Site icon Pakistan & Gulf Economist

Cyber Heist – the other side of the (digital) coin

Cyber Heist - the other side of the (digital) coin

[dropcap]A[/dropcap]s incredible as it may seem in this hyper-connected, technologically advanced era, half the planet’s population exist as “financial nomads”—those who nourish and shelter themselves without using traditional banking services. While the wealthy live at the top of a metaphorical pyramid, taking financial security and banking services for granted, there are billions of people who struggle at the pyramid’s base in an exhausting state of financial exclusion and insecurity. Times are changing rapidly, but despite global uncertainty, technology has the capacity to reach and equip people in all walks of life. Advances in communications have reconfigured the ease with which we interact with our money-and these advances can provide innovative financial services to the unbanked and underserved around the world.

While widespread and ever-increasing automation at financial institutions has brought tremendous production and operational efficiencies in the industry, it has simultaneously given rise to cyber threats and attacks on transactions conducted through online branches, branchless banking and the internet; payment systems for intra/interbank settlement and credit information of consumers etc. are also at risk. Meanwhile, a large-scale hacking attack may involve stealing a company or an individual’s intellectual property; seizing and unauthorized usage of online bank accounts (leading to monetary loss); creating and distributing malware on the Internet (networks, computers, laptops, smartphones, tablets, smart TVs etc.) and illegally accessing and then disclosing confidential business information to the detriment of the firm’s reputation.

Financial institutions, a major constituent of the national critical infrastructure, are the key target for cyber criminals and malicious insiders because they are the richest source of intellectual property and offer direct access to monetary assets. The multi channel and distributed environment of financial firms offers a fertile ground for cyber crimes. However, the threat is not only from outsiders, as in many cases,insiders (with deep knowledge of security protocols) are also involved.

Globally, numerous institutions have faced multiple types of cyber heists and attacks over the last 15 years; these include AT&T, British Airways, Citigroup, Facebook, Gmail, JPMorgan Chase, HP, Saudi Aramco, Sony, etc. resulting in a loss of monetary assets, theft of confidential and intellectual information and disclosure of non public information etc. Because of the sensitivity of the damage and the consequential secrecy maintained by victims, many factors remain unknown and can only be guessed and based on reportedor alleged claims in the public domain.

In the wake of one of the largest cyber heists in history, hackers and cyber criminals were able to direct the Federal Reserve Bank of New York to transfer about US$1 billion from the account of the Bangladesh central bank in 2016. In the end, around US$81 million were transferred from the Bangladesh central bank’s account with the New York Fed to accounts in the Philippines through SWIFT. SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, is a Belgium-based cooperative that is owned by 3,000 banks and bills itself as “the world’s leading provider of secure financial messaging services.” It is now used by 11,000 banks globally, every day and processes around 25 million communications that collectively account for billions of dollars’ worth of transfers.

As per multiple security analysts and experts, this breach happened through one or more threats such as:

This major cyber heist incident should be treated as an eye-opener and attention should be paid to the institutions automated business environment. Due to the rising global threat of cyber heists, breaches and disclosure of confidential information, all stakeholders, including financial firms, government authorities and customers must collaborate and stay vigilant and risk aware against combating emerging cyber threats, attacks and associated risks in constantly evolving threat and attack landscape.

Cyber defense mechanisms across institutions must be optimized and made proactive. These should be supplemented by the following provisions:

[ads1]

In order to tackle the evolving cyber security challenges in combating internal and external cyber threats and attacks against institutions automated business environment, the following: Critical Cyber Security Controls for Effective Cyber Defense have been introduced by “The Center for Internet Security” (CIS) as an actionable, preemptive, conducive and enabling approach.

[box type=”note” align=”” class=”” width=””]The writer is a Karachi based freelance columnist and is a banker by profession. He could be reached on Twitter @ReluctantAhsan[/box]

Exit mobile version