In our ever increasingly connected and sophisticated world, it seems that news of hacking attempts and egregious breaches continue unabated. One week it’s over 20 million records from the U.S. Government’s Office of Personnel Management and the next it is the appropriation of US$81 million from the central bank of Bangladesh. No one or entity is immune. As long as there is money, there will be bad actors challenging the security models.
A SWIFT Response
SWIFT, the cooperative established in 1973 to send and receive fund transfer messages between banks, is the latest to have suffered from the breach of a member institution and have its name thrown about in the public forum. It is not the first time. Used by over 11,000 institutions, processing over 15 million messages a day, it’s no wonder the organization is targeted.
In response, last month SWIFT announced its latest program to combat fraud which will focus on five mutually reinforcing strategic initiatives:
- Improve information sharing amongst the global community
- Enhance SWIFT related tools for customers
- Enhance guidelines and provide audit frameworks
- Support increased payment patterns control
- Enhance support by third party providers
In the case of the central bank of Bangladesh, cyber criminals hacked the systems of the host bank and gained access and the ability to generate and confirm SWIFT instructions. SWIFT CEO Gottfried Leibbrandt was quick to point out that “While we (and other providers) give tools and software to our customers, our customers run these in their own environment and need to keep them secure.” He added that, “[w]e cannot secure our customers’ environments and cannot assume responsibility for that.”
Financial institutions make it easy for hackers and bad actors once inside their network. Access to critical banking and business applications all too often rely on basic two-factor authentication, such as simple login and password. Legitimate users intensify the challenge by using the same passwords for Windows login and application logins, and undermine the inherent stronger nature of long complex passwords that frequently change by writing them down and posting them in an insecure environment. Yet the problem doesn’t stop there, system administrators can go largely unchecked and wield unfettered access to data and sensitive applications. In an environment such as this, how does one tie an irrefutable proof-of-presence and auditability to each login or transactional event?
Thankfully best practices abound for secure authentication of network and application users, as do the myriad of solutions available. However, the fundamental challenge facing IT administrators and risk officers is the level of complexity, time to implement and cost associated with advanced multi-factor authentication solutions.
DigitalPersona Altus advanced multi-factor authentication was thoughtfully developed to overcome the complexities of today’s modern IT environment, providing quick and easy implementation that is economic to deploy and maintain. Offering the widest array of factors, including biometrics, DigitalPersona Altus provides the security, convenience and auditability that you can trust.
As marketing lead for Crossmatch, John is actively involved in championing identity management and biometrics technology solutions. His involvement and fascination with leveraging technology to address unique business challenges began earlier in his career, as Product Manager for GE’s Imagination Breakthrough innovation, VeriWise, a satellite-based asset intelligence and tracking solution for the transportation industry. He later went on to run sales and marketing for Vectronix, Inc., a subsidiary of a Switzerland-based producer of electro-optic and north-finding devices for military and law enforcement applications. John currently serves on the Board of the International Biometrics & Identity Association (IBIA).