Did Tesco Bank miss tell-tale warning signs that it was being targeted for a major cyber-attack? According to a report in the Financial Times, some security experts believe the clues were there months before the weekend heist in which criminals stole £2.5m from the current accounts of 9,000 Tesco Bank customers.
While other cyber specialists said earlier incidents may not have been linked to what is believed to be the biggest attack of its kind in the history of British banking, most experts agree that robust incident reporting systems can offer financial organisations invaluable protection against cyber-crime.Head of cybersecurity at National Australia Bank, Nicholas Scott, told an RSA Conference three years ago that many organisations get advance warning of impending attacks, but fail to act. Businesses need to look beyond the normal technical aspects of fighting online crime and consider what techniques criminals might be using to prepare for an attack, he said.
Once an organisation sees phishing emails that clone their official websites or impersonate employees, the attack will probably be well under way, according to Scott. But much earlier indicators of trouble could be a rash of spam emails, or the way in which web forms were being submitted, or a host of transactions that were successful up until the very last point. Simple server errors could also point to an attack, caused by people trying to do things the system does not recognise as they look for ways to break in.
Many potential symptoms of a cyberattack – slow internet, a system crash, employee-targeted phishing attempts - may seem relatively harmless at first sight, but organisations disregard them at their peril. Taken together, such incidents may paint a picture that sets loud alarm bells ringing.
Comprehensive, easy-to-use reporting systems will reveal that picture, acting as an effective early warning system of serious cyber threat.
“Managing cyber risk effectively requires a multidisciplinary and multifunctional approach,” said Xactium Managing Director Andy Evans. “Organisations need to be able to identify changes that indicate a raised likelihood of cyber risk.
“Threat indicators might include the number of IT security related incidents reported by other firms in recent months, or the volume of social engineering attempts reported within the organisation. The number of vulnerability threats received from suppliers of internal software might also tell an interesting story.
“Effective incident reporting is essential for spotting trends that might point to a potential threat – and near misses can be just as useful as real incidents for identifying early warning signs of a cyber breach.”