Is your money safe enough even in the ‘safest’ of places?
Banks are at increasing risk of cyber-crime, as revealed by a series of thefts using vulnerabilities in the SWIFT network. Taking advantage of cheap network switches and a lack of firewalls, cyber criminals gained access to the Bangladesh Central Bank and executed a range of fraudulent financial transfers totalling $80m. Worryingly, it was only a spelling mistake in another transfer that prevented the thieves from escaping with much more.
This is not an isolated incident. A similar robbery targeting an Ecuadorian bank to the tune of $12 million, highlights that banks are under constant attack. Banks in low and middle-income nations are particularly at risk, and their less sophisticated defence mechanisms are being targeted.
Bank robbery – a changing game
Gone are the days of John Dillinger or Bonnie and Clyde marching into a bank, holding up the staff and walking out with millions. Criminals do not need a pistol, a ski mask or a grasp of crowd control! All they need is a laptop, an internet connection and a chink in the enemy’s armour to strike for millions.
Malware has advanced significantly in recent years. The Bangladesh heist used advanced malware to bypass validity checks, and intercept and destroy confirmation messages regarding the transfers, preventing detection of the theft.
Banks are worried, particularly in the Asia Pacific and South East Asia regions. The Shanghai Higher People’s Court reported over 2,000 cases of financial crime in 2012, with 88% of this being credit card fraud while in the same year in Singapore 700 account holders lost a combined SGD$1 million. In emerging markets such as Vietnam, Cambodia and the Philippines, bank accounts contain much more than they once did and online banking is on the rise: it would be naive to think these aren’t a potential target for cyber-fraudsters.
Asian banks are still un-prepared
The biggest challenge facing banks in the ASEAN region is the lack workforce capability. Bank employees have been conned by ‘phishing’ and other forms of email fraud into approving wire transfers to offshore bank accounts controlled by criminals. Ou Phanarith, Cambodia’s director of ICT Security at the Ministry of Posts and Telecommunications recently remarked:
“Students and employees at banks need to learn about cyber security. Unfortunately we lack the ICT certification courses to fight against cyber crime.”
He went on to point out that Cambodia ranked only above Laos for cyber security capabilities in the region. Clearly, the onus is on financial institutions to tighten up security and become more savvy in this field.
Proactive action is required
Banks need to be taking tangible steps to prepare now for future cyber attacks. Potentially vulnerable parties must know firstly if, and then where their weakness are.
Black Box penetration testing is a proactive solution, using military-qualified security experts to test your system for weaknesses. Any areas susceptible to cyber hacking are identified and detailed to you in a confidential report. Furthermore, we lay out a clear path of action to resolving these issues.
Get in touch with SMCS Risk to find out more about how we can help you secure your bank from the very real and growing risk that is cyber crime.