Home / Software & Service News / British banks fail to report hacks in order to protect their image

British banks fail to report hacks in order to protect their image

A worker arrives at his office in the Canary Wharf business district in London, Britain, February 26, 2014.


(Reuters) – Britain’s banks are not reporting the full extent of cyber attacks to regulators for fear of punishment or bad publicity, bank executives and providers of security systems say.

Reported attacks on financial institutions in Britain have risen from just 5 in 2014 to 75 so far this year, data from Britain’s Financial Conduct Authority (FCA) show.

However, bankers and experts in cyber-security say many more attacks are taking place. In fact, banks are under almost constant attack, Shlomo Touboul, Chief Executive of Israeli-based cybersecurity firm Illusive Networks said.

Touboul cites the example of one large global financial institution he works with which experiences more than two billion such “events” a month, ranging from an employee receiving a malicious email to user or system-generated alerts of attacks or glitches.

Machine defenses filter those down to 200,000, before a human team cuts that to 200 “real” events a month, he added.

Banks are not obliged to reveal every such instance as cyber attacks fall under the FCA’s provision for companies to report any event that could have a material impact, unlike in the U.S. where forced disclosure makes reporting more consistent.

“There is a gray area…Banks are in general fulfilling their legal obligations but there is also a moral requirement to warn customers of potential losses and to share information with the industry,” Ryan Rubin, UK Managing Director, Security & Privacy at consultant Protiviti, said.

Swift action

Banks are not alone in their reluctance to disclose every cyber attack. Of the five million fraud and 2.5 million cyber-related crimes occurring annually in the UK, only 250,000 are being reported, government data show.

But while saving them from bad publicity or worried customers, failure to report more serious incidents, even when they are unsuccessful, deprives regulators of information that could help prevent further attacks, the sources said.

A report published in May by Marsh and industry lobby group TheCityUK concluded that Britain’s financial sector should create a cyber forum comprising bank board members and risk officers to promote better information sharing.

Security experts said that while reporting all low-level attacks such as email “phishing” attempts would overload authorities with unnecessary information, some banks are not sharing data on more harmful intrusions because of concerns about regulatory action or damage to their brand.

The most serious recent known attack was on the global SWIFT messaging network in February, but staff from five firms that provide cyber security products and advice to banks in Britain told Reuters they have seen first-hand examples of banks choosing not to report breaches, despite the FCA making public pleas for them to do so, the most recent in September.

“When I moved from law enforcement to banking and saw what banks knew, the amount of information at their disposal, I thought ‘wow’, I never had that before,” Troels Oerting, Group Chief Information Security Officer at Barclays and former head of Europol’s Cyber Crime Unit, said.

Oerting, who joined Barclays in February last year, said since then banks’ sharing of information with authorities has improved dramatically and Barclays shares all its relevant information on attacks with regulators.

Staff from five firms that provide cyber security products and advice to banks in Britain told Reuters they have seen first-hand examples of banks choosing not to report breaches.

“Banks are dramatically under-reporting attacks, they do what’s legally required but out of embarrassment or fear of punishment they aren’t giving the whole picture,” one of the sources, who declined to be named because he did not want to be identified criticizing his firm’s customers, said.

Apart from Barclays, the other major British banks all declined to comment on their disclosures.

The Bank of England declined to comment and the FCA did not respond to requests for comment.

Keeping secrets

Companies that use external security systems also do not always inform them of attacks, the sources said.

“Our customers sometimes detect attacks but don’t tell us,” Touboul, whose firm helps protect banks’ SWIFT payment networks by luring attackers to decoy systems, said.

Hackers used the bank messaging system that helps transmit billions of dollars around the world every day to steal $81 million in one of the largest reported cyber-heists.

Targeted attacks, in which organized criminals penetrate bank systems and then lurk for months to identify and profile key executives and accounts, are becoming more common, David Ferbrache, technical director Cybersecurity at KPMG and former head of cyber and space at the UK Ministry of Defended, said.

“The lesson of the SWIFT attack is that the global banking system is heavily interconnected and dependent on the trust and security of component members, so more diligence in controls and more information sharing is vital,” Ferbrache said.

“Big banks are spending enormous amounts of money, $400-500 million a year, but there are still vulnerabilities in their supply chains and in executives’ home networks, and organized crime groups are shifting their focus accordingly,” Yuri Frayman, CEO of Los Angeles-based cybersecurity provider Zenedge, said.

Brand damage

Banks are increasingly sensitive to the brand damage caused by IT failings, perceiving customers to care just as deeply about security and stable service as loan or deposit rates.

Former RBS Chief Executive Stephen Hester waived his bonus in 2012 over a failed software update which caused chaos for thousands of bank customers.

And HSBC issued multiple apologies to customers after its UK personal banking websites were shuttered by a distributed denial of service (DDoS) attack, following earlier unrelated IT glitches.

“People don’t care about a 0.1 percent interest rate change but ‘will this bank do the utmost to keep my money and information safe?’” Oerting said.

(By Lawrence White; editing by Sinead Cruise and Alexander Smith)

Get more stories like this on TwitterFacebook

Click Here For Original Source Of The Article

About Ms. A. C. Kennedy

Ms. A. C. Kennedy
My name is Ms A C Kennedy and I am a Health practitioner and Consultant by day and a serial blogger by night. I luv family, life and learning new things. I especially luv learning how to improve my business. I also luv helping and sharing my information with others. Don't forget to ask me anything!

Check Also

What we’re watching: ‘Raw’ and ‘Feast of Fiction’

Welcome back to Video IRL, where several of our editors talk about what they've been watching in their spare time. This month we're kicking things off with some seasonally-appropriate horror fare, that you can catch right away on Netflix or Amazon Prime. Then it's time for a Gundam throwback before Kris Naudus points out a couple of YouTube food channels perfect for binge eating or binge watching.

Them / Raw


Timothy J. Seppala

Timothy J. Seppala
Associate Editor

To get into the Halloween spirit, I've been watching at least one horror movie a day since the end of September -- the lower the budget, the better. Problem is, so many of the American low-budget or indie horror offerings on Amazon and Netflix are crappy Paranormal Activity clones, cheap-thrill gore-fests or uninspired found-footage "documentaries." Whether it's by design or coincidence, I've found that French horror movies have held my attention the most lately. Specifically, 2016's Raw, as well as Them, from ten years prior. They're more psychological thrillers than straight-up horror, but that didn't stop me from being more on edge while watching them one afternoon than I was during A Haunting in Saginaw, Michigan, late at night. Both start with a car crash, but they couldn't finish any more differently.

Raw, recently added to Netflix, tells the tale of a vegetarian girl in her first week at a prestigious veterinary school. During a hazing ritual, she's forced to eat a raw rabbit kidney. She immediately gets sick, throws up and wakes herself up that night scratching a full-body rash to near bleeding. This bout with food poisoning is just the beginning, though, and soon protagonist Justine finds out she has a taste for forbidden fruit. As the remaining 70-ish minutes unfolded, I lost track of how many times I clasped my hands over my mouth, agape in shock, to stifle my shouts of "OHMYGODWHATTHEFUCKISEVENHAPPENING?!"

But French director Julia Ducournau balances every body-horror scene either with something pedestrian twisted into being unsettling (like a horse on a treadmill) or with something that makes you ask how far Justine can go before someone confronts her about her new diet. And those questions keep coming right until the credits roll. I can't say I enjoyed watching Raw, but it was a hell of a ride.

The same goes for Them, currently streaming on Amazon Prime. Its focus is narrow, centering on a young couple living in a cavernous farmhouse, terrorized over the course of a night by unseen horrors. The camera never quite gives away who (or what) the perpetrators are, and revealing the twist would be a sin. As with Raw, its atmosphere and overall creepiness won me over straightaway. The scariest part? Realizing that I've probably driven past a shot like the final scene countless times and not thought twice about it. If you're willing to read subtitles, both of these should make you shiver and scream more than The Conjuring 2 on HBO Go could ever hope to.

Mobile Suit Gundam The 08th MS Team


David Lumb

David Lumb
Contributing Editor

I'd heard that a lot of anime had left Hulu, but I scanned their selection anyway looking for classic shows I'd missed, like the original Mobile Suit Gundam. They don't have that -- but they did have a series I didn't finish the first time it aired on Toonami, the 1996 classic Gundam side story The 08th MS Team. Unlike the franchise's other show released the year before, the massively successful Gundam Wing, 08th ditches the brand's typical pretty-boys-in-unbeatable-robots for a grounded and sobering story about the people who get caught up in wars -- desperate soldiers, civilians and guerrillas alike. It's dirty, honest, utterly humane and gorgeously animated.

It's also a little preachy and melodramatic, and it shows its age with odd sexist moments. While it's still the Thin Red Line of the Gundam universe, I remember it far more fondly from when my 14-year-old self grazed the series on its first American airing. There's something sad in seeing an old favorite for the flawed media it always was. Much like Waypoint's Rob Zacny, I've grown up and seen a lot since I first caught the show as a starry-eyed teen. I still think The 08th MS Team is a wonderful little 12-episode miniseries with a big heart, but I won't revere it so highly -- and will think a little harder about who I recommend it to.

Feast of Fiction / Binging with Babish


Kris Naudus

Kris Naudus
Senior Editor, Database

Back in March, I came home from a trip only to discover that my oven didn't work. The cooking gas in my building had been shut off due to a leak. My building management seemed to be on it, so I made do with a combination of microwavables, toaster oven and Seamless. Unfortunately, weeks and months went by, calls to the city were made and permits were issued, but, even as I write this in October, gas still has not been restored to my building. My landlords eventually threw their collective hands in the air and began installing electric ranges in every apartment, so a few weeks ago I was finally able to cook for myself again.

I am so jazzed to be able to make food. Hot food! Scrambled eggs! Steak! Cookies! I started reading food blogs and cookbooks, and shopping to refill my pantry. I'm halfway through Kenji Alt-Lopez's The Food Lab, a huge 900-page hardcover that talks about the science of how food cooks. On the lighter side, I've also been reading food-themed comics like Delicious in Dungeon and Food Wars. And the latter title (which is also an anime) ended up sucking me into a YouTube hole of food videos that I've been obsessed with ever since.

You see, the very first chapter of Food Wars features the "Gotcha" Pork Roast, a bacon-wrapped potato loaf that hero Soma Yukihira makes to save his family restaurant. It looks pretty tasty, so I searched for recipes and pics online and stumbled onto Jimmy Wong and Ashley Adams' Feast of Fiction, a series that demonstrates how to make various foods seen in cartoons, video games and comics. If you ever wanted to taste Steven Universe's beloved Cookie Cat ice cream sandwiches or Kirby's super-spicy curry, there's an episode for you. One thing I really enjoy is how they also incorporate crafts into it, showing how to make paper wrappers for your Reptar chocolate bars or genuine-looking Ecto Cooler Hi-C boxes.

I've been marathoning through the episodes, which the YouTube algorithms have definitely picked up on at this point, throwing food show after food show into my suggestions. One that caught my eye was Binging with Babish. Where Feast of Fiction mostly sticks to the realm of kids' cartoons, anime and video games, Binging with Babish is a little more mainstream, covering foods from popular media like Mad Men, Seinfeld and House of Cards. Still, there's a bit of overlap -- both Babish and Feast have done their own takes on the Ultimeatum from Regular Show and Krabby Patties from SpongeBob SquarePants. But the recipes are different, and I watch the shows for the personalities. Feast of Fiction is pretty silly (and there's a cute dog), while Binging with Babish is a little more subdued. Not that Babish can't be ridiculous as well -- the Moist Maker is one of the most ridiculously complicated sandwiches I have ever seen, basically asking you to cook an entire Thanksgiving dinner.

Sadly, I still haven't done a lot of actual cooking since getting my stove back. I'm having too much fun watching other people do it instead, with the added bonus that I don't have to clean up the mess.

"IRL" is a recurring column in which the Engadget staff run down what they're buying, using, playing and streaming.

css.php