Experts have suggested that the cyber attack on Tesco Bank could be an inside job. Cyber criminals managed to steal money from more than 20,000 accounts at nearly the same time in automated fashion. IT security experts from Lieberman Software and Institution of Engineering and Technology’s (IET) commented below.
Jonathan Sander, VP of Product Strategy at Lieberman Software:
It’s odd to me that some are focusing on the lack of the word “hack” in the bank’s communications. I myself avoid using the words “hack” and “hacker” as I think they are words that are used to simply mean a cool trick and someone cool enough to pull it off which have been co-opted to mean something more sinister. That’s why I talk about bad guys and not hackers.”
Professor Roy Isbell at Institution of Engineering and Technology’s (IET):
“Any organisation is at risk of being hacked today, however good their security measures. This is mainly because, while most have plans for how to cope with a hacking incident, few actually practice those plans or give sufficient thought to how to continually educate and train their staff – starting with the induction process.
“It’s not uncommon for organisations to invest millions in cyber security technology countermeasures and protection, to only have this technology bypassed by an unwitting insider who succumbs to a Social Engineering attack. All staff have to be trained in how to recognise these attacks. There is a tendency to forget that even the most sophisticated cyber security plans can easily unravel if people at all levels of the organisation, including its leadership, are not fully aware of the latest trends and threats.
“Another common mistake is that access to information within companies tends to be based on two or three levels, reflecting the internal company hierarchy, rather than individuals’ ‘need to know’. The result is that far more people can have access to information than is necessary or ‘safe’.
“Ultimately, organisations and their management need to prioritise understanding their own cyber security risks and requirements, and then develop an effective strategy. Cyber security risks today come in many guises. The most common are criminal in nature by hacking customers’ information and finances. But all organisations that use technology are at risk from hacking. For example, for manufacturers with automated processes hacking could result in a significant loss of production or intellectual property for the organisation – and ultimately its customers.”