Saturday, April 27, 2024 | Shawwal 17, 1445 H
clear sky
weather
OMAN
27°C / 27°C
EDITOR IN CHIEF- ABDULLAH BIN SALIM AL SHUEILI

Lack of info on Tesco Bank hack frustrates lenders

Oman Observer
Oman Observer
Published: 7:19 PM, Feb 08, 2017
twitter
921383
921383
minus
plus

British banking executives and security experts are growing frustrated at the dearth of information available more than three months after £2.5 million ($3.09 million) was stolen from Tesco Bank in the UK’s biggest financial cyber heist.


Security officers normally share information on an informal basis immediately after a major cyber incident so that the other banks can check their systems, sources at four of Britain’s biggest lenders said.


In the case of Tesco Bank, a small lender with annual profits of just £162 million, details about exactly how criminals stole the money and what vulnerabilities were exposed have yet to be provided, however.


The case has exposed the lack of proper procedures to share information as well as confusion over which government agency has ultimate responsibility for the issue, lawmakers and executives say.


“It is very frustrating,” a senior executive at one of Britain’s largest banks said. “The gentlemen’s code has been broken.”


A risk officer at another of Britain’s biggest lenders said a formal regulatory system was essential in a financial centre like London where hundreds of banks of all sizes operate.


“I am not going to criticise them, the problem is the structure,” he said.


The November 5-6 attack, which affected 9,000 Tesco Bank customers, is the first major case to be investigated by Britain’s new National Cyber Security Centre (NCSC), working with the National Crime Agency (NCA).


The NCSC brings together and replaces a host of bodies including CESG (the information security arm of GCHQ), the Centre for Cyber Assessment, Computer Emergency Response Team UK and the cyber-related responsibilities of the Centre for the Protection of National Infrastructure.


As regulatory authorities for the banking system, the Bank of England’s Prudential Regulation Authority and the Financial Conduct Authority would also be involved in any regulations governing financial cyber crime.


The NCSC did not respond to requests for comment on the Tesco case. An NCA spokesman said: “The investigation is ongoing therefore it would be inappropriate to comment further.”


The new body is coming under pressure from the financial industry and lawmakers to act quickly.


“It is up to the NCSC to institutionalise the sharing of information and give some kind of obligation or requirement for feedback after an attack like Tesco Bank,” Troels Oerting, Group Chief Information Security Officer at Barclays, said. — Reuters


Oman Observer is now on the WhatsApp channel. Click here

SHARE ARTICLE
arrow up
home icon