Royal Bank of Scotland (RBS) wanted to give its business banking customers an extra layer of security, but ended up possibly exposing them to cyberthreats, reports have claimed.
The bank recently started offering what it calls the Heimdal Thor Foresight Enterprise, which is designed to spot and stop common cyberattacks that try to steal data or infect a network with ransomware.
However, in order for the system to work, the customer needs to give it clearance of the highest degree and that, according to experts that discussed the matter with the BBC, wasn't done right.
"Heimdal Thor is security software that runs at a high level of privilege on a user's machine. It's essential that it is held to the highest possible standards. We feel they have fallen far short,” security researcher Ken Munro told the news outlet.
The bank didn’t disclose how many customers were exposed to the risk. We do know that 50,000 people were using the software.
The hackers that would potentially abuse the flaw would get access to the victim’s emails, internet history and bank details. To do that, the only thing they would need to do is intercept the victim’s internet traffic, which the experts say isn’t really an issue nowadays with so many public Wi-Fis and unsecured home networks.
The issue was fixed in the meantime and 97 per cent of the affected endpoints were secured, confirmed Heimdal's chief executive Morten Kjaersgaard.
Image Credit: BeeBright / Shutterstock