Prof. Jayanth R. Varma's Financial Markets Blog

Photograph About
Prof. Jayanth R. Varma's Financial Markets Blog, A Blog on Financial Markets and Their Regulation

© Prof. Jayanth R. Varma
jrvarma@iima.ac.in

Subscribe to a feed
RSS Feed
Atom Feed
RSS Feed (Comments)

Follow on:
twitter
Facebook
Wordpress

March
Sun Mon Tue Wed Thu Fri Sat
   
12
   
2016
Months
Mar
2015
Months

Powered by Blosxom

Sat, 12 Mar 2016

Bangladesh Bank hacking is yet another wake up call

A year ago, I blogged about the Carbanak hacking and thought that it was a wake up call for financial organizations to improve their internal systems and processes to protect themselves from patient hackers. The alleged patient hacking reported this week at the central bank of Bangladesh shows that the lessons have not been learned. There is too much of silo thinking in large organizations – cyber security is still thought to be the responsibility of some computer professionals. The reality is that security has to be designed into all systems and processes in the entire organization. Institutions like central banks that control vast amounts of money need to defend in depth at all levels of the organization. Physical security, hardware security, software security and robust internal systems and processes all contribute to a culture of security in the whole organization. In my experience, even senior management at large banking and financial organizations have a highly complacent attitude towards security that makes the organization highly vulnerable to a patient and determined hacker.

For example, there is no reason not to have a dedicated terminal for large (say $100 million) SWIFT transactions. Cues like dedicated hardware tends to make humans more alert to security considerations. In the paper world, we went to great lengths to institutionalize such cues. For example, the law on cheques permits cheques to be written on plain paper (the law only says “instrument in writing”), but in practice it was always written on special security paper. The importance of keeping blank security paper under lock and key was drilled into every person who worked in a bank from the chairman to the messenger boy. I have yet to see any similar attempt to inculcate a culture of computer security in any bank.

Posted at 22:03 on Sat, 12 Mar 2016     0 comments     permanent link

Comments...