At the beginning of 2016, there was a surge of requests from financial institutions to upgrade the security features these requests range from enabling Multi-Factor Authentication (MFA) for Retail and/or Corporate Internet Banking Portals to Secure Remote Access Applications.
The surge of requests may be attributed to the recent internet hacking incidents that made it to the worldwide headlines, prompting the various central banks to issue instructions for financial institutions to further enhance the security feature for both customer-facing applications such as internet banking or remote access applications eg.vpn / remote desktop service.
According to Wikipedia.com, “In February 2016, instructions to steal US$951 million from Bangladesh Bank, the central bank of Bangladesh, were issued via the SWIFT network. Five transactions issued by hackers, worth US$101 million and withdrawn from a Bangladesh Bank account at the Federal Reserve Bank of New York, succeeded, with US$20 million traced to Sri Lanka (since recovered) and US$81 million to the Philippines (about $18 million recovered). The Federal Reserve Bank of NY blocked the remaining thirty transactions, amounting to US$850 million, at the request of Bangladesh Bank”. This incident must be one of the biggest heists of all-time, prompting a string of resignations from the governor of Bangladesh Bank to the presidents of banks that were implicated in the scam. This is probably the first incident that involves a government agency with private financial institutions via a global banking network.
Key weaknesses have been attributed to lack of proper anti-virus software for desktops, used to fulfill the transactions inadequate network protection devices such as firewall and lack of remote access control procedures.
We need to be aware that SECURITY for both local and remote user access is no longer an afterthought or just barely fulfilling a checklist for compliance purposes. The impact can cost hundreds of millions, and hackers are using more complicated methods and tools of gaining access or trust in the global financial network.
Investing in network protection devices is compulsory and highly recommended to secure user access via Multi-Factor Authentication. Username and password are insufficient to access high-value transactions related applications. We need to wake up and face realities.