High profile hacks have happened before, we've all read about Talk Talk, Ashley Madison and Sony. We all know the words on every business leaders lips are currently Cyber, Data protection and Ranson-ware. So why is the Tesco hack any different? Why should we take notice of this attack more than any of the above incidents?
Quite simply becuase this is the first time that a UK bank has reacted so publicly by stopping some types of transactions on a web banking system because of "online criminal activity".
Banks are targeted all the time but typically those attacks just hit a few individuals, so do not bring about a site closure. In this case, as far as we can tell, a lot of people lost cash very quickly.
You've probably read about the Natwest bank errors that lead to the public being unable to withdraw cash or pay direct debits, this is well known to insiders as an organised international hack attempt on the Natwest servers, easier to simply turn off the systems and plan a defensive solution than actually defend your systems.
Tesco did not use the "H" word in its statement and in interviews its chief executive and other people speaking on behalf of the company have been careful in their choice of language.
It has said that the attack was "sophisticated" and that an initial investigation had revealed exactly what had happened.
So far, it has not shared that information but Tesco's actions in the wake of the weekend's events do help to narrow down the possibilities.
By letting customers withdraw cash from ATMs, use cards in shops and pay bills, it suggests that whatever went wrong does not involve the core computer systems underpinning Tesco bank.`
Tesco's decision to suspend online transactions combined with the information that so many people were hit at once clearly suggests problems with its website.
All too often maintenance or website updates can introduce errors and bugs that were not present before. Cyber-thieves are constantly scanning valuable websites to spot changes and will swoop if one emerges.
It might also be the case that a third party connected to Tesco had a security issue and attackers got in via that route, which has happened in some of the biggest attacks in recent memory
How can this stop happening?
Most cybersecurity experts have a very jaundiced view of the world that they often sum up by saying:
"Everything is broken and there is always a way in." In short, there is no way that any organisation can keep it, and its customers and their data, safe all the time. Many organisations now assume they will be breached and set up monitoring systems to spot when that happens, while also training staff to react quickly to fix problems.
In my experience I have often found that firms were caught out by vulnerabilities that emerge in software they use rather than through a change they make. It can be hard for organisations to keep across these factors because they use so many software packages.
In addition, some of the bugs are found by malicious hackers who sell them to gangs that want to use them. In these cases, the first an organisation will know about a bug is when it is used against them.
Tesco has had problems with some other web-based systems in the past. In 2014, thousands of Tesco customers' net accounts were deactivated after login names and passwords were shared online.
In that case, Tesco said attackers had compiled the data by using details stolen from other sites, because some Tesco customers reused passwords.
How did they notice the suspicious activity?
Like many other banks, Tesco has automatic fraud-spotting systems that keep an eye on accounts and build up a picture of normal activity. It is these kind of systems that can catch you out if you suddenly use your credit or debit card to buy lots of things from lots of different places in just a few minutes.
It is these monitoring systems that are believed to have alerted Tesco to the problems that led to it suspending the site and halting transactions.
Can I protect myself against these kind of attacks?
We still do not know the full details of what happened so it is difficult to give concrete advice. However, it is worth taking a few simple steps to protect your online account.
First, choose a good password and do not reuse one that you use elsewhere. Use the bank's two-factor authentication and keep an eye on the transactions carried out via your account.
Keep security software on your PC, phone or tablet up-to-date and be on the lookout for phishing emails that capitalise on news about any breach.
James Chappell, chief technology officer at computer security service Digital Shadows, said it was already starting to see cyber-gangs it monitors sending out spam posing as updates from Tesco security staff. The gangs are hoping to trick people into handing over their Tesco account details to let thieves take advantage.
What can companies do?
Robust Cyber security audits should be completed by businesses including Cyber Essential accreditation if possible. Penetration testing by certified "white chat" hackers is advised and Staff training and communications from IT on all software updates and changes should be clear, concise and issued as prompty. All this should be backed up with a well rated Cyber and Data Breach Insurance policy.
Comments
Post a Comment