Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

How can a bank better protect itself against cyberattacks

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

November 10, 2016

U.K.-based Tesco Bank has enlisted the help of the recently established National Cyber Security Centre (NCSC) following the most serious cyber-attack ever launched against a British bank.

The internet-based attack against the supermarket giant's banking arm involved the theft of £2.5 million from 9,000 customers' accounts, funds that the bank quickly reimbursed.

Initially, the theft against about 20,000 accounts was feared but this figure was revised downwards later.

Meanwhile, Tesco announced that it was restoring its normal service following the suspension of online and contactless transactions from current accounts applied in the immediate wake of the security breach last weekend.

The NCSC said it is working alongside the National Crime Agency to look into the cyber-attack, which is believed to be the biggest of its kind in the history of British banking.

Ian Mann, chief executive of cyber-security service ECSC, said the size of the security breach indicates that is it likely either Tesco's internal systems or their mobile application have been hacked.

Tesco Bank's method of access for customers is "weak for this type of system", according to Mann. Username is your email by default, and you only need digits from a numeric PIN. By requiring limited digits from the PIN on login, they make it virtually impossible to hash (encrypt) the PINs they have stored.

This means that a compromise of their customer database will reveal all user logins and their passwords to the attacker.

On any given day, Tesco Bank manages about 136,000 current accounts. Critics have variously blamed credential stuffing, an inside job, and exploitation of a third-party supplier retail partner for the security breaches.

Nigel Hawthorn, chief European spokesperson at Skyhigh Networks asserts-- "While most of the details are still pending, there's no doubt that this was a hugely sophisticated, well-coordinated and advanced attack and as recent months have proven, no organization is totally immune from similar attacks going forward. With cloud computing, hackers have so many more points of entry, and organizations need to put security in place to guarantee the safety of data."

However, Tesco could face a large fine under the recently revamped EU data protection rules over the security breach, according to Hawthorn.

"When it comes to data security, the silent spectre of EU General Data Protection Regulation is slowly kicking organizations into action, and various incidents such as this one will only accelerate the trend," Hawthorn asserted.

"One estimate is that Tesco Bank could be fined close to £2 billion under GDPR rules for the incident. The bottom line is that data security is no longer simply an issue for the IT department to tackle, and organizations everywhere can no longer sit back and ignore it. The stakes are higher than they have ever been, so when it comes to reviewing your security position, tomorrow may just be too late," he added.

Source: Tesco Bank.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer