Stuart Johnson on securing banking solutions from Cyber attacks.

Cyber Attack and the solutions. Wow! Kudos to @Stuart Johnson, Executive Vice President & Partner at @Design Intellect Arena for being prophetic in this video from the Core Banking Solutions event. In this video, Stuart shares his wisdom on cyber threats and what organisations should consider when safeguarding from possible attacks. His references to @Top Gear’s @Jeremy Clarkson, vulnerable API’s, phishing and preventative processes are so timely! 

@Liberty IT Consulting Group is an Australian management consulting firm which specialises in banking transformations especially core banking modernisations and digital transformations. Our business analysts, project managers, directors, PMO professionals, engineers and agile practitioners are the finest in their field. Visit us at https://libertyit.com.au/it-services/ as your implementation partner of choice; for all your project delivery needs.  

#technology #corebanking #cybersecurity

How to secure their customers from the threats of Cyber attacks
 
Okay. Adrian’s George question for you guys, so that it is platform allows money to be transferred and near real time between customers at either the same or different banks. According to the Sydney Morning, Herald in 2019, Westpac confirmed. It detected misuse of the PID functionality, which resulted in the private details of almost 100,000 Australians being exposed in the context of banking system transformation. How do you advise your customers to secure their customers details from the threat of cyber attacks?
STUART: So firstly, let me start by saying that I’m a modest cyber expert. I remember reading that article and what struck me was the Westpac’s, press release at the time. So yes they phone numbers and names were released but they said no Bank details, no bank account numbers are being released. Which to me, is quite an interesting comic. So, for instance, on, and the reason why if anyone knows Jeremy Clarkson, he at one stage released, his bank account details in the UK, and basically dead anyone to be able to try to do anything to his bank account with the bank account details. Ironically one person managed to make a small 5.5 pounds, donation to a charity, through some mechanism, but having a bank account by Itself but it’s actually not that dangerous releasing your name and phone number. However he’s and in today’s world looking, I can sit here and talk about code reviews and getting black hats come in and making sure that you can’t do sequel injections but that’s just hygiene. You should be doing that. Anyway the biggest risk to banks these days are understanding your end-to-end process, employee fraud, and the number one is phishing attacks. Okay? So in that account, in that particular situation, their phone number and names have been released, so they’re open them up themselves up to phishing attacks. So that’s, that’s a big issue. Now, how do you stop that? Well, that’s difficult, but in this instance, in terms of the mining of the, the numbers and accounts, I’ll go back to the post is how did the credentials get out there managed to call that service. So either I don’t I don’t know what happened either. Someone got hold of credentials that are now able to connect and call that service to bring all that data down. Or there’s some inside employee fraud involved and then so how do you how do you manage that? It’s not a techie shoot, that’s a process issue. That’s the internal Staffing issue and in terms of fishing banks are really good at looking at an individual transaction, a one-off transaction.
My dad was on the phone to someone at random and said, I you’ve got a windows problem and we’ll fix it. Open up this thing and he had a look at the errors and they said just type in your credit card details and we’ll fix it for you. And while he’s on the phone, he’s mobile phone rang. It was the bank, the bank bringing my dad was on the phone to an Indian scammer to say that you’re on a phone to scan a hang up now. So banks are really good at when I know something’s happened, they know about something implementing something there in it. But in terms of the mining of that particular thing, if you understood the context of the transaction, why would someone human being falling at that API hundred thousand times that API goes with you call that before you call two transactions actually make the payment so they should have picked it up if they’re monitoring that they should have picked up that in the first place or if you understand the context what a customer is doing, you would have understood that something was wrong, that I’ll just finish up quickly. So, but the biggest issue these days is phishing is, and how do you stay one step ahead of the scammers and it’s not just any short circuit into in processes.

Recent Events

Liberty IT Consulting Group
ABN: 83 614 846 098

DOWNLOAD WHITEPAPER

"*" indicates required fields

Full Name*
This field is for validation purposes and should be left unchanged.