Banks and cy­ber threat

The Pak Banker - - FRONT PAGE -

An of­fi­cial of Fed­eral In­ves­ti­ga­tion Agency has claimed that the data of ma­jor Pak­istani banks have been hacked. Ac­cord­ing to FIA Cy­ber Crimes Di­rec­tor ( retd) Capt Mo­ham­mad Shoaib, the banks chiefs have not shared the de­tails with the au­thor­i­ties, how­ever, our in­ves­ti­ga­tions con­firmed the in­ci­dents of data theft in ' al­most all' banks.

The re­ports of re­ported cy­ber at­tack on a Pak­istani banks and fi­nan­cial in­sti­tu­tion have sent an alarm bell ring­ing across the fi­nan­cial sec­tor, and the lessons must be learnt quickly. The hack­ers lo­cated abroad have stealth Rs3.6m ac­cord­ing to the bank it­self - but the fig­ure could have been much larger. More im­por­tantly, the at­tack ex­posed the vul­ner­a­bil­ity of Pak­istan's fi­nan­cial sys­tem to cy­ber at­tacks at a time when an­other sim­i­lar tech­nol­ogy- re­lated breach was re­ported in the data­base of the Cen­tral Direc­torate of Na­tional Sav­ings that holds up to Rs3.65 tril­lion in de­posits from in­di­vid­ual and in­sti­tu­tional in­vestors. The na­ture of the breach in the two cases is very dif­fer­ent, but both have served to high­light the fact that the coun­try's fi­nan­cial sys­tem has pow­er­ful vul­ner­a­bil­i­ties that could lead to largescale dam­age if not plugged prop­erly.

In the wake of the hack­ing at­tack, it was dis­cov­ered that the en­tire se­cu­rity ar­chi­tec­ture of the bank­ing sys­tem is flawed. For ex­am­ple, one would ex­pect that an at­tack on one in­sti­tu­tion would trig­ger an alert for all other in­sti­tu­tions so that they can take pre­ven­tive steps. One would also ex­pect that the alert would be shared with the State Bank and the pay­ment op­er­a­tor in a timely man­ner so that they can put in place the mea­sures nec­es­sary to plug the breach, as well as pro­tect cus­tomers. But no such sys­tem for gen­er­at­ing alerts ex­ists, and in­di­vid­ual fi­nan­cial in­sti­tu­tions would pre­fer to bury the news of an at­tack and cover up its im­pact in the hope that no­body, save for a few cus­tomers who have been af­fected, will find out, so that they can re­turn to busi­ness as usual.

With the emer­gence of mo­bile bank­ing and the fast growth of in­ter­net bank­ing, it is more im­por­tant for banks and other fi­nan­cial in­sti­tu­tions to fo­cus on cy­ber se­cu­rity and have in­dus­try­wide pro­to­cols on how to re­act when a breach is known to oc­cur. Bio­met­ric ver­i­fi­ca­tion can play a role in this, as it does in mo­bile bank­ing, as well as real- time mon­i­tor­ing of the IT sys­tems of all fi­nan­cial in­sti­tu­tions. The State Bank needs the co­op­er­a­tion from the banks. But other in­sti­tu­tions, like CDNS and the Cen­tral De­pos­i­tory Cor­po­ra­tion also need to be brought into this ef­fort, along with bro­ker­ages.

The State Bank can sit down with the man­age­ment of the Pak­istan Stock Ex­change and the Se­cu­ri­ties and Ex­change Com­mis­sion of Pak­istan, along with FIA cy­ber­crime ex­perts and pri­vate- sec­tor cy­ber ac­tivists, and lead a process to de­ter­mine the full scope of pro­tec­tions re­quired to safe­guard the fi­nan­cial sys­tem from fu­ture at­tacks. The cy­ber threat should not be taken lightly be­cause the next at­tack could be far big­ger.

Newspapers in English

Newspapers from Pakistan

© PressReader. All rights reserved.