Security Think Tank: Cyber security needs to start with the simple things

Does the theft of $1bn from global financial firms by the Carbanak gang show it is time to seek new technologies or improve business processes?

The recent exposé that the Carbanak cyber crime gang took some $1bn from financial institutions points again to an apparent lack of awareness of information security – not just in the financial institutions, but generally across all industries and indeed the home. 

Is it a case of looking for new technologies? Well maybe, but there are some pretty sophisticated systems already available, which begs the question of whether these systems are being effectively used.

For example, there is no point in having a hundred video cameras covering every aspect of a building if you only employ one guard to monitor them. But sophisticated monitoring technology properly set up and tended is not the be all and end all.

Simple things like ensuring that file properties are correct and minimal for effective use and ensuring that the least privilege principle is applied for all authentication and authorisation purposes will help. Organisations should also ensure there are no default or shared passwords, and enforce password complexity. 

Additionally, applications and operating systems should be maintained and patched up to date, ensuring that server firewalls are activated and that all firewall rules are regularly reviewed to check they are fit for purpose. All of these steps will go a long way in defeating the cyber criminal.

Peter Wenham is a committee member of the BCS Security Forum strategic panel and director of information assurance consultancy Trusted Management.

Read more about Carbanak cyber attacks


Read more on Hackers and cybercrime prevention