An Internet of Things cyberattack is the new risk to banks, writes Brian Caplen.

Banks have spent a lot of time and money making their websites safe from cyberattacks. They have focused on data and identity protection – giving customers devices that generate security codes and texting to verify transactions. They have tried to educate customers on the risks. 

But the furore over the hacking of the US Democratic National Committee by the Russian state shows how phishing with fake websites can still deliver results. Default or simple passwords are still in abundance. 

If some bank customers are still using '123456' and ‘password’ for their bank accounts, you can be sure that vast numbers are doing the same for smart devices that control their fridges, DVD players, web cams and other household items. After all, who cares if President Putin orders your fridge to be switched off? It hardly seems that serious. 

But the ability for hackers to use the Internet of Things as a way of disrupting everyday sites such as Facebook, Amazon, Twitter and Netflix became clear last October. In this hack, the sites in question were not breached but instead smart devices were taken over and bombarded with information in a distributed denial of service attack. 

This was aimed at Dyn, a domain name server company – the infrastructure that translates IP addresses into computer language – whose clients include the impacted sites. 

Banks cannot afford to be relaxed about this new form of cyberattack. This was also the method used against five Russian banks including Sberbank, which said it was able to neutralise the attack. A more successful attack would have been damaging to reputations through loss of service even if the actual accounts were not hacked. 

John Drzik, president, global risk and specialties, for insurer Marsh says: “The big mindset shift for companies is to see cybersecurity as a risk issue and not an IT issue and to look at it in terms of governance and how much to invest in response as well as in protection.” The risks associated with emerging technologies is one theme explored in the World Economic Forum’s Global Risks Report 2017

Brian Caplen is the editor of The BankerFollow him on Twitter @BrianCaplen

Register to receive my blog and in-depth coverage from the banking industry through the weekly e-newsletter. 

Order The Banker July edition

Join our community

Request a demonstration to The Banker Database

Tech Talk: interview with Andy Campbell, Applied Blockchain

Andy Campbell, technical advisor, Applied Blockchain, which builds real-world blockchain application solutions, talks to Joy Macknight about how smart contracts work and where he sees the most interest in blockchain solutions within the financial services industry.

Watch more videos

The Banker on Twitter

By continuing to use this site you consent to the use of cookies on your device as described in our cookie policy unless you have disabled them. You can change your cookie settings at any time but parts of our site will not function correctly without them.