News & Events Listings

UHY Advisors convened a roundtable discussion among financial services industry professionals on Thursday, June 16th to explore the implications and causes of recent cyber bank heists. The roundtable, “Lessons Learned from Cyber Bank Heists,” launched UHY’s Financial Services Roundtable series and included compliance, risk management, internal audit, and technology managers from some of the world’s largest banks and financial services firms.

UHY’s Patrick Hughes, Laurie Shen and David King guided the roundtable discussion, which consisted of a presentation detailing the background of the recent cyber bank heists, followed by a group discussion regarding how individuals and firms are coping with threats to the cyber ecosystem. Key themes which emerged from the conversation included social media and the ease of access to private and personal information.  

“Hackers have developed a playbook,” stated David King, a senior manager in UHY’s Internal Audit, Risk and Controls practice.  “Every time someone updates their LinkedIn profile, they’re relying on you to control their risk”, added King.

Participants also discussed how many recent cyber attacks are more disciplined than sophisticated. The presenters underscored that many modern-day heists involve preparation as opposed to complex strategies on the part of the hackers. For example, hackers in the Bangladesh case capitalized on weekend schedules and time-zone differences. This perspective led to dialogue scrutinizing the way the media portrays bank heists; including how certain language shapes perception, as well as discussion around reviewing audit logs to identify trends and anomalies. “We believe that this incident will change the way our industry looks at cybersecurity and that this event will serve as a demarcation of what we did before Bangladesh vs. what we do after”, noted Laurie Shen.  While we saw it as a call to action, many of those attending felt that it is a bigger problem than what they could do individually in audit or compliance.  Several of the attendees felt that it was an entire ecosystem that was compromised and that we must look at the end of end of a transaction across the system to identify gaps in controls.  One attendee also noted that currently, we can only ensure that our own individual entities are secure.  However, we have no way of knowing how secure the other parties we are connected to are.  
“In order to understand the recent Bangladesh heist, it is important to note that the SWIFT security system performed as expected and was left intact,” noted David King. “Cybersecurity is a ubiquitous term now - there’s a technology element and a human element. Whereas IT security’s primary focus is perimeter technology (e.g. firewalls), cybersecurity’s focus is on people (e.g. training & awareness) and business processes. While the participants brought different questions and perspectives to the table, all were in agreement that the greatest vulnerability lies within the human elements of cybersecurity.

The financial services professionals in attendance were keen on further discussing strategies in order to eliminate human missteps that contribute to hacks, as well as formalizing and implementing cybersecurity best practices.  UHY is planning continued discussions to delve deeper into the issue and examine solutions regarding how to bolster cybersecurity and training the IT function regarding business risks and audit functions.