The Central Bank has warned financial institutions to do more to protect their customers from technology failures and from cybersecurity threats. The regulator issued guidelines to banks and called on them to improve the security and resilience of their IT systems, governance and management.
Dermot Williams, the managing director of IT security company Threatscape, said that as well as the big risks of attacks and hacks, banks have to be also aware of their standard basic operational IT principles like continuity, emergency plans, disaster recovery and even chain management. Banks should be viligiant against doing something which knocks their systems off for 12 hours and leaves people unable to access their accounts or get money out of ATMs. The Central Bank said that banks’ boards and directors have to make being on top of what their IT people are doing as one of their top priorities and also that their IT people are aligned with the banks’ business objectives and they are not just doing projects for projects’ sake. They need to be delivering service which increases the availability and effectiveness of their IT as a business objective, Mr Williams stated.
He said that because of the nature of how electronic banking and the Swift network work, a cyber attack can empty out an account in seconds. Citing a recent attack in Bangladesh, he said that hackers managed to breach the systems of that country’s central bank in January. They spent a few weeks inside the network, watching what was going on and understanding the procedures as well as getting access to systems. Then when the bank was closed for two days, they organised 35 different Swift transfer requests which totalled $951m. This money was transferred to a bank in New York, which normally processes such requests for the Bangladesh bank and before they realised anything was wrong – including the fact that the bank in Bangladesh should not have been sending such requests because they were closed – over $100m had been transferred out. A large amount of that money went to the Philippines, where it was quickly transferred to a casino and withdrawn in cash and never seen again. About $80m eventually disappeared.
To listen to the full interview, please click here.