Sitting Ducks

Sitting Ducks

The fact that the hackers have been able to breach some of the most secure financial networks is a stark reminder that we were probably a few clicks away from losing not only our money to cyber pirates, but also our identity and other sensitive information.

Advertisement
Dipak Mondal
  • May 5, 2016,
  • Updated May 5, 2016 1:09 PM IST

When hackers attacked the Bangladesh Bank network in February, stealing $81 million - touted by many as one of the biggest bank heists so far - nobody knew that cyber attackers have been able to send what looked like 'legitimate' SWIFT money transfer instructions.

It was only recently that SWIFT network - the global messaging network through which financial institutions send payment instructions through a system of codes - acknowledged that "it is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network".

Advertisement

SWIFT Network is used by 11,000 banks and financial institutions to send banking transaction instructions. The network processes around 25 million messages daily for transactions worth billions of dollars.

SWIFT in an official statement has said that it is not their network that has been breached but that of its customers. "We reiterate that the SWIFT network itself was not breached. our core messaging services have not been compromised. There is a full investigation underway, on what appears to be a specific and targeted attack on the victim's local systems. SWIFT is not in a position to comment on the outcome or conclusions of this investigation at this stage. Our priority at this time is to encourage customers to review and, where necessary, to reinforce their local operating environments." 

Advertisement

However, the fact that the hackers have been able to breach some of the most secure financial networks is a stark reminder that we were probably a few clicks away from losing not only our money to cyber pirates, but also our identity and other sensitive information.As every detail and data under the sun is getting digitised and stored in secure codes in computer servers across the world, the danger of them being exposed to unscrupulous computer geeks breaking into secured networks has grown manifold.

Cyber security experts say the risk is enormous, but there is lack of urgency at many levels. Says Gupta: "Our fundamental view is that it is no longer a technology risk, it is a business risk and until organisations are mature enough to start looking at it as a business risk, the risk of such attacks will be very significant."

Advertisement

Experts also believe the level of awareness about the risks of data theft is not very high in India. "People do not realise that personal data stolen can be used by hackers to assume the identity of a person to take loan, credit cards and even use it to avail social security benefits," says Khurana.

The breach can happen at any level. Therefore, Gupta says, whenever organisations engage with a third party, they must also give proper importance to its cyber security system. "In most cases, however, the due diligence process is mostly about the third-party's financials and not so much about its cyber security structure," he adds. The key to avoiding cyber security threats is to identify the most vulnerable assets, say cyber experts, as given the frequency and scale of cyber attacks, such negligence can prove too costly.

When hackers attacked the Bangladesh Bank network in February, stealing $81 million - touted by many as one of the biggest bank heists so far - nobody knew that cyber attackers have been able to send what looked like 'legitimate' SWIFT money transfer instructions.

It was only recently that SWIFT network - the global messaging network through which financial institutions send payment instructions through a system of codes - acknowledged that "it is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network".

Advertisement

SWIFT Network is used by 11,000 banks and financial institutions to send banking transaction instructions. The network processes around 25 million messages daily for transactions worth billions of dollars.

SWIFT in an official statement has said that it is not their network that has been breached but that of its customers. "We reiterate that the SWIFT network itself was not breached. our core messaging services have not been compromised. There is a full investigation underway, on what appears to be a specific and targeted attack on the victim's local systems. SWIFT is not in a position to comment on the outcome or conclusions of this investigation at this stage. Our priority at this time is to encourage customers to review and, where necessary, to reinforce their local operating environments." 

Advertisement

However, the fact that the hackers have been able to breach some of the most secure financial networks is a stark reminder that we were probably a few clicks away from losing not only our money to cyber pirates, but also our identity and other sensitive information.As every detail and data under the sun is getting digitised and stored in secure codes in computer servers across the world, the danger of them being exposed to unscrupulous computer geeks breaking into secured networks has grown manifold.

Cyber security experts say the risk is enormous, but there is lack of urgency at many levels. Says Gupta: "Our fundamental view is that it is no longer a technology risk, it is a business risk and until organisations are mature enough to start looking at it as a business risk, the risk of such attacks will be very significant."

Advertisement

Experts also believe the level of awareness about the risks of data theft is not very high in India. "People do not realise that personal data stolen can be used by hackers to assume the identity of a person to take loan, credit cards and even use it to avail social security benefits," says Khurana.

The breach can happen at any level. Therefore, Gupta says, whenever organisations engage with a third party, they must also give proper importance to its cyber security system. "In most cases, however, the due diligence process is mostly about the third-party's financials and not so much about its cyber security structure," he adds. The key to avoiding cyber security threats is to identify the most vulnerable assets, say cyber experts, as given the frequency and scale of cyber attacks, such negligence can prove too costly.

Read more!
Advertisement