This week, Emma Dunkley of the Financial Times published an amusingly titled yet insightful piece on the recent cyberattacks levelled at two major high street banks. Not to be misled by the lighthearted headline of the article, her account provided another chilling glimpse into the reality of what major banks and consumer organisations now face on almost a daily basis when it comes to protecting their data.
“The recent attacks on Lloyd’s Banking Group and Tesco Bank revealed the evolving techniques used by cybercriminals to expose financial institutions’ vulnerabilities”, she wrote, as she sought to explain the wider implications of what had happened. “The threat of cyber assaults is increasing. As banks roll out more digital services, and as more customers use technology to handle their money, cyber criminals have a greater number of entry points through which to access systems and customer data.”
On January 11th, Lloyds was hit by what is commonly known as a ‘denial of service’ attack, where hackers hijacked several of the bank’s servers and flooded their website with large amounts of traffic designed to cripple online services. Upon discovering that they could not gain access to online banking, many customers took to social media to vent their frustration, as Lloyds deployed a series of counter-measures designed to isolate the attacks and limit the damage caused.
Although large banks are typically targeted by denial of service attacks around once a month, the Lloyds incident was particularly severe – with this attack lasting far longer than the usual few hours.
“Denial of service attacks are happening 24/7 globally,” says Philip Halford, a senior adviser at financial services consultancy Bovill. “There are multiple perpetrators, often targeting the same trophy targets. They share the common objective to breach a control system sufficiently to allow or deny legitimate users access to it. The motivation can vary from criminal intent to mere bragging rights. The effect, however, can be crippling for organisations.”
Compared to the Tesco Bank fraud that took place in November last year, the Lloyds attack was relatively mild, with no customer data or money having been stolen. It is reported that the hackers behind the attack demanded a £75,000 bitcoin ransom, although it is unclear whether Lloyds bowed to this request.
Tesco Bank was not so lucky. Last year’s assault led to nearly £2.5m worth of payouts to 9000 customers who had money stolen by cyber criminals. This time, the data breach was facilitated by a weakness in one of Tesco’s mobile banking apps, which was exploited to access personal information connected to thousands of current and savings accounts. Thankfully Tesco Bank acted quickly to reimburse customers, but the incident still represents a significant and worrying reality of the risks posed by hackers.
What the attacks on Lloyds & Tesco Bank tell us about how online crime is evolving
Over the past twelve months, news of major cyberattacks has become increasingly commonplace – with 2016 seeing more sophisticated assaults than ever before.
Cyber crime is on the rise, with attackers developing increasingly sophisticated hacking techniques to break through organisations’ defences. It is one of the biggest risks to global banking, threatening to cripple lenders and defraud customers.
As the Financial Times rightfully put it, “the stakes are high”. When we consider the reputation of the UK banking sector amongst its customers, trust is a critical factor, and information security plays a huge role in this. Not only must banks consider their reputation in this matter, but also the potentially significant fines and sanctions imposed by financial regulators where institutions are seen to have failed in their obligation to protect customer information and assets.
Under the UK Data Protection Act, banks can currently be hit with a penalty of up to £500,000, but an EU directive that comes into force in May 2018 will mean companies can be fined up to 4 per cent of their global revenues for serious data breaches.
As we move into an increasingly tech-dependent world, banks and other organisations alike have an ongoing responsibility to stay ahead of the threats posed by cybercriminals – and as we so often hear, this isn’t just down to software.
Education also plays a huge part in cyber resilience, and equipping staff with the right knowledge can mitigate risk on a truly massive scale. We know that as much as 90% of all cyberattacks are mounted as a direct result of the unwitting action of a member of staff – whether that’s clicking on a phishing email, or falling foul of social engineering. Never before has it been so important to place cyber resilience at the top of your business agenda.
Interested in better understanding the implications of increased cybercrime for your business? Join our free webinar in partnership with AXELOS GBP and featuring Vicki Gavin of the Economist Group, as we explore the most effective ways to safeguard against cyberattacks. Join the webinar and explore more here.
For the full original FT article, click here.
With a number of clients having already successfully adopted Unicorn’s new user-friendly, flexible integrated authoring tool over the past few months, Learning Technologies marks eCreator’s official launch to market at stand 95.
Fully tablet compatible, with the ability to create, edit, deliver and study content on Apple and Android tablets as well as PCs, eCreator meets the increasing demand for firms to be able to create and publish quality learning content more easily, and for in-company subject matter experts to be able to edit and update content directly.
Amongst the companies already using eCreator to create and deliver mobile-ready courses are the Chartered Insurance Institute (CII), Tesco Bank, Insurance Institute of Ireland (III).
Here are some of the things being said about eCreator already……..
- “The eCreator has already brought huge improvements in our productivity as well as professional quality results that add value to our student support. We’re very impressed with the new tool.”
- “The graphics and whole look is brilliant. Very engaging to the eye.”
- “It looks really good, impressive.”
Meanwhile SkillsServe 5.0 includes two major changes.
There is a new catalogue and content manager, combined to make it easier to build programmes, and diagnostic assessments, enabling administrators to generate assessments from programmes automatically, with users only having to complete learning for areas not passed.
Anyone visiting the Unicorn stand over the two days will have the chance to win a champagne balloon ride. To find Unicorn on stand 95, just look for the pink balloons!
For more information visit www.unicorntraining.com
Like a bad relationship on Valentine’s Day, facing another year of regulatory eLearning can bring on a sudden headache. Lucy Cartlidge, Unicorn Client Relationship Manager, asks how can you avoid that sinking feeling?
It’s crazy how quickly the year whizzes by.
It’s already Valentine’s Day today, the day women are let down remembering how forgetful and ultimately unromantic their men are 😉 Next will be Children In Need – surely that happens twice a year?? – then it will be Christmas again before we know it!
Many organisations are in the process of working out their regulatory/mandatory training calendar for the year ahead, and deciding whether to follow the same process as the previous year or to mix it up a little bit.
Just like a failing relationship on Valentine’s Day, another year of the same regulatory eLearning can often result in the learner feigning a headache and finding an excuse not to go through the ordeal………
The majority of Unicorn’s clients are in the financial sector and all face the same challenge; how to make content fun and engaging whilst retaining the underlying importance and significance of the subject matter.
Here are my top tips for achieving great results on an otherwise, dry topic.
1. Trust the learner
This is often a difficult concept to get your head around as our natural assumption is the learner is going to view their training as something forced upon them and will be the same as last year. It will take an hour out of their day and feels pointless as they know everything they do is aboveboard and they won’t be laundering any money that day for example.
Tesco Bank saw this problem as a challenge and wanted to transform the way their learners learnt. Together we came up with an approach which would test the learners’ knowledge through a competency-based assessment, which once successfully completed learners would be exempt from completing the full module.
We then put together a refresher module, taking key information from the main course for learners to brush-up on and then attempt the assessment. The full module was completed by new employees.
The questions within the assessment were linked to specific course modules so forcing learners through particular modules before letting them have a second attempt at the assessment. Unless the learner is a new employee they choose their own learning path.
The outcome of this was giving the learners some responsibility for their learning pathway engendered better buy-in and engagement. Tesco Bank trusted their learners and in turn the learners do what they need to do to make sure they are at the right level at all times.
2. Assessment questions
Writing good assessment questions is a skill often taken for granted. A common mistake is the sentence for the correct answer is often longer than the other options, for example!
Using the Tesco Bank example, we had to make sure the assessment questions really tested applied knowledge. Including questions like ‘When was the FSA formed?’ is pointless. If learners pass with little effort Tesco Bank comes under major scrutiny from the regulators.
Preferably, questions should:
• be clear and concise
• not contain ambiguities, double negatives or be negative
• have answers approximately the same length and be equally likely
• remain internally consistent
• be randomised as far as possible to try and avoid colleagues consulting each other
• be as relevant as possible to what you need learners to actually know and retain
• never include ‘All of the above’!
3. Regulatory eLearning can be sexy, fact!
Believe it or not, you can turn otherwise dull and lacklustre content into a visually-engaging piece of learning which is an extension of your organisation’s branding.
Unicorn has recently developed a suite of mandatory courses for Santander that’s just that. Sexy!
There are some 11 courses with several themes, all appropriate to that course. Three of those courses sit within the regulatory suite which, despite being our bread and butter – financial crime, anti bribery and corruption and fraud awareness – can still be a dry topic.
Santander wanted the boundaries pushed and so a ‘Minority Report’ concept was born, only without Tom Cruise. Learners download ‘missions’ – ie modules – and work alongside a hologram and special agents to complete the course.
Clients often worry the seriousness of topics will be lost if they add a theme like this. But we’ve found it actually helps attract learners and engages them in wanting to complete the ‘mission’ successfully. They are also more likely to retain knowledge as they actually enjoy it.
Getting more eLearning for less investment is still the wish for the majority of clients.
Although having a big budget can mean added whizzes and bangs, it doesn’t mean it will have more effect. You don’t actually need to spend a lot of money and there are some really good tools that can turn the bleakest PowerPoint presentation into a butterfly of a course. Trust us we’ve seen a lot of ‘simple’ PowerPoint presentations!
Taking the Minority Report concept, the course was developed at the top end of the budget and it does look fantastic. Yet the real reason it works so well is because it has a familiar, consistent theme running through it. The success is in the storyboard.
So the point is courses don’t need to be flashy or super rich in media, although that can help. Creating a story and a real learning journey is much more impactful and successful.
Then it struck us – FAMILY! And here was born the concept of the Tesco Family that has brought a very human, fun and effective touch to Tesco Bank eLearning and their Academy Online this year.
Families can be your classic mum, dad and kids, while many people nowadays actually spend more time with their ‘chosen’ families, ie their mates and close colleagues.
The most important thing for us when developing the Tesco Family concept was ensuring that the characters we introduced to Tesco Bank’s online learning resources captured the sense of personal familiarity and friendliness that reflected Tesco’s values and principles.
A set of illustrative ‘cartoon’ characters and scenarios (call centre, supermarket and office) were developed comprising traditional family unit members and workmates, who act as guides through the learning, and pop up with useful tips and hints.
The concept relies on humour and personalisation to engage the user, provoking instant likability, but without compromising the serious undertones of the course.
To date seven courses have been developed using this concept – Approved persons, Complaints, Equality and Diversity, Fraud, Information Security, Role of the FSA and SYSC.
Paul Murray, Learning Services Consultant at Tesco Bank, admits the novelty of the concepts had staff intrigued about the learning from the outset.
He said: “There’s no better way to get people into something than to get them talking about it and people were definitely talking about this. Everyone can relate to the characters in the Tesco Family, whether it’s the comfortable familiarity of going round the supermarket with your wife and kids, or enjoying easy camaraderie with your close workmates.
“All the characters very carefully reflect Tesco brand values and principles, so as well as consciously studying particular bits of eLearning our staff also receive a constant unconscious reminder about what it means to work for Tesco and what our customers expect from us. The word ‘engaging’ gets used a lot when talking about eLearning but this really has proved to be a very special and very successful concept.”
The Tesco Family was created by Unicorn’s ‘Two Richs’ graphic design dream team of Richard Armitage and Richard Kelly.
Rich Armitage said: “It’s brilliant when you get clients that are so open to what may at first seem like slightly-off-the-wall ideas. It makes our job much more fun, interesting and challenging. Tesco Bank were great to work with on this concept.”
Demand for the Professional Bankers Certificate is growing rapidly since its launch earlier this year by the Chartered Banker Institute.
This month has seen the highest number of registrations since launch. If the initial momentum continues, more than 4,000 individual PBC registrations will be completed by the end of the year.
Developed in partnership with Tesco Bank and underpinned by Unicorn Training’s SkillsServe online learning management platform, the PBC was designed to aid the continuing development and promotion of professional standards for bankers, with a syllabus covering the major areas critical to the effective performance of a professional banker and which required no prior learning or qualifications.
The course is delivered via a fully-inclusive study support tool, boasting a fresh new suite of tailored eLearning to support bank staff and/or Chartered Banker Institute members through the new qualification. The system also provides a robust and credible record of training, development and competence for personnel and compliance teams.
Everyone undertaking the PBC accesses a dynamic, personalised study portal where they create and manage their individual study plans and can take full advantage of all the relevant PBC eLearning modules and study support tools hosted on the system to help them develop a thorough understanding of the key ethical, regulatory, economic, legal and credit issues.
When the time comes to prepare for the final multiple-choice assessment, the portal has an extensive bank of mock exam questions so students can test themselves to identify the areas they are most comfortable with and what needs more work before exam day.