'Weak link' employees with poor cyber security training leaving banks and government vulnerable

'A major bank or government service can be brought to its knees by an online onslaught,' warns Professor Richard Benham

Banks and governments could be "brought to their knees" by computer hackers because of the "weak link" represented by large numbers of staff who aren't properly trained in cyber security.

These remarks by Professor Richard Benham, visiting professor in cyber security management at Coventry University - which recently launched a National MBA in Cyber Security - come following a series of cyber attacks against high-profile targets, including the pro-ISIS hacking group CyberCaliphate taking temporary control of the Twitter and YouTube accounts of US Central Command.

But while such acts of cyber vandalism represent something of an inconvenience for the authorities, Professor Benham has argued that the impact is negligible compared to what could potentially happen.

"Hacking social media channels is one thing, but it's only a matter of time before a major institution such as a large bank or government service is brought to its knees by an online onslaught," he warned, stating that if hackers got inside a bank's computer systems, they could go on to cause financial chaos.

"A major breach in any one part of a bank's critical network infrastructure could cause it to fail, setting in motion a potentially devastating ripple effect throughout the markets," Professor Benham said.

"When the Associated Press had its Twitter feed hijacked with a fake tweet reporting the bombing of the White House, within minutes the Dow Jones Industrial Average plunged 143 points," he continued, adding: "Imagine the economic effects of a genuine strike."

But despite recent efforts to bolster cyber security, Professor Benham warned that many organisations remain highly vulnerable to cyber attack, even simple social media hacks.

"Despite a recent push to flag up the importance of cyber security matters at board level, banks are still not especially well prepared for even this sort of attack at the periphery - never mind one that goes for the jugular," he said, before going on to suggest the lack of cyber security training for employees in these firms is dangerous.

"Most employees, without proper training of the necessary 'cyber-hygiene' required at work, are a significant weak link," Professor Benham warned.

"In most cases only a small number of people in the organisation are sufficiently expert in cyber security issues - a problem that doesn't just affect banks," he concluded.

One of the most common methods in which cyber criminals gain access to secure networks is via phishing attacks, and it's a practice that is more effective than many businesses realise, security expert Neira Jones told Computing recently.

"Criminals are becoming a lot more effective at delivering their payloads. A phishing campaign of only 10 emails has more than 90 per cent chance of getting a click and when you get users who are unaware - that's an explosion waiting to happen," she warned.