Can Vladimir Putin turn off your fridge?
An Internet of Things cyberattack is the new risk to banks, writes Brian Caplen.
Banks have spent a lot of time and money making their websites safe from cyberattacks. They have focused on data and identity protection – giving customers devices that generate security codes and texting to verify transactions. They have tried to educate customers on the risks.
But the furore over the hacking of the US Democratic National Committee by the Russian state shows how phishing with fake websites can still deliver results. Default or simple passwords are still in abundance.
If some bank customers are still using '123456' and ‘password’ for their bank accounts, you can be sure that vast numbers are doing the same for smart devices that control their fridges, DVD players, web cams and other household items. After all, who cares if President Putin orders your fridge to be switched off? It hardly seems that serious.
But the ability for hackers to use the Internet of Things as a way of disrupting everyday sites such as Facebook, Amazon, Twitter and Netflix became clear last October. In this hack, the sites in question were not breached but instead smart devices were taken over and bombarded with information in a distributed denial of service attack.
This was aimed at Dyn, a domain name server company – the infrastructure that translates IP addresses into computer language – whose clients include the impacted sites.
Banks cannot afford to be relaxed about this new form of cyberattack. This was also the method used against five Russian banks including Sberbank, which said it was able to neutralise the attack. A more successful attack would have been damaging to reputations through loss of service even if the actual accounts were not hacked.
John Drzik, president, global risk and specialties, for insurer Marsh says: “The big mindset shift for companies is to see cybersecurity as a risk issue and not an IT issue and to look at it in terms of governance and how much to invest in response as well as in protection.” The risks associated with emerging technologies is one theme explored in the World Economic Forum’s Global Risks Report 2017.
Brian Caplen is the editor of The Banker. Follow him on Twitter @BrianCaplen
Register to receive my blog and in-depth coverage from the banking industry through the weekly e-newsletter.
Join our community
The Banker Database
Post-Brexit IFCs - private banking hubs
The Banker's editor Brian Caplen talks to Europe editor Stefanie Linhardt about the prospects for a UK-EU deal and what it all means for banks