Cyber attacks are coming fast a furious these days, and all manner of businesses are making cyber safety and precautions part of their positive consumer PR campaigns. But not all protections are impenetrable, and when there’s a breach, crisis PR is required immediately.
The Associated Press recently reported a cyber attack made against an as yet unnamed bank, a breach that comes on the heels of another theft that netted the perps more than $100 million from the central bank of Bangladesh. According to reports, the thieves used malware to get in through a PDF reader at the bank, which gave them the ability to transfer money as well as “tamper with” the bank’s documentation. The report neglected to mention if any cash was stolen in this attack. Customers were notified and instructed to review their accounts.
Investigators familiar with the case have hinted the attack may have come from someone on the inside, and definitely from someone with an intricate and in-depth knowledge of the bank’s technical protections.
It’s unknown if this attack is actually linked with the breach at the bank in Bangladesh. Some of the perpetrators of that attack have been identified, and $20 million in stolen funds have already been returned to the bank.
While the return of the funds is good news for the bank, the rest of this story is entirely bad, not just for this bank, but for all banks. First, of course, is the fact that more than $80 million is still in the wind. Second, the less than specific answers coming from the press relative to this more recent attack create uncertainty. In PR terms, particularly when trust is being weighed and measured, uncertainty is almost always bad.
Any time there’s a security breach at any financial institution, consumers feel less comfortable about leaving their funds with any bank. This cuts into customer loyalty and discourages electronic business practices. But if they’re not certain whether or not their bank is secure, or even if they feel it may not be as secure as it should be, there is a tendency to put some distance between them and the other products the bank may be looking to sell them. Less interaction means fewer opportunities to pitch consumers on other services, which trends toward a net loss of income for the bank.
The more specifics in this case, the better for banks in general, both in their internal computer protections and in their potential sales projections.