to a loss of confidence and a run on that bank.”
So how and why have we reached this terrifying situation?
The answers to that lies in the rapid sophistication of attacks cyber criminals are achieving and the degree to which those systems attacked are defended. We’ve reached a point where attacks now focus on collecting huge sets of data through data breaches and where the data is mined often using using artificial intelligence. 2016 saw some egregious examples of such breaches in action:
- 32 million Twitter account credentials sold on the dark web
- 167 million LinkedIn passwords stolen
- £2.5m was stolen from 9,000 Tesco Bank customers
Cyber criminals understand that the key to exploiting this data involves mimicking human activity as closely as possible, to assist in defeating security that looks for artificial (bot) activity; and the key to that is better personal data. This is why the number of account takeovers and credential theft has increased staggeringly in the past year.
The enormous volumes of personal data cyber criminals are acquiring and the sophisticated technology they have access to, makes it easier to fake real customer activity. This undermines the integrity of transactions, damages reputations and interrupts business. Given the growing capabilities and sophistication of attack, Prof. Benham’s prediction becomes a highly likely reality.
Size is no guarantee of protection
Where cyber crime is concerned, banks are really no different to other businesses, except in their perceived value and that they spend more time and effort on thwarting cyber threats. In many ways, the latter is a weakness, as can take time for large sophisticated operations to respond and adapt to new threats. Cyber attacks mutate quickly, and are are no longer the exclusive domain of ‘lone wolves’. They work through the dark web in collaboration with each other and criminal groups.
Data Manipulation rather than direct exploitation
We have also seen the rise of ‘state sponsored’ attacks. Undermining the integrity of a major western bank could have major benefits, indirect or otherwise to some of the more unfriendly countries out there. This is where a new trend is evolving; that of data manipulation. Rather that exploit the data directly for it’s monetary value, it is manipulated and left in place. Interfering in elections by manipulating data is an obvious scenario. But more insidious scenarios involve undermining infrastructure, commercial operations and the stock market.
It is perhaps not surprising that somebody as close to this subject as Prof. Benham is, would make such a dire prediction.
A run on a major western bank is likely to cause a significant degree of panic, but coupled with a simultaneous attack on another financial institution or public service, could cause a cascade of panic on a far wider scale. What started as a cyber attack on a bank becomes a terrorist act aimed at destabilising an entire country or economy.
Is there a bright side?
Ultimately, the central issue is control of information. Whether money or data is the end game for the cyber criminal, it is ‘our money’, not the banks or institution’s. As customers and users, we are the originators of the data and ultimately end up paying for the attacks, as those costs eventually get passed on to the customers and economy as a whole through a wholly different and ‘legal’ laundering system – bank charges, insurance premiums, etc.
While we as customers can’t stop cyber criminal attacking and gaining access to a bank through its own systems, we can help protect our own data better, making what criminals steal less valuable or more difficult to use. We live in a cyber information age and each have a responsibility to better understand the threats, how our personal data is kept and potentially used against us . . . then adapt.
Will 2017 be the Year a Major Bank will Fail?
In 2016 we asked our clients and network of agents and partners what they saw as the biggest challenges facing businesses in 2017. Apart from business disruption caused by uncertainties related to terrorism and potential economic turmoil from the Brexit fallout, Cyber Crime tops the list again - no surprises there then.