Slashdot Mirror
Banks, Wall St. Feel Pinch from Computer Intrusion
An anonymous reader writes "Financial institutions and companies in the securities/futures business are reporting sizable increases in the amount of losses and suspicious activity attributed to computer intrusions and identity theft, says the Washington Post's Security Fix blog. The Post obtained a confidential report compiled by the FDIC which analyzed Suspicious Activity Reports from the 2nd Quarter of 2007. SARs are filed when banks experience fraud or fishy transactions that exceed $5,000. The bank insurance agency found that losses from computer intrusions averaged $29,630 each — almost triple the estimated loss per SAR during the same time period in 2006 ($10,536). According to the Post, 'The report indicates that the 80 percent of the computer intrusions were classified as "unknown unauthorized access — online banking," and that "unknown unauthorized access to online banking has risen from 10 to 63 percent in the past year."' Another set of figures analyzed by The Post looks at similar increases affecting the securities and futures industry."
No. The configuration of the office system allows and invites this kind of abuse. Secure network design would mitigate a lot of these issues, but it requires security to be a priority.
Generally speaking, "IT guys" know nothing about security and get quite belligerent when you try to tell them how to do their jobs (e.g. advising them to institute allow-by-exception policies). It's the techs and the CIOs more than the CFOs who make this a problem.
Egg, in the UK, offer a 'Money Manager' service. This runs as an ActiveX control. This means that, in order to be able to use it, you have to be using IE, on Windows, with ActiveX enabled, which is about the least secure computing configuration possible.
I am TheRaven on Soylent News