Recently a cyber-security alert has been issued to banks by the Federal Financial Institutions Examination Council is shortly known as FFIEC. The alert is on cyber security of the interbank messaging system. The warning is the latest one to the banks after Bangladesh Bank has lost an enormous amount of money in a recent attack by hackers.
Reports on Breaching of Interbank Messaging System:
After the assault on the Bangladesh Bank, there are some reports according to which some other banks have breached their interbank messaging system. The SWIFT banking network issued a warning that one more bank had been attacked. The name of the bank is unknown. According to the reports of BAE Systems Applied Intelligence division, the Bank was a commercial bank in Vietnam. A warning to the banks has been issued by the Federal Bureau of Investigation.
The recent hacking attacks have no direct link of breach to the central systems of SWIFT Banking Network but the client side messaging components has been compromised by these attacks.it does rely on the client-side messaging components being compromised. The both recent attacks done by the hackers are done using profound and classic knowledge of detailed controls or may be by cyber-attacks. There is a chance that these attacks are accomplished with the help of both.
About what the FFIEC warned the banks?
In the view of the two most recent attacks the FFIEC has alerted the banks that they should keenly manage the risks that are related to the interbank messaging system. This is done to warn financial institutes again that they should go through the controls in IT and check their practices used in risk management. The institutes should particularly need to pay attention to the authorization, authentication, response management systems and other processes.
How can Banks Reduce the Risk?
The statement provides a list of steps that can be used whenever any bank is looking to mitigate the chance. The steps that can be utilized are as follows:
- The institutes should conduct ongoing info security risk evaluations.
- Around critical systems, the organizations should regularly enforce and assess controls.
- The should perform risk mitigation, prevention and security monitoring.
- Protection against any unauthorized access should be done.
- They should improve awareness about information security and training programs.
- Business continuity risks should be managed.
- The institutes should take part in industry information-sharing forums.
The above seven steps are critical as the FFIEC is merely concerned about financial institutions. The steps can be adopted by any IT security team as they are very easy to implement. These seven steps can prove an excellent initiative for the audit committees that are working inside the companies to evaluate the enterprise’s security.
Small countries are the focus of the attacks as well as the banks that are having tiny security in different parts that possess an IT environment. As the attackers are refining their expertise and they are increasing their learning about the interbank messaging systems, they will not take much time to attack the larger financial institutions as well as the banks.