Sunday, May 15, 2016

On U.S. Commerce, Disappearing Cash and Cyber-Crime

  • Last week, the U.S. Department of Commerce said “analysis of recent data [July 2015] shows that Americans are increasingly concerned about online security and privacy at a time when data breaches, cybersecurity incidents, and controversies over the privacy of online services have become more prominent. These concerns are prompting some Americans to limit their online activity … it is clear that policymakers need to develop a better understanding of mistrust in the privacy and security of the Internet and the resulting chilling effects. In addition to being a problem of great concern to many Americans, privacy and security issues may reduce economic activity and hamper the free exchange of ideas online.”
  • Separately, SWIFT CEO Gottfried Leibbrandt, commenting on an $81 million theft from a Bangladesh central bank account at the New York Federal Reserve, said “At the end of the day we weren’t breached, it was from our perspective a customer fraud … I don’t think it was the first, I don’t think it will be the last."
  • SWIFT also reported “a newly identified malware found in a customer’s environment” and in both cases “the attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyber-attacks, or a combination of both … in this new case we have now learnt that a piece of malware was used to target the PDF reader application used by the customer.
  • Note: SWIFT provides a financial messaging service to organizations around the world.

MY TAKE
  • Regarding the Department of Commerce study -  It is likely that policymakers will continue to have diverse views data security issue, both how to address them and their economic and social impact. 
  • Regarding SWIFT – Because its system supports diverse organizations and technologies, it will only be as strong as its weakest link; which includes the people with access to its system.  
  • Bottom line: Network/data security is critically important to governments, businesses and consumers. Improving the current environment will require better software design (including using encryption) and better oversight of user access.

1 comment: