Banks ‘Under-Reporting Cyber Attacks’ Say Security Firms

British banks are “dramatically under-reporting” computer attacks due to their fear of bad publicity, according to several IT security firms who provide services to them.

Staff from five computer security firms that provide services and advice to UK banks said they have seen first-hand examples of banks choosing not to report security breaches, according to a Reuters report citing unnamed individuals.

Law enforcement left in the dark

While the banks did not break the law, their reporting practices are overly conservative and mean the public is unaware of the true extent of the risks to which banking IT systems are exposed, the firms said.

“Banks are dramatically under-reporting attacks, they do what’s legally required but out of embarrassment or fear of punishment they aren’t giving the whole picture,” said one source.

Barclays’ head of information security, Troels Oerting, who joined the bank in February of last year, said banks’ sharing of data with authorities has improved since then and that Barclays provides all relevant information on attacks to regulators. Oerting was previously head of Europol’s Cyber Crime Unit.

The comments will, however, add to concerns that information-gathering on computer attacks is inadequate, following a National Audit Office (NAO) report last month that found a lack of coordination in government data-gathering on breaches.

WHITEPAPER: Windows 10, EMM, and the Future of PC Security

The government earlier this month opened a National Cyber Security Centre (NCSC) to help centralise computer defences, including reporting, but the NAO said more reforms would be necessary.

Sharp rise in attacks

British financial institutions reported only five network-based attacks in 2014, rising to 75 so far this year, according to the Financial Conduct Authority (FCA).

But IT security experts have said that such figures do not reflect the growing focus on banks and financial institutions by online thieves.

They say the growing sophistication of malware such as Odinaff and Carbanak, which target banks and other financial institutions, shows a heavy investment in the coordination, development and deployment of computer attack tools.

Investigators looking into the theft of $81 million using the SWIFT payment network said the attack showed a similar level of expertise.

Industry observers say that as banks make it ever-easier for their customers to conduct network-based transactions, they present a natural target for online criminals.

“These attacks require a large amount of hands on involvement, with methodical deployment of a range of lightweight back doors and purpose built tools onto computers of specific interest,” said Symantec in a report on Odinaff earlier this month. “Although difficult to perform, these kinds of attacks on banks can be highly lucrative.”

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

16 hours ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

17 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

18 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

20 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

21 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

21 hours ago