How ethical is it when an entire industry is repeatedly warned that its cyber security is lacking, but very little is done about it? What will the banking industry do to explain the laxity of its security to their customers? Seems a serious Cyber Ethics question is ever present!
These are two of the important questions the banking industry might very well have to answer in the not too distant future.
Cyber-Safe or Cyber-Ignorant?
There is a messaging system in the banking industry I have just learned about and it is called “SWIFT.” The system connects the world’s banks and feeds them a constant stream of information and enables transfers between banks and the sharing of financial data.
The SWIFT staff has once again warned the U.S. banking system that major new hacks are occurring on a worldwide basis through their own network, and apparently there are some U.S. banks that are particularly vulnerable. Banks are a real target for cyber ethics breaches.
The cyber ethics and security breaches have already attacked banking systems in Bangladesh, Vietnam, the Philippines and Ecuador. Unless the vulnerable banks address the “holes” in their security, they could be in for losses as well.
The malware used in these attacks, apparently originates in our “favorite” country, North Korea. The malware has two functions: to steal money and collect information. The SWIFT warning is not new and should your bank get “hit,” it will not be a shocking surprise. In fact SWIFT itself is being used by the hackers! Cyber ethics be damned…seems that cyber security is lacking despite the best efforts of those trying to keep data safe.
The malware program is not invincible but banks that are potentially in danger of cyber-attacks must make certain they are prepared. Unfortunately, many of the banks that are in danger are dragging their financial feet. According to the SWIFT people:
“These weaknesses have been identified and exploited by the attackers, enabling them to compromise the customers’ local environments and input the fraudulent messages.”
The messaging service has well documented that the attacks follow a similar pattern: the bank’s cyber security system is being sidestepped; the hackers have found a way to breach the SWIFT messaging system between banks and SWIFT is being used to transfer funds through deceptive messaging.
For several months
This is not a new warning but an ongoing threat, but banks are still undergoing attacks and losing money. The malware is not just a one-time theft either; the insidious nature of the cyber-attack causes banks to have a complete loss of control over their payment channels. In other words, once the floodgates open, it is frightfully difficult for the banks to stop the flow.
While SWIFT has taken steps to secure their messaging system and to introduce tougher requirements for local bank computer networks, it is not enough.
The banks that are susceptible are not stepping up to the plate to correct their problems. Even worse, the SWIFT organization is now admitting that they didn’t do enough to address the problems within its own network in the first place. SWIFT is, in many ways, as responsible for the problems as the individual bank organizations themselves.
For the most part, the hackers should not affect those of us with checking or savings accounts. However, large organizations and institutions could be affected should the industry fail to take the steps it needs to take.
It’s the ethics
The issue here, at least to my mind, is as much ethical as financial. It is in knowing a “situation” exists and then largely ignoring it for the sake of expediency or even deception. We can easily find parallels in many other industries. For example, pharmaceutical companies failing to disclose harmful side effects; automotive companies ignoring safety warnings; tobacco companies not publicizing health risks on and on.
The need for broad ethical training across all platforms has never been stronger than it is now in banking and in many other industries. The banking industry needs to tell us if we are at risk, and if so, what are they doing to correct those risks?