ANALYSIS | Cyber Security
organisations that hold enormous
amounts of data, this is even more
important. It is still common practice
in many banks to allow access to their
systems via a password alone, which is
unacceptable from a security standpoint.
The weakness in password-only
protection is widely known, yet it is still
being ignored. Whatever the reasoning
behind this decision, it is dangerous and
leaves organisations highly vulnerable to
cyber attacks.
ISO 27001 is a global standard that can
help greatly in relation to IT security in
general, as it enables financial institutions
and any other businesses to identify
what risks there are to their operations
and how the firm can work together to
prevent these attacks from happening.
How can staff help to keep IT systems safe?
All members of staff need to know the
IT basics as a minimum, no matter what
part of the business they may be working
in. Most data breaches often occur
internally because an employee failed
to notice a potential threat to the firm,
such as not knowing they were opening
an email that contained a virus or a
dangerous website link.
Social engineering has always been one
of the most effective way to breach a system
at its core. It’s not uncommon for a fraudster
to ring up a company pretending to be
According to FCA data, only five cyber attacks were
reported in 2014 – as opposed to the staggering 75
reported in the first 10 months of 2016 alone
cases. This creates a good opportunity
for cyber criminals to target various parts
of the networking and transactional
systems within these organisations.
The individuals behind these attacks
understand that bypassing standard
controls can provide them with access
to the bank’s back-end systems, which
can lead to a huge loss for the firm and a
major gain for the fraudsters.
Without a doubt, cyber criminals
have become more patient and more
intelligent over the years, especially
when they’re financially motivated.
Some hackers will watch an organisation
for months, sometimes even years, to
establish where the vulnerabilities in its
systems are.
and then assign controls to prevent or
minimise the likelihood of them from
occurring. The assets, risks and controls
are then reviewed continually; it’s a
living standard that ensures continuous
improvement.
The senior leadership within a bank
also plays a huge role when it comes
to cyber security. The C-level must take
full responsibility both in the event of a
security breach and when determining
a cyber security strategy, rather than
placing blame solely on the IT team.
Senior management also needs to
communicate with employees at all levels
in order to understand what the risks are
an IT technician in order to convince the
employee to handover their login details.
In this scenario, the employee who
provides these details will essentially
be giving the attacker full access to
the firm’s network and confidential
files. It is therefore vital to train staff
in how to identify and handle these
communications. This first line of defence
is essential for banks to protect their data,
as it is these individuals who will be able
to spot, block and prevent a security
breach in the future. Q
Robert Rutherford is CEO of the business
and technical consultancy QuoStar
What methods should banks use to
improve cyber security?
Ensuring that IT systems are up to
date with the latest software is crucial
for any firm, but for banks and other
dofonline.co.uk
DIRECTOR OF FINANCE
45