Following the news that 20,000 Tesco Bank customers lost money as a result of “online criminal activity” on their accounts over the weekend, IT security experts from ZoneFox, Huntsman Security and ESET commented below.
Jamie Graves, CEO at ZoneFox:
What is clear here is that the issue of supply chain or partner security is very real and very serious, given these partners can have a great deal of access to an organisation like Tesco’s network. This effectively makes them an ‘insider’ or ‘trusted party’ within the walls of that company. As with any insider or trusted partner – if proper monitoring is not put in place, then security incidents like the one that happened over the weekend can occur quickly and without warning.
In order to identify and remedy the situation as fast as possible, businesses like Tesco must ensure they have some form of behavioural monitoring solution in place at all times, to identify and combat any breaches and suspicious activity from staff and partners alike immediately.
Piers Wilson, Head of Product Management at Huntsman Security:
“What is important to recognise is that it looks like this is a recent attack and Tesco Bank has been quick to respond to the breach, taking immediate measures to minimise the damage. However, even so, we’ve seen reports that thousands of customers have had cash stolen from their accounts; leaving some in very difficult financial circumstances. This really underlines the importance of being able to detect any suspicious or anomalous behaviour within milliseconds of cybercriminals launching their attacks. The only way businesses can achieve that level of speed is by integrating machine learning techniques with their cybersecurity measures, so the tools become capable of responding to an attack faster than their human operators ever could.”
Mark James, Security Specialist at ESET:
Keeping your financial details as safe as possible depends on a number of factors, online banking often has many features to keep your money safe and you should utilise as many as possible. Of course not writing down any of your details, being mindful of who you give information too and making sure you verify anyone who says they are from your bank should be done in all cases. If your bank offer 2 Factor or 2 Step verification then you should utilise it, whilst most banks will do all they can to return any monies lost, this often will depend on their perception of your own security in using their services. If they can prove you were negligent in protecting your account then you may find it harder, or in some cases impossible, to get your money back.
Tesco will need to keep the public informed if they want to come out of this on top. Whilst no system is 100% safe, keeping the victims well informed of your current operations, cause and future defences are what’s needed.”