Industry pros react to Tesco Bank cyber attack

Following the news that Tesco Bank suffered a cyber attack over the weekend with around 40,000 customers being affected, various industry professionals have offered their reaction and analysis.

Jamie Graves, CEO, ZoneFox:

"While details are still emerging around the Tesco Bank attack, many suggestions are pointing towards the fact a third-party retail partner was compromised. What is worrying for Tesco is that the now infamous Target breach in 2013 followed a similar trend and of course resulted in record amounts of customer information being compromised.

"What is clear here is that the issue of supply chain or partner security is very real and very serious, given these partners can have a great deal of access to an organisation like Tesco’s network. This effectively makes them an ‘insider’ or ‘trusted party’ within the walls of that company. As with any insider or trusted partner – if proper monitoring is not put in place, then security incidents like the one that happened over the weekend can occur quickly and without warning.

"In order to identify and remedy the situation as fast as possible, businesses like Tesco must ensure they have some form of behavioural monitoring solution in place at all times, to identify and combat any breaches and suspicious activity from staff and partners alike immediately."

Dan Panesar, VP EMEA at Certes Networks:

“As Tesco works around the clock to address the fraudulent activity affecting its customers, it is only a matter of time before the finger of blame starts pointing. Working in a heavily regulated industry, Tesco Bank complies with every industry guideline and standard to ensure the safety of its customers’ data. The problem actually lies in the entire industry’s approach to cyber security. There is an inherent flaw in the current ‘protect’, ‘detect’, ‘react’ model, as once a hacker bypasses a network’s outer perimeter they are free to move uninhibited across the network, accessing vast quantities of sensitive data and wreaking havoc.

"There is a crucial step missing – once a hacker gains accesses to a network, the threat they pose must be contained. By applying a zero trust strategy using cryptographic segmentation to ensure a hacker cannot roam freely across the network, businesses can significantly limit impact of an attack or breach. As 20,000 consumers fear now not only for their safety of their data but their finances, cyber security professionals have a duty to act, changing the mindset within the industry to develop a better security model, one that is equipped to deal with the threat posed by the modern day hacker.”

Andre Stewart, VP EMEA at Netskope:

“Although quick action was taken by Tesco Bank with further online transactions from current accounts halted across the UK, this will cause a huge amount of disruption for customers. Further action must be taken so Tesco customers can be informed of exactly how this security breach occurred and what steps are being taken to ensure any vulnerabilities are found and secured.

“While this hack is just one link in a long chain of incidents which highlight the importance of data security, it serves to remind businesses of the need for a fast response once data have been compromised. Organisations must be able to protect their customer data and safeguard their reputation or, in this digital age, they run the risk of becoming a huge target for those cyber criminals testing organisations’ digital defences. In particular, as more data are stored off-premises, organisations need to ensure the correct security controls are in place, remain vigilant to unusual user behaviour and take active measures to secure data – especially in the cloud.

“With less than two years until the European Union General Data Protection Regulation (GDPR) comes into effect, businesses must learn from attacks and make changes now. A major part of ensuring GDPR compliance will involve getting to grips with reporting data breaches in a timely manner – as well as demonstrating that comprehensive and proportionate governance measures were implemented to protect customers’ data.”

Lee Munson, security researcher from Comparitech.com:

“The concerted attack against some 20,000 Tesco Bank customers is the first time such a British financial institution has seemingly been targeted by online criminals, at least as far as we are aware. While we do not have any details yet, the fact that there were so many compromises at just one bank suggests to me that the grocer may have either been hacked by an online group, or even compromised from within.

“Fortunately for its customers, Tesco Bank appears to be taking the matter as seriously as it should, informing them of what is happening at an early opportunity, and taking control of the undoubted media fallout.

“The correct course of action is, of course, for customers to type their online banking URL directly into their browser and, once logged in, they should change their passwords, whether their account has been compromised or not. That said, British banking is still entirely secure from a consumer point of view – incidents such as this are extremely rare and, in Britain at least, all losses arising from unauthorised activity must be refunded immediately anyway. Not only that, the financial services industry is extremely proactive in protecting its assets.

“Tesco will, I’m sure, learn from the attack, and put in place the necessary technological, procedural or people changes required to mitigate the risk of it happening again.“

Image Credit: Balefire / Shutterstock