London police arrested eight men in connection with a £1.3m robbery that allegedly involved taking control a Barclays Bank branch (Photo: Reuters)
London police arrested eight men in connection with a £1.3m robbery that allegedly involved taking control a Barclays Bank branch (Photo: Reuters)

The fight against cybercrime by banks and companies has led to stricter compliance, firewalls, and software procedures but it is all essentially pointless "if they leave the front door open," says an expert and managing director of Salamanca Group.

News that London police have arrested eight men in connection with a £1.3m robbery that allegedly involved taking control a Barclays Bank computer from a branch on 5 April this year, via a KVM switch, comes soon after the Met arrested a separate gang in the same month for plotting the same type of cybercrime to branches at Santander.

Speaking exclusively to IBTimes UK, the former Head of Kidnap for Ransom at Kroll Heyrick Bond Gunning said that "too often" companies and financial institutions only view cybercrime as a software issue and this can lead to costly losses.

"I have talked at length with banks and companies around the world about how they should not view cybercrime as purely a software issue in isolation," said Salamanca Group's Gunning.

"There is a huge focus on firewalls and software security but if you are effectively leaving your front door open, and if someone is able to enter your premises and attach a switch to a router, it undoes a lot of safeguards and can lead to costly problems."

The KVM Switch

In April 2013, a probe was launched after a hardware device that allows workers to access their computer systems remotely, a KVM switch, was found attached to a 3G router.

KVM switches can be bought for as little as £10 over the internet.

"If it is proven that these eight arrested men did pose as engineers to attach the KVM switch, I would ask the institution whether they have a physical security elements in place, such as whether they were escorted or verified," said Gunning.

Police say that this method of tapping into personal data is a "rapidly evolving" field of cybercrime.

"This new and increasing methodology being seen by UK law enforcement demonstrates the rapidly evolving nature of low risk, high financial yield cyber-enabled crime," said the Metropolitan Police said in a statement.

The Cost of Cyber Crime

Cybercrime costs British banks and businesses more than triple the government's estimate of £26bn a year. Recent surveys have also shown that one in five businesses have no protection in place.

Salamanca Group says that around 98% of cyber-attacks originate from external sources with 97% being avoidable through simple intermediate controls.

"One of the most interesting cybercrime elements to consider is whether the threats come from in-house," said Gunning.

"Reports show that around 10% of cybercrime originates from the inside workforce."

According to the Norton Antivirus Internet Security Report, there was a 42% increase in targeted attacks in 2012.

Web-based attacks increased 30%, which could explain why a focus on software and firewalls has overshadowed the need to bolster hardware protocols.

"Again, you cannot isolate software as a way to purely tackle cybercrime," said Gunning.

"If you have 10% of workforce that gives up information or facilitates data theft to the outside, you are seriously under threat.

Salamanca Group's Gunning added that "it's not just banks and companies that need to worry, but also everyone from hospitals to social, because they store large amounts of data, that could be under threat."

Barclays were contacted about the contents of this report and have not yet returned calls for comment by the time of publication.