Hacker heat

[InfoSec News <isn () C4I ORG>]

http://insurancenewsnet.co.uk./article.asp?a=1&newsid=CoICWue9GnJuWodqZntm

Stephen Nickson
December 1, 2000
Risk Management

The summer in England was even colder, wetter and shorter than usual.
The only real heat was indoors and it came from hackers. Both
Prudential's Egg online bank and Barclays online service accounts
suffered much-publicized breaches that exposed this new sector's
susceptibility to cyberattacks and highlighted the negative effects
such exposures can have on a company's bottom line.

In Prudential's case, professional hackers created false accounts in
an attempt to secure loans. Barclays iBanking customers were able to
view other customers' accounts. Fortunately, no assets were stolen,
but a few heartbeats were quickened as stock prices fluctuated. "For
British consumers, there is a real concern over who is seeing their
information and how secure it is," says a National Banking Council
spokesperson. "If people can't trust in their banks to protect their
privacy, then bells and whistles on a banking Web site aren't going to
have any effect. People will stay away."

Solutions have been stifled by customers who do not like advanced
identification systems because they must be periodically updated,
which requires vigilance on their part. But banks that do not update
their technology and force this annoying aspect of online banking on
consumers risk damage to reputation and brand, which can be far more
significant than the direct financial loss from security-related
losses.

Personal finance cyberproblems in the United States have largely
centered on Internet brokerages, as more Americans trade stock than
bank online. Prudential's British online banking services has 1.1
million customers, more than all U.S. Internetonly banks combined. But
as Internet banking and brokerage services become more popular in the
United States, American banks will increasingly find themselves the
targets of sophisticated criminals. Many banks could be doing a lot
more to make their systems secure. "A solid backend system can foil
most hackers," says Gene Ozgar, a partner with KPMG's information risk
management practice. "But many large banks build their Internet
banking sites using old legacy computer systems, with focus on jazzy
front-ends." Without solid, well-secured back-end systems, however
inconvenient they are for consumers, American online banking could
suffer the same loss of face that Barclay's and Prudential suffered in
England. "A hacker doesn't have to be a computer genius to break into
the systems that are prevalent today," says Ozgar. "They just have to
be persistent."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".