Banks and other organizations in the finance sector quickly became high-value targets as an increasing number of assets were digitized. Thus, while extremely alarming, the recent breach of Bangladesh Bank that very nearly resulted in $900 million being lost isn't terribly surprising. Hackers have extorted hospitals, stolen from government agencies and pilfered retail databases of customer credit cards. Why wouldn't they try to rob banks digitally?
Moreover, why would they stop at just one?
A foreboding warning becomes a swift reality
In the wake of what has been referred to as a heist of historic proportions, SWIFT – a global financial network used for massive money transfers – issued an unsettling warning to banks all over the world: It had become aware of "a number of recent cyber incidents" in which criminals were using its messaging platform to orchestrate further heists.
According to Reuters, this gloomy forecast was evidence that the Bangladesh breach was in fact only one among several plots that sought to "take advantage of the global messaging platform [SWIFT] used by some 11,000 financial institutions."
And unfortunately, where there's smoke, there's fire. The New York Times reported on May 12 that SWIFT had been hit again. This time, the financial network declined to identify the name of the affected bank, or the amount of money that was stolen. What we do know is that the nature of the attacks was extremely similar, leading SWIFT officials to believe that the incidents were related.
In both cases, the breaches entailed credential theft that enabled hackers to get on the network. Once in, they "installed malware on bank computers to disguise their movements." From here, they apparently succeeded in moving funds into foreign accounts.
How can this be avoided in the future?
One of the worst parts about this realized portent is that it could happen again. The fact that it happened once was already cause for concern, especially since more than $80 million dollars was stolen, and the only reason it wasn't more is because of typo a hacker made in a transfer request. But that it happened a second time, and may happen yet again in the very near future, significantly escalates the severity of the situation.
If anything, these recent occurrences should be viewed as instructive for all organizations – but especially for any company in the finance sector. That these thefts are occurring on what is supposed to be one of the most secure systems in the world highlights the fact that anyone can be breached, and that the consequences can be costly. Furthermore, the overlapping similarities between these robberies amplifies how important it is for organizations to maintain unyielding vigilance regarding what's going on in their networks.
"What once cost hundreds of thousands of dollars is now attainable at a sliver of the price."
In the past, network administrators would attempt to monitor their own computing environments using security information and event management (SIEM) software. The problem with this is that SIEM software took months, and sometimes even up to a year, to properly deploy. Not to mention, the upfront costs were exorbitant, and most network admins weren't certified cybersecurity experts capable of managing the SIEM. Therefore, the company either had to hire more staff, or risk mismanagement of the solution.
A cost-efficient, modern and significantly more sensible solution for mid-market financial institutions is a security operation center. A Cyber-SOC, also referred to as SOC-as-a-Service, supplies the network monitoring software, but it also lets organizations leverage the knowledge base of an entire team of security engineers. These highly certified professionals constantly patrol the network for suspicious activity. Additionally, they provide regular assessments of how secure the network is, so as to illuminate vulnerabilities before they can be exploited by cybercriminals. What once cost hundreds of thousands of dollars is now attainable at a sliver of the price, and it comes with cybersecurity pros who do all the heavy lifting.
For a networking monitoring service that will safeguard the bank without breaking it, go with a Cyber-SOC.