Cybersecurity in Financial Services
With the development of online technology, it was inevitable that finance would also become integrated with the internet. Despite initial hesitancy from the wider public to adopt online banking technology and other online financial services, online banking, investing money online and conducting a range of other financial transactions has become commonplace.
Connecting financial services to the internet however, has opened it up to a whole range of fraudulent activities or cyber attacks as they’re now known. Cyber attacks are now one of the largest concerns amongst financial services and fintech firms, with cyber security one of the main focal points for firms aiming to prevent fraudulent activity on their or their customers’ accounts.
A report by the British Banking Association found that 93% of financial firms had been under some kind of cyber attack. In line with this, financial firms have ramped up spending on cybersecurity and in 2013-2014, financial firms in the UK were spending at least £700m to this end.
The report also goes on to highlight a number of high profile cyber security attacks, such as one conducted by the so-called Syrian Electronic Army which hacked a large number of high profile company websites and twitter accounts. They even hacked into Barack Obama’s account while he was the president and media companies like the New York and Financial Times.
Even Microsoft was hacked by the group, which managed to steal company documentation and even post on the company’s blog. The scale of the operation and the size of the businesses successfully hacked into highlighted how vulnerable even sophisticated companies are in terms of their online portals.
More recently, a huge cyber attack on the retail store Target led to financial records and credit card details of 40 million customers being stolen and then potentially sold to fraudsters. According to reports, the cause of the breach was due to malware placed on computers after a phishing attack through an email sent to the firm Fazio Mechanical.
Reportedly, Fazio Mechanical had not installed a corporate level malware protection system, rendering it useless against such an attack. At the time, Bloomberg reported that the breach meant that the hackers were able to steal details of millions of Target customers whenever they paid for anything in store, whereby the malware would then send the details to a Target server commandeered by the hackers. The hackers could then steal 40 million credit card details, 70 million addresses, phone number and more.
The question is whether companies financial or otherwise have learnt from what was at the time, the largest-ever successful cyber attack? Sadly a recent report by PriceWaterhouseCoopers finds that while the majority of retail financial firms have experienced a cyber attack, they are underreporting the number of cyber-related fraud attempts. This leads, the report says, to companies being less able to manage and prepare for other attacks.