News broke this week that following a cyberattack, hackers were able to siphon hundreds of millions of pesos (about $15.4 million) from a number of Mexican banks, including No. 2 Banorte and others that are yet to be named. The criminals created fake orders that wired funds to bogus accounts then immediately withdrew the cash. The incidents are still being investigated. Jeannie Warner, Security Manager at WhiteHat Security commented below.
Jeannie Warner, Security Manager at WhiteHat Security:
“SMBs, like smaller banks, and emerging markets have immature security processes and insufficient expertise. Outsourcing many security checks and tests makes more sense than trying to hire and retain expert security talent. Here in the heart of the Silicon Valley, it is inexcusable not to have default passwords, up-to-date patches, and multi-factor authentication for logins to financial systems because we’ve been attacked for years, and we have a lot of security talent at our fingertips. Emerging markets are a softer target, but their money spends just as well to thieves.
While financial regulators may not have paid close attention, there is also a failing in calling out how to secure third-party apps and APIs. Most of the regulations focus on securing networks, with applications left something of a black box. Only PCI DSS calls out specific checks for applications, and I am unconvinced that rigor is applied to every single component of the financial system, especially third-party plugins for bill payment systems.”