Ann Arbor, MI
Farmington Hills, MI
Houston, TX - UHY Advisors Only
New York City, NY
Orange County, CA
Rye Brook, NY
St Louis, MO
Sterling Heights, MI
West Hartford, CT
News & Events
Audit & Assurance Services
Audits of Financial Statements
Audits of Employee Benefit Plans
Audit & Assurance Related Services
Audit Committee Advice
Information Technology Audits
SOC and SSAE 16 Services
Vendor, Contract and Construction Audits
State and Local
Forensic, Litigation & Valuation
Business Insurance Consulting
Employment and Personal Injury
Fraud and Forensics
Internal Audit, Risk and Compliance
Contract Compliance Services
Enterprise Risk Management
Assurance and Compliance Services
Management and Technology Consulting
Business Process Outsourcing
International Business Services
Canada U.S. Tax Team
Power & Utilities
Transportation, Distribution & Marketing
Manufacturing & Distribution
Aerospace & Defense
Not-For-Profit & Education
Professional Employer Organizations
Find a Professional
News & Events
News & Events
UHY Advisors NY Hosts “Lessons Learned from Cyber Bank Heists” Panel Discussion
UHY Advisors convened a roundtable discussion among financial services industry professionals on Thursday, June 16th to explore the implications and causes of recent cyber bank heists. The roundtable, “Lessons Learned from Cyber Bank Heists,” launched UHY’s Financial Services Roundtable series and included compliance, risk management, internal audit, and technology managers from some of the world’s largest banks and financial services firms.
UHY’s Patrick Hughes,
guided the roundtable discussion, which consisted of a presentation detailing the background of the recent cyber bank heists, followed by a group discussion regarding how individuals and firms are coping with threats to the cyber ecosystem. Key themes which emerged from the conversation included social media and the ease of access to private and personal information.
“Hackers have developed a playbook,” stated David King, a senior manager in UHY’s Internal Audit, Risk and Controls practice. “Every time someone updates their LinkedIn profile, they’re relying on you to control their risk”, added King.
Participants also discussed how many recent cyber attacks are more disciplined than sophisticated. The presenters underscored that many modern-day heists involve preparation as opposed to complex strategies on the part of the hackers. For example, hackers in the Bangladesh case capitalized on weekend schedules and time-zone differences. This perspective led to dialogue scrutinizing the way the media portrays bank heists; including how certain language shapes perception, as well as discussion around reviewing audit logs to identify trends and anomalies. “We believe that this incident will change the way our industry looks at cybersecurity and that this event will serve as a demarcation of what we did before Bangladesh vs. what we do after”, noted Laurie Shen. While we saw it as a call to action, many of those attending felt that it is a bigger problem than what they could do individually in audit or compliance. Several of the attendees felt that it was an entire ecosystem that was compromised and that we must look at the end of end of a transaction across the system to identify gaps in controls. One attendee also noted that currently, we can only ensure that our own individual entities are secure. However, we have no way of knowing how secure the other parties we are connected to are.
“In order to understand the recent Bangladesh heist, it is important to note that the SWIFT security system performed as expected and was left intact,” noted David King. “Cybersecurity is a ubiquitous term now - there’s a technology element and a human element. Whereas IT security’s primary focus is perimeter technology (e.g. firewalls), cybersecurity’s focus is on people (e.g. training & awareness) and business processes. While the participants brought different questions and perspectives to the table, all were in agreement that the greatest vulnerability lies within the human elements of cybersecurity.
The financial services professionals in attendance were keen on further discussing strategies in order to eliminate human missteps that contribute to hacks, as well as formalizing and implementing cybersecurity best practices. UHY is planning continued discussions to delve deeper into the issue and examine solutions regarding how to bolster cybersecurity and training the IT function regarding business risks and audit functions.