There are series of Security incidents which have been reported in last few months pertaining to financial institutions. Such news items do create sensation and bring deserve publicity for need for better Cyber security controls.
However on other hand as a person looking to deep dive I do not find complete story behind the incident – Here for example what we are reading in case of Bangladesh is quite high level. I hope there is publication detailed incident providing answers to what application were these folks in Bangladesh Central bank accessing, was it direct swift terminals access (god help with individual level controls) or some fancy web application as a front which got hacked. I have strong doubts if 2FA was part of the controls.
Unfortunately we never get to read the complete story – Sharjah bank ransom demand was another classic incident, which could be new normal in hacking.
What’s the learning for us – At times we presume a system/network to be secure simply its used world-wide and looks uninviting from Security risk perspective. Hackers do not comprise only of techies but are bunch of people with diverse background, intelligence and skillset. Such incidents need to be analysed in details by financial service companies to get better grip of their own environment and appreciate what concerns are relevant for them to manage.