In the world of cyber security, sometimes there’s good news and sometimes there’s bad news. The Telegraph recently reported that a fortuitous spelling mistake in an online bank transfer stopped a nearly $1 billion (that’s billion, with a B) heist last month involving the Bangladesh central bank and the Federal Reserve Bank of New York. That’s the good news. The bad news is that the thieves, who are still unknown, managed to get away with more than $80 million, which comprises one of the largest known bank heists in history (authorities report that some of that money has since been recovered).
Apparently, the hackers stole credentials for payment transfers and then made three dozen requests to the New York Fed to transfer money from the Bangladesh Bank to other countries. (Bangladesh Bank keeps an account with the Fed, which it uses for international transactions). Four of these transfer requests to move $81 million to the Philippines actually went through. But a fifth attempt for a $20 million transfer to a supposed Sri Lankan non-profit was held up by routing bank Deutsche Bank, because the thieves misspelled the non-profit’s name. What should have been “Shalika Foundation” was spelled “Shalika Fandation.” When Deutsche Bank sought clarification from the Bangladesh central bank, that transaction and all others were stopped. While there are additional details in this case, the salient point is this: had the payment transfer to the invented Sri Lankan non-profit not been misspelled, in all likelihood, the crooks would have made off with another $850 million to $870 million.
This case demonstrates the worldwide impact of data breaches, cyber threats, and organized crime. Hackers are adept at finding weaknesses in most systems, even those thought to be secure. In this case, it looks like the weak link might have been employees who either knowingly or unknowingly shared information that should not have been shared. We may never know the extent of the breach in terms of security or who is responsible. As we wrote about in February, employees are the lifeblood of an organization, and if they neglect good cybersecurity practices, the company's overall cyber defenses are weakened. Here are three common cybersecurity mistakes employees make—and the best ways to address them.
But educating staff isn’t enough. There will always be bad actors, and the landscape of cyber threats is only becoming more sophisticated. So here’s some more good news. More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities. To learn more, please request a demo today!