Categories: SecurityWorkspace

Bank Security Lax As Leaky Websites Aid Hackers

The financial industry is the most careless of all sectors, with slack bank security leaving potentially useful data open to cyber criminals, a study has shown.

KPMG looked across websites belonging to the Forbes 2000, an annual ranking of the top 2000 public companies in the world. It performed the same initial reconnaissance steps that cyber attackers and organised criminals would perform when planning a hit on a target organisation, looking out for useful information.

Bank security scare

Hackers often use such data for spear phishing attacks, sending employees emails, which look legitimate but actually contain links to malware executables.

From that reconnaissance process, it emerged banks were responsible for leaking 30 percent of all the data KPMG believed could be used by attackers. That was far ahead of the diversified financial services market in second, which left 12 percent of risky data open to hackers.

KPMG found 130 potentially sensitive file locations, where information is supposed to be hidden, were discovered on banking sites. It also found 800 potential vulnerabilities affecting banking web servers.

Many banking IT systems are thought to be rife with complexity and old software, as was highlighted when a glitch hit RBS, leaving many of its own customers and NatWest bankers without their money.

Everyone is flawed

Yet there were many security failings across sectors. Almost three-quarters of all Forbes 2000 firms might be using vulnerable and out of date versions of Adobe and Microsoft software. Overall 16 percent of Forbes 2000 corporate web servers may be vulnerable to attack due to missing security patches or outdated server software.

“The world of cyber security has been tilted on its axis over the past two years- from the actions of hacktivists and associated groups – through to state sponsored agencies with seemingly unlimited resources,” said Martin Jordan, director of information protection at KPMG.

“Attackers are aiming for an increased competitive edge or to gain better access to greater intellectual property – whatever their level of sophistication. While it’s difficult to stop these groups, companies can, at the very least, deny them ‘open all areas’ access to their secrets which unwittingly, they may have laid bare.”

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Microsoft Executive Indicates Departmental Hiring Slowdown

Amid concern at the state of the global economy, a senior Microsoft executive tells staff…

1 day ago

Shareholders Sue Twitter, Elon Musk For Stock ‘Manipulation’

Disgruntled shareholders are now suing both Twitter and Elon Musk, over volatile share price swings…

2 days ago

Google Faces Second UK Probe Over Ad Practices

UK's competition watchdog launches second investigation of Google's ad tech practices, and whether it may…

2 days ago

Elon Musk Raises His Contribution To Twitter Acquisition

But one of Elon Musk's biggest backers on the Twitter board has tendered his resignation…

2 days ago

Broadcom Confirms VMware Acquisition For $61 Billion

Entry into cloud infrastructure software for US chip firm Broadcom after it confirms reports it…

2 days ago