Typically, a bank’s customers throng in front of its gates when they fear that their hard-earned money might get disappeared due to financial institution’s irregularities. On so many occasions, as recently as the EU debt crisis, we saw vexed faces queuing up in front of banks, concerned over possible insolvency.
But in today’s environment, where banks increasingly conduct operations through computer networks, panic-laden customers can rush towards banks if they believe that their deposits are not safe due to fragile online defenses.
Indeed, UK-based Tesco bank became the latest target of high-tech cyber criminals, a few days ago. Thousands of its customers witnessed money moving out of their accounts, which cyber experts termed as the biggest cyber theft in Britain’s history. The bank’s management said that a week before the crime, it found unusual activities in about 40,000 current accounts. Some 20,000 accounts, eventually lost money.
The bank after the unprecedented robbery said that it will compensate its customers. It later repaid £2.5 million; but it lost its brand reputation.
A spate of high-profile cyber thefts this year, including bank heist incidents like that of the Central Bank of Bangladesh in which cyber frauds stole $81 million — point out one thing: a highly sophisticated cyber criminals are always prepared to take advantage of IT vulnerabilities that financial institutions fail to patch. Slightest of compromise on IT security, cyber frauds will quickly pounce on banks’ computer systems and can instill unfathomable damage.
In most cases, cyber criminals are able to gain access inside an organization’s IT inner periphery due to absence of effective identity and access control management in its IT ecosystem. Privileged identities, accounts with elevated authorization to access critical database and application serves, are not properly administered.
In the case of Tesco, a cyber security professional, according to the Financial Times, pointed out that “either something else has been stolen that sits behind the bank or have found a way to do it repeatedly”. Which means cyber criminals who conspire to con banks are usually privy to all highly classified information. It could be an insider, a disgruntled or former employee, or external malefactor that have access keys to systems’ advanced secure configuration.
Sooner banks realize this, better it would be for their IT security.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behavior Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.
Need a solution for safeguarding critical IT assets? Please contact us