There has been a lot of comment on the wires and some surprise in some quarters at a story on many news sites yesterday quoting a senior UK banker as saying that banks fear cybercrime above anything else, more than the world recession or the Eurozone meltdown.
Many observers seem surprised by the statement by Andrew Haldane, the Bank of England's director of financial stability, when he reported that 4 out of 5 of Britain's biggest banks had identified cyber attack as their biggest threat today.
However as someone who has spent decades selling to customers in the financial sector right around Europe, I can say I am not surprised by Mr Haldane's words. Indeed when talking to our customers in many of the worlds largest banks I continually hear the same fears and concerns.
It is not simply the case of fearing high profile massive hacks of the type the US authorities recently stopped where an international crime gang stole $45 million from two Middle Eastern banks by hacking into credit card processing firms and withdrawing money from cash machines in 27 countries. It is also the volume of smaller but no less insidious attacks which they face every hour of every day.
As the UK 2013 Information Security Breaches Report highlighted, 93% of large organisations (250+ employees) had a security breach in 2010 and the average cost of each breach was £450, 000 ¬- £850,000.
So the challenge for many bankers is not if it happens, but rather a question of when it will happen.
The problem for the hard pressed banks' Chief Information Security Officers is that today's attacks are not noisy ego driven dares by bored youngsters, rather they are well-funded, highly motivated attacks by criminal gangs using the full power of the internet to resource and carry them out. It is also all about making money rather than fame as the motivation for such hacks and attacks.
Generally these attacks use social engineering to target the unwary and find a stealthy way into a corporate network. Once inside they can remain hidden and undisturbed for months even years spreading their way around the network safely behind the cyber defences the bank has built up.
Given that some of these attacks will inevitably get into the corporate environment, bankers, and those from any other institution for that matter, increasingly need to focus their security from purely looking to protect the connection to the outside world from their networks, to also being able to monitor and track malicious activities on their own networks. They need to be able to watch for irregular activities and then be able to track the trajectory of malicious activities to be able to deal with the attack quickly and before any real damage is caused.
Of course we will always need to ensure that we continue protect our networks and devices from Cyber attack, but to do that and feel that is good enough is simply not satisfactory anymore. Today we also need to ensure there is full visibility across the network, before, during and after an attack, only then can we hope to protect against the inevitability of attack.
That is the reality of the world we now live in where criminals continue to target the unwary and make millions of pounds from their cybercrime activities.Suggest a correction