Carbanak bank hack expert comment by Rob Norris, Director Enterprise & Cyber Security, Fujitsu UK and Ireland
February 2015 by Rob Norris, Director Enterprise & Cyber Security, Fujitsu UK and Ireland
Following the news that Carbanak has stolen a reported $1 billion from banks across multiple counties please find below comment and analysis from Rob Norris, Director Enterprise & Cyber Security at Fujitsu.
“The Carbanak news may initially be seen as simply another security breach. However, what is especially important about this is that its sophistication perfectly highlights how quickly threats are now evolving – if you were going to draft the definition of a modern cyber attack, this would be it. The potentially huge losses stem from a series of attacks that seem to have been working away for two years. This is not the “quick fire attack” of old.”
“Aside from the financial losses, these threats are very damaging because they can impact consumer confidence at a time when banks are trying to encourage customers to ‘go digital’ and thereby potentially give any hacker access to even more personal data. According to our own research, more than 1 in 5 of us will always use a digital service when it is offered by an organisation. Yet concerns are still rife currently. Of the 12% UK consumers who said they never use digital services when offered, the second highest reason given for this was security concerns.”
“With 52% of IT decision makers stating that they are concerned about security, the changing threat landscape calls for organisations to prepare. To do this effectively they need to focus on what’s important to them and the related threats which will have the most impact on them. Many organisations can be panicked by industry noise created by issues, which often will not impact them. Instead they need to take a risk-based approach, enabling them to target security capabilities in a way which helps them defend against those threats which actually pose a risk to their business. The basics are also essential and should include strong passwords, two-factor authentication, patching, risk assessments and IT Health Checks.”