Three things to learn from the New York Fed hack
Think your company is immune? Think again
In one of the boldest cybersecurity breaches to date, hackers tried to steal $1 billion from the New York Federal Reserve Bank, and almost got away with it, ending up with about $80 million.
From a Reuters report:
The hackers breached Bangladesh Bank's systems and stole its credentials for payment transfers, two senior officials at the bank said. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank's account there to entities in the Philippines and Sri Lanka, the officials said.
According to a Bloomberg report, there is disagreement over whether the Fed followed procedures when it received the transfer orders. From their coverage:
A Fed spokeswoman said instructions to make the payments from the central bank’s account followed protocol and were authenticated by the SWIFT codes system. There were no signs the Fed’s systems were hacked, she said.
A Bangladesh official said the Fed should’ve checked the payment orders with the central bank to ensure they were authentic, even if they used the correct SWIFT codes.
That one missing step in verification, checking with the central bank, cost both banks big time.
But before you get too judgmental, consider what might be missing in your process. Still using a fax machine? Do employees ever get impatient with encrypted email and just send something out to clients on an unsecured line? Do any of your employees use a wireless mouse or keyboard?
The size of your business or your business' bank account is no indication of the number of attacks being directed your way. Often the most valuable thing you have to offer is the data residing in your files.
Consider that in 2015, almost 1 million new malware threats were released every day, according to CNN Money. In February of this year alone, Identity Theft Resource Center confirmed serious security breaches on more than 45 companies. Some of these companies, like the New York Fed or the Department of Homeland Security, are obviously big targets. Others were small medical practices and CPA offices.
The bottom line? Treat the possibility of a cybersecurity attack as an if, not when, scenario, and learn from the mistakes of others.
Other HousingWire stories on this topic: