The Bank of England has recently instructed all UK banks to conduct compliance checks to ensure they’re abiding by best security practices following the $81 million cyber robbery of the Bangladesh Bank.
These checks are designed to ensure that the banks are following the advice of the inter-bank messaging system supplier, Swift, which has been at the forefront of the recent Bangladeshi cyber heist.
User entitlement reviews will be conducted to ensure that only legitimate employees have access to the Swift network as well as Indicators of Compromise checks. All banks have also been instructed to upgrade their key Swift Alliance Software by mid-May.
This incident is not limited to the Bangladesh Bank either. In fact, Vietnamese lender, Tien Phong Bank, recently admitted to having identified and stopped an attempted theft of over $1 million through a third party provider that manages its connection to the Swift network. Coincidently, Swift issued a notice urging banks to review their security controls around the same time.
Bangladeshi employees claim Swift is solely to blame, as technicians left several security holes while connecting the banks real time gross settlement system to the Swift Network. Swift, however, has consistently maintained that the banks themselves are always to blame.
At NNT, we understand the importance of achieving, proving and remaining compliant, no matter what compliance standard you must abide by.
Our intuitive Closed Loop Intelligent Change Control massively reduces the once overwhelming number of false positives associated with change control, making the spotting of potentially harmful changes vastly easier. This unique featured for assisting changes within the IT estate allows you to classify to change as a healthy intended change or a potentially harmful change. In addition, our integrated threat intelligence allows you to query changes against known and trusted whitelists to provide further reassurance of ongoing cyber security and compliance.
NNT is a certified member of the Center for Internet Security and we provide real-time vulnerability monitoring for all systems. This means our customers are always reassured that the information relating to their compliant state is of the best quality and is available in real time rather than on a planned basis.
Read this article on InfoSecurity Magazine