This Lurking Threat for Banks from Cyberspace Needs Urgent Response
September 12, 2016 | Cyber Heist, Financial Institutions, Privileged Accounts
The $ 101 million cyber heist at the Central Bank of Bangladesh, earlier this year, underscored two realities. The first is that cybercriminals are getting increasingly cannier, while another fact is that banking institutions—not all but many— remain underprepared to thwart growing attacks from cyberspace.
Alarmed by the incident and a spate of other attempted bank heist cases, the Society for Worldwide Interbank Financial Telecommunications (SWIFT), back in July, announced hiring of two cyber security firms for monitoring the international transfers.
At that point, SWIFT’s immediate response got applauded; however, we remained little apprehensive.Our point of view was that unless banks reinforced their Identity and Access control Management , the risks emanating from both insiders and external malefactors would continue to inflict unfathomable losses.
SWIFT’s recent letter to its 11000 member banks highlights our concern. The organization said that although a good number of cyber heist attempts got prevented due to its security measures, hackers were successful in raiding some of the banks and getting off with unspecified amount of cash.
The letter, which was cited by the Financial Times in August, stated that cyber criminals are very active. They are always on a lookout for IT systems that are even slightly vulnerable. More worryingly, the organization showed concern about how these malefactors devise tailor-made strategy to target individual bank.
You see, targeting transactions by getting hold of SWIFT codes are only possible when privileged accounts--an entry point to any organization’s vast network having ADMIN rights to database server and other vital information-- are not properly monitored. In other words, cyber assaults, especially on financial institutions, are very rampant because malicious actors are able to crack inside the networks due to weak privileged identity management in place.
Unfortunately organizations pay a very scant attention to identity and access control management. And unless this area is not properly addressed, such incidents would keep surfacing.
ARCON provides state-of-the-art technology aimed at mitigating information systems related risks. The company’s Privileged Access Management solution enables blocking unauthorized access to ‘privileged access’, while its Secure Configuration Management solution helps to comply with Governance, Risks, and Compliance (GRC) requirements .
Need a solution for safeguarding critical IT assets? Please contact us