Financial Services Cyber Attacks Rise Fivefold in 2018 | Paolo Sartori

According to the Financial Conduct Authority, the UK saw a fivefold increase in data breaches in 2018 compared to the year before. In April 2018, seven retail UK banks, including Royal Bank of Scotland, Santander, Barclays and Tesco Bank, had to shut down or limit their systems after hacks that cost them hundreds of thousands of pounds to fix.  In October, Tesco Bank was fined, by the FCA, £16.4 million as a result of their 2016 cyber-attack that saw £2.26 million be stolen from 34 current accounts. We have long been told that businesses and individuals alike need to be planning ahead of hacks and the ensuing data breaches, but with hackers becoming more creative it seems our public cyber security needs to be improved. While banks normally have excellent and secure cyber security, it is only as strong as the measures of individual employees, as malicious emails can penetrate even the most robust defences. In terms of ensuring that data is safe for the future, there needs to be a concerted effort to educate individuals against the full scope of data threat. Personal and professional cyber security go hand-in-hand, a chain is only as strong as its weakest link, and financial workers succumbing to fake emails, for example, leave us all exposed. It is easy to separate consumer data from corporate or public cyber security but, in reality, we are all human.

What is paramount for corporations and consumers, when it comes to avoiding a data breach, is education for all employees. If one email address gets penetrated by a hacker then the whole company is at risk. Once an employee’s email is breached, they can then be impersonated by the perpetrator in an attempt to phish for as much information as possible from any contacts that employee may have.

This information, in the wrong hands, can obviously have monumental monetary repercussions when it comes from banks and financial institutions. For example, if someone has the details of a regular payment that an individual makes, they can send a legitimate looking letter or email that falsely claims that this regular payment needs to go a new account.

For a high net-worth individual, they will know what their investment portfolio looks like and can present them with a scam hiding behind the façade of a promising new investment that fits their investment patterns. Not only is a high net worth individual a more attractive victim for a scam, but they are also less likely to be stopped by a bank when large amounts of money are moved. As opposed to the average bank customer who will get a phone call when they move substantial amounts of money, it is unlikely that a bank will find it out of the ordinary when a multi-millionaire moves large sums of money to a different account.

The wider implications begin to foray into the realms of illegitimate trading. Once that data becomes open and accessible to the wrong hands, there’s a huge black market for it amongst dark web circles. When one criminal organisation is finished with stolen data, they have the ability to sell it on to other criminals across the world.

When it comes to banks being targeted and breached on such a monumental scale as has been seen in the past couple of years and with no end to the rise of cyber-crime in sight the consequences are not only huge for the bank and their clientele, but also for the overarching British economy.

The take-away message for any corporation is to ensure that they are educated about how to best protect their data, not only in terms of the software that they can install, but in terms of how employees can recognise phishing emails and what protocols to follow when they physically lose hardware such as a work phone or even a personal phone with work emails on it.


Paolo Sartori