What Do the Banks Say? A Look at the Heartbleed Bug from the Finance World

According to an article published in Canada’s Financial Post (part of the National Post newspaper), although Canadian banks say they are safe from the drastic effects of Heartbleed, they are not safe from all cyber threats.

A report by anti-virus software company Symantec Corp. is cited in the article. According to the report, losses due to cybercrime have been increasing for years in Canada. In 2012 they were at $1.4 billion. In 2013 losses had climbed to $3 billion. The Financial Post article says that while financial institutions (e.g. banks) don’t usually disclose the cost of online crime on their operations, observers believe it is substantial.

“Organizations are beginning to realise that technology is core to almost every industry and there’s a lot of emerging risks, things like the mobile payment revolution and bring-your-own-device to work,” Mike Petersen, managing director at Marsh Canada Ltd. told the Financial Post. Marsh Canada Ltd. is a top cyber insurance provider in the country.

“They’re (companies like banks) beginning to realize that there’s no such thing as perfect security, and it’s just a question of when an event will occur, not if an event will occur,” said Petersen in the article.

That fits with the 33% increase in the number of clients Marsh saw between 2011 and 2012.

Traditional banks are faced with the dilemma of incorporating more online and mobile services to compete with the online competition from Google and PayPal, for example. Banks need to compete to stay afloat and need to give their customers what they’re demanding, but the more they get into the online world, the more they make themselves targets for attack.

While Canadian banks may be safe from Heartbleed, the bug serves as a reminder that cybercrime is a real threat, and with Heartbleed’s widespread reach, companies are reminded that cybercrime is also a near threat, not a distant one.

According to the article, experts say Heartbleed is affecting more than 60% of Internet servers – basically meaning that a company that works online or offers online services is more likely to have been affected by the bug than not. Moreover, it’s hard to tell if a website has been affected. In 2013, it took an average of 229 days before cyberattacks were detected, according to a new report from cybersecurity firm Mandiant.

Despite banks being reportedly unaffected by Heartbleed, it doesn’t mean the bug won’t cause problems in the near future that banks might end up involved in.

According to the Financial Post article, security researchers say it is likely we will see an increase in phishing attacks, which could result in an increase in fraud complaints from Canadian consumers.

“Anytime there is any event that has massive attention to a large audience – like the Royal Wedding, or the Olympics or the NHL playoffs – there’s a rise in phishing attacks and spam because the attackers use a social event as a hook,” Mark Nunnikhoven told the Financial Post. Nunnikhoven is vice president for cloud and emerging technologies at Trend Micro Inc.

“In this case it happens to be a security issue, which cues up the bad guys quite nicely… because people are aware it can be complex, I think we’re going to see a larger than normal spike of attackers taking advantage of the public to try to get them to willingly give up their personal information without their knowledge,” said Nunnikhoven.


For the original article, click here: http://business.financialpost.com/2014/04/12/heartbleed-bug-highlights-banks-severe-cyber-security-headaches/?__lsa=b1a3-ca42