Spinning a Dark Web: Cyber Criminals Join Up to Exploit Financial Institutions
On November 6, Tesco Bank suffered a cyber breach, which resulted in a total of GBP2.5 million being stolen from approximately 9,000 account holders. Many customers were locked out of their accounts and Tesco Bank consequently halted all transactions from current accounts in the wake of the attack.
The bank was able to refund customers by 8 November, but the shadow of the breach remains in the form of a criminal investigation. This just goes to show how the cost of a cyber breach extends well beyond any funds stolen directly. The cost of engaging public relations resources to manage communications and limit reputational damage, for example, can escalate quickly. Although Tesco Bank managed to keep its service outage to a minimum, this type of business interruption can prove costly. If it had occurred close to peak spending period, such as Cyber Monday and the run-up to Christmas, for example, it would have been even more so.
The bank has subsequently ruled out the possibility of an “inside job”, blaming a “systematic, sophisticated attack”. The true nature and source of the attack have yet to be confirmed, with some sources suggesting it could have been state-sponsored. Tesco Bank has asked a brand new division of GCHQ, called the National Cyber Security Centre (NCSC), to look into the breach.
A crucial element of this attack is the suggestion that cyber criminals “bragged” about the sensitive details of their approach using forums concealed on the so-called “dark web”; a term used to describe the layers of the internet that cannot be accessed using search engines. Cybersecurity company Cyberint claims to have found messages on a dark web forum that discuss vulnerabilities in the bank’s systems. Dark web monitoring is likely to form an important aspect of cyber resilience for all banks in future, as cyber criminals become more sophisticated.
In light of this breach, it is important for all financial institutions to ensure that every practicable step has been taken to make certain their cybersecurity is robust. Marsh and TheCityUK’s Cyber and the City: Making the UK financial and professional services sector more resilient to cyber attack report provides a 10-step checklist to challenge board-level management on the treatment of cyber risk.
In addition, financial institutions should ensure that where aspects of cyber risk have been transferred to the insurance market, it is understood where different elements of coverage exist within the suite of products purchased. Coverage should be continuously reviewed and evolved in line with emerging risks and market developments. In the case of the Tesco Bank loss, elements of coverage could be contained within multiple products; however, a well drafted, comprehensive crime policy would likely offer the best chances of recovery.