A bank’s security system is normally watertight because the bank carries huge sums of monies that belong to the ordinary citizens and investors. But when this security system gets compromised, serious questions should be asked about the efficiency of the defence mechanisms in place that protect from internal and external cyber attacks.
Earlier this year, Postbank, the South African Postal Service’s financial institution lost R43 million to a cybercrime syndicate. The syndicate gained access to a Rustenburg Post Office employee’s computer and made deposits into its own account.
The syndicate has been arrested after the NIA launched a high-level probe that found three post office employees were involved in the fraud. A spokesperson for the Department of State Security, Brian Dube confirmed the incidents and said: “The National Intelligence Agency normally intervenes when a government institution’s security is compromised. After our probe, arrests were made and the investigation is currently being led by the police. As a matter of policy we do not provide updates on matters that are the subject of ongoing investigations.
Postbank holds over R4bn in deposits and processes millions of rand in social grants each month. The organisation spent R15 million to upgrade its fraud detection and security services in 2008. However, serious concerns remain on the efficiency, reliability and security of its internal systems.
Asked about the organisation’s credentials and security system and how they plan to prevent the repeat of this kind of incident, acting MD of Postbank Shaheen Adam said, “Forming the integral part of the Postbank’s corporatisation framework is work around upgrades and reinforcements of our IT platform to prevent fraud and other financial crimes. Our entire IT architecture and systems are also being reviewed to comply with the specifications of a corporatised bank. This augurs well for our pursuit to offer enhanced value to our customers through safe, secure and convenient banking. We are, however, not at liberty to divulge further details in this regard.”
Mark Eardley of Eardley and Associates says, “The incident highlights the long-standing need for organisations to rethink how they authenticate legitimate IT users and authorise their activities.
“We need to recognise that most corporate cybercrime involves the simple exploitation of cards, PINs and passwords – or CPPs. The major vulnerabilities created by these outmoded credentials are based on the fact that anyone can use yours and you can use theirs.”
Eardley believes that a great deal can be learnt from the highly successful local use of fingerprint identification within physical security.
More than this, Philip Gerber, MD of Magix Security adds that allowing employees unhindered access to sensitive data or the ability to transfer funds shows lax security. “Even trusted employees can be fooled, bribed or intimidated into assisting syndicates. The only way to protect your company’s assets effectively is to implement a monitoring system that invisibly monitors everything employees do and raises the alarm when they behave in an unexpected way.
The median cost of cybercrime now stands at $5,9 billion per year. That is over R48bn per year. That is more than a 50% increase from year 2010’s median cost.
[At the time of printing, it was announced that one of the suspects involved in the Postbank scam, Teboho Donald Masoleng, has received a 15-year sentence for his role in the crime. Two other suspects have already received 15- and 25-year sentences respectively. The SAPS reports, “More suspects will be hearing from us soon.” Ed.]
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version