Views
1 year ago

CSLATEST

Join the IT leaders

Join the IT leaders taking the simply unified route to cloud security. IT Governance is getting more complex, the penalties more worrying and your competition more cloud-based and agile. WinMagic’s pervasive, everywhere encryption approach is the way forward. By simply securing your IT environment from endpoints across any cloud, you gain a low-cost, low-risk route to compliance and growth supported by a unique new breed of intelligent key management. Get in touch today! Contact our specialists and see how simple securing cloud can be. Email us today at sales@winmagic.com or call 01483 343020

comment CYBER-ATTACKS CONCEALED It is worrying to hear that some UK banks still aren't telling regulators about all the cyber-attacks wreaked on the financial services industry, despite a 10-fold increase in reports to the Financial Conduct Authority (FCA) over the last four years. "Our suspicion is that there's currently a material under-reporting of successful cyberattacks," stated Megan Butler, the FCA's director of supervision, when speaking at the ICI Global Conference in London in January. "The number of breaches relayed back to us looks modest when you set it against the number of attacks on the industry." The number of material attacks reported by firms to the FCA has grown to a worrying 49 this year from five in 2014, as hacks become one of the biggest threats to the safety of the financial services industry. The type of hacks is also increasingly concerning for regulators and firms, with ransomware making up 17% of attacks reported to the regulator, according to Butler. The FCA started an investigation in October into the hack of credit reporting company Equifax that saw personal data stolen from at least 143 million people. Outside of the FCA's supervision, Uber Technologies recently admitted to paying hackers $100,000 to delete data taken from 2.7 million UK customers in a 2016 security breach. Sarah Armstrong-Smith, head continuity & resilience at Fujitsu UK & Ireland, recognises that no company wants to admit that they have had a security breach, yet the truth is there's a strong possibility that at some point a breach will occur. "Hiding it won't save a reputation; if anything, it will tarnish it more," she points out. "It's critical therefore for both banks and other companies to have a clear and well-rehearsed crisis management plan for an attack, which includes informing regulators and other key stakeholders. Honesty and transparency are key. After all, it is a lack of trust in a company that will harm it most, especially when it comes to financial institutions, as the public will ultimately be concerned with how it affects them and their finances." While identifying the root cause and reducing the probability of a further breach after an attack is the number one priority, communications must be fully integrated into the end-to-end crisis management process. Concealing an attack is akin to the naughty schoolboy who doesn't want to be punished for his culpability. It's time for the financial institutions that do attempt to hide away such cyber-attacks to do some growing up and behave like the responsible organisations they portray themselves as being. Brian Wall Editor Computing Security brian.wall@btc.co.uk EDITOR: Brian Wall (brian.wall@btc.co.uk) PRODUCTION: Abby Penn (abby.penn@btc.co.uk) LAYOUT/DESIGN: Ian Collis (ian.collis@btc.co.uk) SALES: Edward O’Connor (edward.oconnor@btc.co.uk) + 44 (0)1689 616 000 Louise Hollingdale (louise.hollingale@btc.co.uk) + 44 (0)1689 616 000 PUBLISHER: John Jageurs (john.jageurs@btc.co.uk) Published by Barrow & Thompkins Connexions Ltd (BTC) 35 Station Square, Petts Wood, Kent, BR5 1LZ Tel: +44 (0)1689 616 000 Fax: +44 (0)1689 82 66 22 SUBSCRIPTIONS: UK: £35/year, £60/two years, £80/three years; Europe: £48/year, £85/two years, £127/three years R.O.W:£62/year, £115/two years, £168/three years Single copies can be bought for £8.50 (includes postage & packaging). Published 6 times a year. © 2017 Barrow & Thompkins Connexions Ltd. All rights reserved. No part of the magazine may be reproduced without prior consent, in writing, from the publisher. www.computingsecurity.co.uk Jan/Feb 2018 computing security @CSMagAndAwards 3