If one thing has become apparent from breaches of corporate stores of customer information in recent years, it's that the fall out is usually lessened if you give people a heads up that they may have been compromised. An alternative for British banks though, is to just not tell anyone. One security firm believes most financial institutions are covering up the extent of the hacks they deal with on a regular basis.
Banks have reported a total of 75 serious attacks on their digital infrastructure in 2016 (as per Reuters), but Israeli digital security company, Illusive Networks, claims that that number could be far higher. Citing numbers from just one financial firm it works with, it claims that these sorts of companies face 200 serious attempts at hacking their networks per month.
This sentiment is shared by other industry experts too. Ryan Rubin of Protiviti, another security consulting firm, said: “There is a gray area. Banks are in general fulfilling their legal obligations but there is also a moral requirement to warn customers of potential losses and to share information with the industry.”
“Mess with the best, die like the rest”
Although it doesn't necessarily seem needed to tell everyone about every attempted hack, the worry is that this lack of reporting is leading to an inaccurate view of the industry's security. There is now a general murmuring that there should be some measure of information sharing between financial institutions and IT security experts, even if they aren't reported to the public.
However it's not all about massed, ineffective attacks. Purportedly there are a number of more serious, successful hacks which are going unreported too, so that banks and other organisations can save face with their customers. Purportedly some of these hacks have been on the level of the Bangladeshi Bank's SWIFT hack, which saw tens of millions stolen in a short time frame.
But it's not like banks are ignoring security. Some major financial institutions are spending as much as $500 million a year on defending themselves, but all it takes is a weak link in the chain and hackers can break their way in.
Discuss on our Facebook page, HERE.
KitGuru Says: At the very least these companies should be reporting breaches to security firms assigned to protect them. Protecting a brand is important, but if your customers end up losing money and you don't report it, that word of mouth is going to be far more damaging than an official statement.