- ECB director general believes that getting hacked is only a matter of time if you trust external storage.
- Cloud services aren’t weak in terms of security, but they “tout importance” to attackers.
- There have been multiple severe data breach cases recently that strengthen the director’s opinion.
Korbinian Ibel, the European Central Bank’s director general, has stated that all financial institutes that trust cloud data storage are vulnerable to hackers. In fact, he stated that having to deal with a security incident for these entities is a matter of time, so there’s no question about the chances. As he clarified, that is not to say that cloud storage services are inherently unsafe, but they are perceived as valuable targets for the attackers who are looking to bring down something that is worth their time and effort.
European financial institutions are already using cloud services by Amazon, Google, and Microsoft, as these solutions are far more secure than internal infrastructure, and cost a lot less than setting up, operating, and maintaining your own server data center. Everything apart from highly sensitive to highly confidential data can go up to these servers, but as years pass by and in-house operations shrink, there is going to be an increasing volume of important data that will be finally entrusted on external data storage locations. As Ibel points out, banks do try to adjust to the developments of our times by hiring IT security experts, but this is still very far from where we should be standing right now.
Just last week, ECB confirmed that their BIRD (Banks’ Integrated Reporting Dictionary) website had been compromised and malware was injected to it. This has caused concerns about the potential loss of data, as the breach occurred back in December, but was only now discovered during a routine maintenance session. BIRD was hosted by an external provider, which ECB trusted to run such a crucial unit of their operation. In total, it is believed that 481 high-profile people were compromised by the incident, with names, positions, email addresses and titles getting exfiltrated.
A little more than two weeks ago, we had the largest ever data breach in the banking sector, with Capital One losing the sensitive information of 106 million of its customers. In this case, Capital One was using Amazon Web Services, while the hacker who managed to steal the data was a former employee of Amazon, possessing the required know-how that enabled her to compromise the data hosting unit. Of course, the database that was accessed was not left unprotected due to an Amazon flaw, but because of a misconfiguration by Capital One, but the example still highlights the case made by Ibel.