View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 29, 2016updated 30 Aug 2016 3:01pm

The cyber security industry reacts to HSBC DDoS attack

News: It's not just the industry who is interested in this breach either.

By Charlotte Henry

HSBC has been hit with a cyber attack, a DDoS that tried to flood its system and forced the highstreet bank to take its online and mobile services down in the UK.

In a statement John Hackett, UK Chief Operating Officer, said: "HSBC’s internet and mobile services have partially recovered, and we continue to work to restore a full service. We are continuing to experience attempted denial of service attacks and we are closely monitoring the situation with the authorities."

The attack has provoked political interest, outside of the cyber security industry.

Andrew Tyrie MP, Chairman of the Treasury Committee:

"Only last week I wrote to the regulators to encourage them to take decisive action on IT. This work needs to be led by a single regulator, probably the PRA. It needs to bring together those most involved among regulators and government agencies, and to require improvement at the banks. The sooner this is put underway, the better.

"Episodes like today’s bring a great deal of uncertainty, and sometimes disruption and distress to customers.

"Bank IT systems just don’t seem to be up to the job."

Given the importance of financial institutions, the industry has had a lot to say. Here is a roundup of the industry reaction.

Content from our partners
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
What to look for in a modern ERP system
How tech leaders can keep energy costs down and meet efficiency goals

Tim Erlin, director of security and risk at Tripwire

"Financial institutions, including banks, are often at the forefront of data security practices and technologies. They have to be because they are the most targeted organizations. Information security is an arms race, where both sides have to evolve to survive. It’s important to understand that these types of attacks are run by organized crime. There are sophisticated groups behind them, with skills, resources and the objective of profit."

Justin Harvey, CSO at Fidelis Cybersecurity

"HSBC has done the right thing by announcing to customers that it has been targeted by a DDoS attack, it’s just unfortunate that the attack has happened on a date that will disrupt so many users of the online service. Spreading awareness about these types of attacks and reporting them to the authorities is the best way for data to be gathered on an attack which can help track down the culprits and bring cybercriminals to justice."

Richard Brown, Director EMEA Channels & Alliances at Arbor Networks

With financial institutions underpinning whole economies, they’re a particularly choice target vertical for impactful attack. Add to this the fact that it’s payday for many people – meaning more people trying to access the website and therefore a bigger audience – HSBC is an ideal target.

HSBC will have to ensure that the attack was not used as a ‘smokescreen’, drawing the IT department’s attention towards this event while sensitive data is stolen or malware is implanted in the network.

Laurance Dine, Managing Principal, Investigative Response at Verizon Enterprise Solutions

"Unlike other attack types, which expose sensitive data like payment card details, intellectual property or health records, DoS attacks are primarily about disruption. Essentially, these attacks flood online systems, such as internet banking sites or online trading platforms, with vast amounts of data in order to overload them and take services offline. DoS attacks can last several days, so it’s vital to have a plan in place to deal with such a threat.

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU