EUROPEAN CENTRAL BANK WEBSITE HACKED
After every hack the organisation / bank comes with the public statement that it takes cyber security most seriously and the data lost in not critical data. In some instances it’s true as well but what is critical is the vulnerability. Vulnerability is directly proportional to customer trust and banks necessarily cannot be banked upon or banked with, with the trust taking a back seat. The latest to come on the chopping block is the European Central Bank, ECB, with Bank’s Integrated Reporting Dictionary Website (BIRD) website getting breached.
Since the days of Bank of Bangladesh heist banks have not crowned themselves with any glory in the field of cyber security. Even earlier to this ECB suffered a data breach in 2014 and ECB then said that a database serving its public website was hacked. ECB in 2018 started a test on cyber attacks on banks under simulated conditions. This was done with a purpose to create a single framework for testing financial organisation cyber resilience. Unfortunately, the same bank’s systems were infected with malware, to facilitate phishing activity is disturbing.
The breaches over and over again are not detected in time and breach detect time lag still is at around 200 days. This Bank site was hosted by an external provider and seems to have been hacked way back in Dec 2018. The breach was detected months later when routine maintenance work was undertaken. From the Cambridge Analytica -Facebook saga there has been no learnings. Does the data owners / controllers have the inclination to protect data in their complete ecosystem: external service providers, outsourced agents, secondary commercial outfits using or processing this data.
Though minor, this hack clearly redefines the challenges. Only last month an ex-Amazon employee hacked into millions of Capital One Financial Corp. records in one of the largest ever database thefts. As per the prosecutors, she also hacked into 30 other companies. UniCredit SpA, Italy’s largest best is investigating a possible breach connected to Capital One case. With this regularity banking is slowly going to the gallows.
HACKING AND BANKING CANNOT BE ALLOWED TO COEXIST.