The chances are you probably have not and that is because few of these stories ever make the news. But look at the latest warnings from the Bank of England and senior industry executives and there is no doubt that the “cyber threat” has become one of the biggest problems facing the financial system.
Every minute of every hour of every day, a major financial institution is under attack.
Threats range from teenagers in their bedrooms engaging in adolescent “hacktivism” to sophisticated criminal gangs and state-sponsored terrorists attempting everything from extortion to industrial espionage. Though the details of these crimes remain scant, cyber security experts are clear that behind-the-scenes online attacks have already had far-reaching consequences for banks and the financial markets.
“We are aware of at least a few very significant mergers and acquisitions transactions being withdrawn or taking place on less favourable terms than they otherwise would because of cyber crime,” said Mark Fishleigh, head of financial services at BAE Systems Detica, one of the biggest providers of security services to big lenders.
Details of cases that have become public show the extent of the threat of cyber crime to everyone from ordinary depositors to the large corporate customers.
Dissected last year, Operation High Roller marked one of the biggest online thefts to have been made public. According to details of the investigation, somewhere between £48-million and £1.6-billion was last year stolen from thousands of bank accounts across Europe, the US and Latin America. Among the customers targeted were rich individuals and high-value commercial accounts, with sophisticated software identifying the victims’ main bank accounts and transferring money to prepaid debit cards which could be cashed anonymously.
Once the money had been taken, the hackers were able to hide their thefts by changing the victims’ bank balances so they appeared unaltered.
Attacks are not limited just to theft and can take the form of denial of service assaults on a bank’s online operations to prevent customers from accessing their accounts.
Last year, HSBC became the victim of one of the largest attacks of this kind yet recorded, causing the failure of its online banking services.
Stuart Gulliver, chief executive of HSBC, believes cyber threats are one of the biggest dangers to the industry.
Two years ago, the Bank of England undertook Operation Waking Shark, an industry-wide exercise to mimic a large-scale cyber attack on the British financial system. The daylong test simulated everything from the complete failure of payments systems to the failure of major industry IT platforms as a result of a sustained cyber attack. Next month, the Bank of England, along with the Financial Conduct Authority and the Treasury, will undertake Operation Waking Shark 2 to see how defences have improved.
All of the major banks are expected to take part in the exercise, which will likely lead to some lenders being required to tighten up security in weak spots discovered.