title-image
Cybercrime

European Central Bank Hacking: What Can We Learn?

In the news today we have seen that European Central Bank (ECB) has been hacked, with attackers stealing around 20,000 email addresses and contact data from the bank’s public website. Worryingly, the theft came to light after an anonymous email was sent to the bank seeking financial compensation for the data.

In this instance without the full information, it looks like the application was to blame and an exploit like SQL injection, a code injection technique used to attack data-driven applications, may have been used. The welcome news for customers is that the attacker was not able to get to their internal systems, meaning that the bank must have used a Demilitarized Zone (DMZ) or full system separation for the internal and external systems - something that all organisations holding sensitive data should have in place.

This attack is the latest to deliver a clear message to businesses across Europe - the assets we protect are no longer the infrastructure or the networks, it is the information contained in the applications that we need to address. To protect this information we need to have the full context of the user’s interaction with the application. We need to use tools like web application firewall (WAF), proxy functionality, and contextual awareness to understand and separate legitimate users from those with more suspicious motives and better protect our data using these insights in real-time.

Another question to ask is, why isn’t all personal information encrypted? In this case, while most of the data was encrypted - parts of the database including email addresses - some street addresses and phone numbers were not. The database also contained data on downloads from the website in encrypted form. With this information, we have to ask why we are still only encrypting the bare minimum of information. Just because someone’s credit card number is not exposed, there can still be enough personal information available which proves valuable to hackers.

Over the past couple of years we have seen a rise in the amount of cyber-attacks carried out on banks, including China’s central bank in 2013 and Russia’s central bank a few months ago. With the sophistication of cyber-attacks developing at such a vast rate, and with this recent incident in mind, it is now more important than ever that organisations take note and put stringent processes in place to prevent more attacks like this from happening. The tools are available and straightforward to implement, but it’s down to businesses to prioritise cyber in their planning.

 

Gary Newe is Sr. Systems Engineering Manager at F5 Networks

PREVIOUS ARTICLE

« Social Communities: Male Breast Cancer Awareness

NEXT ARTICLE

Connected Cars and the Importance of Net-Neutrality »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?