A report by Retuers revealed that SWIFT, the financial global messaging system, has disclosed new hacking attacks on its member banks following on from February’s high-profile $81 million heist at Bangladesh Bank. Following the new disclosures SWIFT have pressured their member banks to comply with new security procedures, suggesting that cyber thieves may have specifically targeted banks with lax security procedures for SWIFT-enabled transfers. IT security experts from VASCO, Balabit, FireMon and HPE Security – Data Security commented below.
Shane Stevens, Data Security Director of Omni-Channel Identity and Trust Solutions at VASCO:
István Szabó, PhD, Product Manager at Balabit:
“The better method is for participating organizations to monitor their privileged users, build user specific profiles and apply behavior analytics on top of that. Profiles can be obtained from mouse movements, keystroke habits, command usage regularity, users IP / port and protocol in a transparent way if using a proxy based monitoring technology. The habits of every individual user are unique indicators and impossible to copy. These profiles provide a baseline of normal behavior for individual users, and algorithms can detect anomalies in real time when someone is performing a harmful action, giving security teams a chance to cope with the threat.
“This approach adds an additional layer complementing the existing security infrastructure and focusing on threats that were undetected and unmatched, allowing full visibility over the privileged user activities of internal or external (3rd party) staff members and authorized users. It gives organizations faster response and forensic capabilities, it highlights gaps in IT security, and it provides a clean and simple indication on suspicious anomalies.
Dawid Kowalski, Technical Director EMEA at FireMon:
Latest revelations show that for at least one of the attacks on banks, there was lack of firewall management, not to mention any security posture assessments or event correlation. To improve security, banks and other organisations have to increase importance of cyber-security risks by measuring real-time security concerns, integrate management of multiple security solutions like firewalls, IPS, AV, end-point security, etc. under the single umbrella of a security intelligence platform.
There is also a need to correlate events automatically in real-time as part of rapid event triage coming from multiple sources, including mail systems, database systems and other infrastructure and end-point oriented security solutions.
One of the biggest challenges these days is not a lack of solutions, but spread of data across different data silos. Often this leads to security experts responsible for end-point solutions failing to discuss alarms with firewall experts. SIEM solutions tried to address some of these aspects, but the lack of capability to process unstructured data and the fact that they have a limited set of supported data format proves the need for real-time automated security analytics and threat hunting.”
George Rice, Senior Director, Payments at HPE Security – Data Security:
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.