Sometimes the only thing that can stop an outrageous plan is an even more outrageous one. At least that was the thinking at the Bank of Valletta in Malta, which last week prevented a daring cyber heist by shutting down its IT systems and plunging the organisation into cyber darkness.
The crooks had broken into the bank’s systems and were transferring €13 million (about £11 million) into foreign accounts when security personnel noticed the attack.
To stop the criminals making off with the money, the bank shut down its primary IT functions, crippling its 44 branches, ATM terminals, POS (point-of-sale) services, mobile banking systems and email services.
The Bank of Valletta’s decision shows the lengths organisations should go to prevent cyber crime. Its systems were offline for about 18 hours between 13 and 14 February, which will have no doubt frustrated customers and caused a huge loss in productivity.
Yet, the bank knew that it was better to ensure security at any cost than to risk the criminal hackers getting away with the money.
The Bank of Valletta released a statement following the incident, reassuring clients “that customer deposits and customer accounts were in no way affected by this cyber-attack.
“This unfortunate incident proved that the contingency plans in place and the preventive measures taken by Bank of Valletta were appropriate and that these measures safeguarded the Bank, its customers and stakeholders.”
Malta’s prime minister, Dr Joseph Muscat, agreed, telling parliament: “It is no joke having a bank that controls half the economy shut down for a whole business day but at this stage caution trumped every other consideration.”
Were such extreme measures necessary?
It’s hard to say whether the Bank of Valletta needed to shut down its IT operations without knowing the full details of the attack and the bank’s defences.
The bank had to act quickly, and its incident response plan informed the organisation’s decision. Yes, it was cautious (perhaps overly so), but the good news is that plans are adaptable.
This means the Bank of Valletta can use the information gathered in this attack to review its response measures. It now knows exactly what the cost of an organisation-wide shutdown is, and can compare that to other options so that it can respond more efficiently and appropriately to the next attack.
Sign up for our Daily Sentinel to receive the latest cyber security news and advice.