In light of the news that Tesco Bank could be fined a record £30m for its 2016 cyberattack, please see comment below from David Emm, Principal Security Researcher at Kaspersky Lab.
David Emm, Principal Security Researcher at Kaspersky Lab:
“While the cyberattack on Tesco Bank occurred in 2016, this breach could result in the Financial Conduct Authority (FCA) imposing one of the largest fines ever given on the retailer. As cybercriminals continue to ramp up their efforts to attack retailers and financial institutions, this reinforces how important it is that these household brands have the right security measures in place.
Customers that entrust private information to the care of a business should be safe in the knowledge that their financial information and data arebeing kept in a secure manner.
Whilst security solutions significantly mitigate the risk of a successful attack, there are also other measures that businesses can take in order to provide thorough protection. These measures include running fully updated software, performing regular security audits on their website code and penetration testing their infrastructure. Alongside this, all passwords should be protected using secure hashing and salting algorithms.
It is also crucial that businesses review processes regularly to ensure that they don’t pose a security risk – in this case, issuing sequential numbers could allow an attacker to guess details that could compromise customers.”