Cyber attack or disruption could cause the next systemic shock to the UK banking industry rather than a liquidity crunch, according to the latest report from business consultancy firmKPMG.
While the banking industry has addressed many of the problems that had led to the financial crisis in 2008, the report said cyber attacks or massive systems outages represented new threats.
The report noted that banks had suffered a 12% increase in online account fraud in the past year and that six major US banking institutions had suffered website outages in 2012.
The report said that the motivation for cyber attacks is shifting from financial crime to political and ideological attacks, with the number of state-sponsored hacking and hacktivist attacks increasing.
“KPMG is right to highlight the imminent cyber threat that is currently hanging over UK banks,” said Raj Samani, CTO (chief technology officer) of McAfee Europe.
“This has been building over the past year and if financial institutions haven’t already made security their top priority, they should do so immediately,” Raj Samani said.
In June 2012, McAfee and Guardian Analytics uncovered a highly sophisticated, global financial services fraud ring that hit the US banking system.
Equally malware targeting the Google mobile Android operating system (OS) is appearing, that looks to circumvent two-authentication via SMS text messages for internet banking customers, said Samani.
“Where Europe has been the primary target for financial fraud rings – such as Operation High Roller – in the past, McAfee’s research has found thefts are spreading outside Europe, including the US and South America,” he said.
Operation High Roller was made up of at least a dozen groups that used active and passive automated transfer systems to steal high-value transactions from high-balance accounts.
An analysis by the firm’s cyber response team reveals that companies vital to the UK’s economic growth and crucial to national security, are leaking data that can be used by cyber attackers.
According to the report, this data is readily available in the public domain and could be used to gain control of intellectual property, perpetrate fraud and inflict reputational damage.