IT Weekly Middle East Newsletter 17th April 2005

Earlier this month something momentous happened in the IT industry: an executive from a major bank told the truth about security threats his bank was facing.

  • E-Mail
By  Peter Branton Published  April 17, 2005

Editor's letter|~||~||~|Earlier this month something momentous happened in the IT industry: an executive from a major bank told the truth about security threats his bank was facing. The bank in question was international bank HSBC, which according to one of its senior executives is suffering thousands of virus attacks a day. Speaking at a congress on e-crime in the UK, Alan Jebson, HSBC’s group chief operating officer, told delegates that the bank often received tens of thousands of attacks a day. “On our worst day last year, we had 100,000 attacks,” he announced. Why is this fact surprising? Well, the volume of attacks seems alarmingly high, but probably most readers will be more surprised to hear that he said it at all. In fact, Jebsen went further than just talking about virus attacks and pointed out the dangers his bank is facing from e-mail identity theft. “We are naturally very concerned about anything that would damage online banking,” he said. “Customers will only do business online if they are convinced it is secure. Customers are no longer sure whether e-mails from financial institutions are genuine.” It’s not surprising that banks and other financial institutions are reticent when it comes to talking about security issues: customers want to know their money is secure and anything which harms that confidence can make a hefty dent in the bank’s profitability. So why did Jebsen choose to speak out about such sensitive issues? Because customers’ confidence is being dented already would seem to be the answer (although we should point out we haven’t asked Jebsen personally). “There is evidence that frauds are damaging consumer confidence,” he said at the same conference. “Research has shown that the take up of e-commerce is slowing.” Jebsen was calling on banks and customers to co-operate more closely in their efforts to thwart such scams. HSBC itself is co-operating with the likes of Citibank to share information on security, which it hopes will lead to greater trust from its own customers as well as others. Banks in the region need to take heed of this advice. As we reported in a recent issue, there is growing evidence that a number of Middle East banks have been hacked (see IT Weekly, 26 March – 1 April 2005). Kevin Isaac, regional director of Symantec, believes that banks in the region are not doing enough to protect their systems against security attacks. He highlighted local banks’ reluctance to discuss attacks publicly as part of the problem. While we don’t expect banks to come forward and casually admit to damaging security breaches, the concern is that banks are just keeping quiet about problems rather than actually solving them. If it is cheaper to pay a ransom for your data — as one bank is alleged to have done — than spend a lot of money on safeguarding your system, then why not go along and keep mum? One obvious answer is that this very silence is what the criminals depend on: they want banks and other such institutions to keep quiet about their activities, indeed they need them to. And they certainly don’t want to know that banks are working together to defeat them, they would much rather they were isolated and easy prey. Elsewhere in this week’s issue we discuss an attempted hack on Japan’s Sumitomo Mitsui bank, which successfully defeated the hackers with the aid of the UK police’s computer crime unit. Will customers of Sumitomo Mitsui Bank feel more secure knowing it defeated an attack, or less secure for having owned up to one happening? Will HSBC customers feel less confident in the bank, knowing the pressure its security system is under? Security means a lot of different things to different people. Feeling secure in your bank means having confidence in it, and banks in this region should bear in mind that just keeping quiet may not be the best way to achieve that. ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code