UK banks lagging behind on email security, study finds
More than half of banking institutions in the UK are slacking on cybersecurity, leaving staff and customers wide open to phishing attacks, analyst Proofpoint has warned.
The firm used domain-based message-based authentication reporting and conformance (DMARC), an email validation system that stops accounts being hijacked by digital crooks, to analyse 150 British banks.
Its research further revealed that three in ten institutions in the UK have no DMARC protection whatsoever, although the rest have at least either taken “initial steps” to implement it or adopted the measure fully.
This lackadaisical attitude to cybersecurity means that banks are vulnerable to business email compromise, in which threat actors can impersonate employees to con real workers into transferring money into accounts controlled by them. Not a good look for institutions whose essential purpose is to safeguard the public’s money.
“Banking institutions are a prime target for cybercriminals due to the vast amounts of sensitive personal and financial data they store,” said a Proofpoint spokesperson.
“With continuous digitalisation in the banking sector and increased usage of mobile apps by customers, it is crucial for these institutions to prioritise cybersecurity measures to safeguard against potential cyber threats. It is imperative for firms to remain vigilant and stay ahead of the evolving threat landscape to protect their customers’ data and money.”