The recent exposé that the Carbanak cyber crime gang took some $1bn from financial institutions points again to an apparent lack of awareness of information security – not just in the financial institutions, but generally across all industries and indeed the home. 
Is it a case of looking for new technologies? Well maybe, but there are some pretty sophisticated systems already available, which begs the question of whether these systems are being effectively used.

For example, there is no point in having a hundred video cameras covering every aspect of a building if you only employ one guard to monitor them. But sophisticated monitoring technology properly set up and tended is not the be all and end all.
Simple things like ensuring that file properties are correct and minimal for effective use and ensuring that the least privilege principle is applied for all authentication and authorisation purposes will help. Organisations should also ensure there are no default or shared passwords, and enforce password complexity. 
Additionally, applications and operating systems should be maintained and patched up to date, ensuring that server firewalls are activated and that all firewall rules are regularly reviewed to check they are fit for purpose. All of these steps will go a long way in defeating the cyber criminal.
Peter Wenham is a committee member of the BCS Security Forum strategic panel and director of information assurance consultancy Trusted Management.
Read more about Carbanak cyber attacks
Security Think Tank: Education, process and technology key to security challenge
Security Think Tank: Enhanced cyber security requires change in attitude
Security Think Tank: Carbanak requires people, process and tech, but mostly people
Security Think Tank: People and process remain the soft underbelly of banks
Security Think Tank: Carbanak attacks highlight need for tech and process review
Security Think Tank: Carbanak requires people, process and tech, but mostly people

Email Alerts
Register now to receive IT-related news, guides and more, delivered to your inbox.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Read More

Related content from


This was first published in March 2015

Leave a Reply