Throughout the history of banking, banks have cultivated an image of being some of the safest places around. Of course, there have always been bank robberies, but up until relatively recently, those have been, for want of a better term, real-world robberies. While we are sure they were very dangerous and upsetting for staff and customers in the bank, such robberies can only target one bank branch at a time, have to be undertaken in the country where the bank is located and carry a high risk of being caught. In the digital world, however, criminals can attack the core of any bank, rather than just a branch, they can make their attacks from anywhere in the world and in addition to the police needing to catch them, they may also need to extradite them, which could be a challenge in and of itself.
Data security in the 21st century
While there has been much talk in certain sections of the business press about how SMEs need to be educated on the forthcoming General Data Protection Regulations and what they need to do to prepare for them, the fact is that even though SMEs should, in theory, be the softest targets, in reality, quite a few companies and organisations which are big enough to know better have fallen victim to cyber attacks. HBO joined Sony as possibly the most high-profile scalps to be claimed by hackers, but the attack on the NHS was probably of more immediate concern to more people. In terms of finance, while not exactly a bank, lender Wonga is known to have been hacked (presumably adding to the woes of its users) as has accounting firm Sage, along with Tesco Bank and Nationwide (although the latter was over 10 years ago now). Equifax in the U.S. has just joined the “you’ve been hacked” list.
Cyber crime, fuelled by ideology and money
There have long been stories about cyber criminals discovering vulnerabilities in banks’ security systems and requesting hefty payouts in exchange for keeping quiet about them. Whether or not there is any truth in these stories is anyone’s guess, but it says a lot about the state of the digital landscape that they are at least believable. More recently the nature of the stories has changed somewhat with rumours of criminals with a high degree of security expertise putting together what are essentially “build-your-own-crime” kits, which allow less techno-literate criminals to put together sophisticated cyber attacks. This has been dubbed “Crime as a Service” and goes alongside attacks by competent hackers for reasons of money along with attacks based on ideology, such as those by “Hacktivist” group Anonymous.
Should we abandon digital banking?
Perhaps it might be more pertinent to ask if we could abandon digital banking or to put it another way, would you be willing to give up the everyday convenience of your debit (and credit) cards along with your standing orders, direct debits and ability to make instantaneous bank transfers which make it possible to use services such as PayPal without having to wait for cheques to be sent through the post and cleared. Would you be willing to give up your ability to shop online whenever you wanted? Would you swap the digital security risks of online banking for the person security risks of carrying and storing cash? We suspect that for most people and indeed most businesses, the answer to pretty much all of these questions would be a categorical “no”. That being so, we all need to accept that everyone has a role to play in keeping data secure. The banks certainly need to ensure that they stay at the top of their game when it comes to protecting their customers’ data and customers need to ensure that they take all reasonable steps to protect their own digital security.