Banks and cyber threat
An official of Federal Investigation Agency has claimed that the data of major Pakistani banks have been hacked. According to FIA Cyber Crimes Director ( retd) Capt Mohammad Shoaib, the banks chiefs have not shared the details with the authorities, however, our investigations confirmed the incidents of data theft in ' almost all' banks.
The reports of reported cyber attack on a Pakistani banks and financial institution have sent an alarm bell ringing across the financial sector, and the lessons must be learnt quickly. The hackers located abroad have stealth Rs3.6m according to the bank itself - but the figure could have been much larger. More importantly, the attack exposed the vulnerability of Pakistan's financial system to cyber attacks at a time when another similar technology- related breach was reported in the database of the Central Directorate of National Savings that holds up to Rs3.65 trillion in deposits from individual and institutional investors. The nature of the breach in the two cases is very different, but both have served to highlight the fact that the country's financial system has powerful vulnerabilities that could lead to largescale damage if not plugged properly.
In the wake of the hacking attack, it was discovered that the entire security architecture of the banking system is flawed. For example, one would expect that an attack on one institution would trigger an alert for all other institutions so that they can take preventive steps. One would also expect that the alert would be shared with the State Bank and the payment operator in a timely manner so that they can put in place the measures necessary to plug the breach, as well as protect customers. But no such system for generating alerts exists, and individual financial institutions would prefer to bury the news of an attack and cover up its impact in the hope that nobody, save for a few customers who have been affected, will find out, so that they can return to business as usual.
With the emergence of mobile banking and the fast growth of internet banking, it is more important for banks and other financial institutions to focus on cyber security and have industrywide protocols on how to react when a breach is known to occur. Biometric verification can play a role in this, as it does in mobile banking, as well as real- time monitoring of the IT systems of all financial institutions. The State Bank needs the cooperation from the banks. But other institutions, like CDNS and the Central Depository Corporation also need to be brought into this effort, along with brokerages.
The State Bank can sit down with the management of the Pakistan Stock Exchange and the Securities and Exchange Commission of Pakistan, along with FIA cybercrime experts and private- sector cyber activists, and lead a process to determine the full scope of protections required to safeguard the financial system from future attacks. The cyber threat should not be taken lightly because the next attack could be far bigger.