Imagine that your organisation has access to billions of dollars. Great, isn’t it? Now imagine that you’re in the process of designing your security architecture. You’d expect an organisation with that amount of cash would have some very important data and financial assets to protect. So, with that in mind, your security architecture is going to be second to none and designed to protect your assets from those with bad intentions.
Step one: spend $10 on a network switch that connects your bank to global financial networks.
What? That’s a bad step? Not according to Bangladesh’s central bank. Back in March, we reported on a hack at Bangladesh’s central bank in which £56 million was stolen by cyber criminals. You may also remember that it would’ve been even more if it weren’t for a spelling error committed by one of the criminals.
According to Reuters, an official investigation has said that the bank had no firewalls and used second-hand routers that cost $10 to connect to global financial networks.
A firewall would have made attempts to hack the bank more “difficult”, Mohammad Shah Alam, a forensic investigator who works on the Bangladesh team investigating the theft, told Reuters.
The second-hand hardware also meant that basic security steps to segregate network traffic were not taken, he said.
It doesn’t take an expert to realise that a bank with access to such funds should have spent more time and money protecting its network.