In the beginning of 2016, there is a surge of requests from financial institutions to upgrade the security features these requests ranges from enabling Multi-Factor Authentication (MFA) for Retail and / or Corporate Internet Banking Portals to Secure Remote Access Applications.
The surge of requests may be attributed to the recent internet hacking incidents that made it to the worldwide headlines, prompting the various central banks to issue instructions for financial institutions to further enhance the security feature for both customer facing application such as internet banking or remote access applications egvpn / remote desktop service.
According to Wikipedia.com, “In February 2016, instructions to steal US$951 million from Bangladesh Bank, the central bank of Bangladesh, were issued via the SWIFT network. Five transactions issued by hackers, worth US$101 million and withdrawn from a Bangladesh Bank account at the Federal Reserve Bank of New York, succeeded, with US$20 million traced to Sri Lanka (since recovered) and US$81 million to the Philippines (about $18 million recovered). The Federal Reserve Bank of NY blocked the remaining thirty transactions, amounting to US$850 million, at the request of Bangladesh Bank”. This incident must be one of the biggest heist of all-time, prompting a string of resignations from the governor of Bangladesh Bank to the presidents of banks that were implicated in the scam. This is probably the first incident that involves government agency with private financial institutions via a global banking network.
Key weaknesses have been attributed to lack of proper anti-virus software for desktops, used to fulfil the transactions in-adequate network protection devices such as firewall and lack of remote access control procedures.
We need to be aware that SECURITY for both local and remote user access is no longer an afterthought or just barely fulfilling a checklist for compliance purposes. The impact can cost hundreds of millions, and hackers are using more complicated methods and tools of gaining access or trust to global financial network.
Investing into network protection devices is compulsory and highly recommended to secure user access via Multi-Factor Authentication. Username and password is insufficient to access high value transactions related applications. We need to wake up and face realities.