[ISN] Hacked bank unifies defences

From: InfoSec News (alerts@private)
Date: Wed Jan 23 2008 - 22:33:10 PST


http://www.managementconsultancy.co.uk/computing/news/2207909/hacked-bank-unifies-defences-3768600

By Tom Young
Computing 
24 Jan 2008

The bank subjected to the UKs largest ever robbery attempt will be the 
first in this country to take a joined-up approach to physical and 
electronic security.

Sumitomo Mitsui Banking Corporation (SMBC) aims to integrate security 
across 19 offices throughout Europe and the US. Staff will have a single 
profile, so that the system identifying physical location is the same as 
that tracking network activity.

To create the holistic system, the traditional management split has been 
united in a single role, said Andrew Weston, senior security officer at 
SMBC.

I am now responsible for physical security and information security the 
integrated project would be much harder without the combined approach, 
he said.

In its first phase, the joined-up system will be rolled out to 2,000 
users in the UK by July.

A combination of one-time passwords and fingerprint checks will be 
required to log on to any bank system.

The ultimate aim is to have physical and logical access systems, as well 
as CCTV, all linked together across Europe and the US in the next three 
years, said Weston.

In 2005, the bank was the subject of a 220m robbery attempt using a 
combination of physical and electronic tactics. Thieves gained physical 
access to the bank and used key-logging devices to glean passwords later 
used by hackers to access computers.

Weston declined to comment on the incident, but acknowledged that 
internal threats are a growing concern in the banking sector.

Over the past year or so everyone has become increasingly aware of the 
dangers from inside an organisation, he said.

Combining physical and network security sounds like a logical step. But 
the strategy does have drawbacks, according to Richard Hackworth, 
ex-chief information security officer at HSBC.

Integrating these roles is not a priority for managing risk, he said. 
The issues and skills needed are different for each job and the areas of 
danger are so different that historically it has been very hard to do.

The technology will be supplied by Imprivata.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Wed Jan 23 2008 - 22:39:01 PST