Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
Wednesday 09 December 2015 11:48 am

How banks can defeat tomorrow’s cyber villains today

By: Jessica Morris

Add as a preferred source on Google

If a bunch of crooks in masks were picking their way into your bank vault most days, would you wait another couple of years before considering a new kind of lock?

The threat to our banks from cyber crime intensifies every month. Yet the UK banking sector continues as if firewalls, email scanning and web controls are all that is required.

While the Bank of England (BoE) appeared to have woken up to this menace, with deputy governor John Cunliffe saying future stress tests would include cyber attack scenarios, the problem is that these are only scheduled to take place every other year.

That seems woefully inadequate when cyber criminals, whether state sponsored or motivated by greed, grudges or ideology, are devising new ways of penetrating bank security every day.

Read more: Cyber security jobs on the rise after hacks

Aside from direct criminal threats, the banks also seem strangely unaware of the juggernaut approaching in the form of the European General Data Protection Regulation, set for enforcement in 2017.

The fact that disclosure of breaches will be mandatory should be worrying bank executives who are only just recovering from the miss selling and market rigging scandals. Having to announce to the world that a bank’s system has been breached and that customer data, money or corporate information has been stolen, will surely incinerate what little trust consumers have in the banking sector.

Besides being publicly trashed, breached banks also face heavy fines of up to two per cent of global turnover, rising to five per cent for particularly shocking examples. And as part of the new regime, banks will have to demonstrate compliance.

Yet how can any bank shut out the hackers when its IT team is only ever searching for ‘known threats’, incapable of spotting the new style of sophisticated and targeted attack just over the horizon?

The vast majority of successful cyber assaults now use email attachments as their vectors, hiding malicious agents inside a small set of common file types such as PDFs, Word, Excel or PowerPoint.

Read more: To tackle the UK's cybercrime problem, we need to address the recruitment problem

A criminal will use data from public accessible documents to ‘case’ a bank before selecting the entry point for their adapted file. Last year these cyber assaults cost UK businesses £36bn, but most still rely on old perimeter technology for security backed up by endpoint signature based AV, which is wholly ineffective.

The BoE needs to take as firm a stance here as it has on misbehaviour in the markets, setting a standard for banking communications.

It needs to ensure banks take back control of the cyber crime threats they face, creating a transparent view of the vulnerabilities generated by the free flow of documents which is the lifeblood of business.

As large, cumbersome organisations, banks will never keep up with the cyber criminals. However, if the BoE pushes them into a new way of evaluating where the real security black holes lie – outside the known threats – banks will not only tick the compliance box, but sleep tight at night knowing their reputations and revenues are intact.

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News

Categories

  • Tech

Trending Articles

  • James Watt offers to buy back Brewdog

  • Citroën 2CV returns as a £13,000 electric car, and the timing is no accident

  • Bank of England warns Burnham of UK economy’s ‘big issue’

  • UK’s biggest pub firm probed over treatment of tenants

  • The former African gold miner taking on the billionaire Issa brothers

More from City PM

  • Gambit Cyber Launches Vizier AI – An Autonomous Security Intelligence Workspace for Continuous Exposure Management

    Business Wire
  • Bank of England to relax capital rules despite warning of economic threats

    Banking
    Bank of England building on Threadneedle Street, London, showcasing its historic architecture and financial significance
  • ‘Act now’: AI models capable of attacks on governments months away, Five Eyes warn

    Tech
    GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.
  • M&S to face shareholder grilling over cyber attack recovery

    Retail
    Marks and Spencer was one of three UK retailers to be targeted
  • The Debate: Should CEOs be held personally accountable for cyberattacks?

    Opinion
    Evil-looking keyboard symbolizing cybersecurity threats and hacking risks in a digital landscape.
  • Jaguar Land Rover eyes cost-cutting and wealthy buyers in cyber attack recovery

    Retail
    JLR logo prominently displayed in an automotive business setting, highlighting the companys brand presence and identity
  • Yubico Joins European Cyber Security Organisation (ECSO)

    Business Wire
  • Barclays, HSBC, Lloyds, and NatWest among the first banks in the world to adopt new Swift framework for enhanced international consumer payments

    Business Wire

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy · Facebook