Banks' weakest link is the untrained employee, warns cyber expert
Monday 19 January 2015
As the UK and US announce increased cooperation on cybersecurity – particularly around the banking sector – a Coventry University expert has warned that financial firms need to focus more on the human element of cybersecurity rather than just the technical safeguards.
Professor Richard Benham, who co-founded the recently-launched National MBA in Cyber Security with Coventry University Business School, warns that hackers are increasingly exploiting companies' employees who – if not trained to be aware of threats – often represent the weakest link in an organisation.
Professor Benham's comments come as Prime Minister David Cameron and President Barack Obama reveal that a series of "war games" will be staged between the UK and US to test each other's resilience to cyber attacks.
Citing the recent breach of the US CENTCOM Twitter feed, Professor Benham said:
Hacking social media channels is one thing, but it's only a matter of time before a major institution such as a major bank or government service is brought to its knees by an online onslaught.
A major breach in any one part of a bank's critical network infrastructure could cause it to fail, setting in motion a potentially devastating ripple effect throughout the markets. When the Associated Press had its Twitter feed hijacked with a fake tweet reporting the bombing of the White House, within minutes the Dow Jones industrial average plunged 143 points. Imagine the economic effects of a genuine strike.
According to Professor Benham, banks need to be subject to mandatory cybersecurity checks across the sector in the same way that they have had to pass 'stress tests' for financial resilience.
Even something as straightforward as a denial-of-service attack can shut down the networks running cash machines for days at a time, as happened in South Korea in 20133. Despite a recent push to flag up the importance of cybersecurity matters at board level, banks are still not especially well prepared for even this sort of attack at the periphery – never mind one that goes for the jugular.
Most employees, without proper training of the necessary 'cyber-hygiene' required at work, are a significant weak link. In most cases only a small number of people in the organisation are sufficiently expert in cybersecurity issues – a problem that doesn't just affect banks.
Prime Minister Cameron recently lent his support to the launch of Coventry University Business School's National MBA in Cyber Security, which was set up to tackle the skills gap in UK employers' information risk management.
The online master's degree is aiming to provide training to individuals and businesses to help them manage online security threats.
Students of the distance-learning qualification – which can be studied part-time – will learn about the financial, legal and reputational risks related to cyber attacks and will be taught how to make informed decisions around information security management issues.
The postgraduate course – whose first intake starts this month – will also cover technical content relating to network security, but will focus largely on the management of strategic aspects of cyber risk including human resource, digital security audits, big data and international cyber law.
Professor Denise Skinner, executive dean of Coventry University's Faculty of Business, Environment and Society, said:
As a university that prides itself on innovation and producing qualifications that meet real industry needs, we were delighted to receive the Prime Minister's support when we launched the National MBA in Cyber Security in November as we pursue our aim to become one of the UK's centres of excellence for cybersecurity management.
Professor Benham's comments regarding the human aspects of cybersecurity are timely, and will make us all consider the vulnerabilities to UK business and how we can enhance our knowledge and shore up our cyber defences.
In addition to MBA, we have continued to develop courses including Ethical Hacking & Cyber Security BSc/MSci and Cyber Security MSc.