Malware or viruses are a huge threat to expensive information and data owned by financial organizations like banks. Tens of billions of dollars are spent by these financial companies, including banks, annually to protect their invaluable data from corruption and theft through cyber-attacks. Despite that it had been on the record that malware threats globally rob banks of millions of dollars every day. There are also high administrative costs to implement policies that combat these issues. However, it is a tough decision for financial companies that are monetarily challenged to invest in malware detection and prevention. This is truer when it comes to low security budgets of financial institutions and banks that are located in the struggling economies of the third world. Even so, it is extremely ironic that banks and other financial institutions have very poorly maintained cyber security standards in such countries due to insufficient funds and lack of up to date technical knowledge and expertise in the top management of the corporate sector in these poor countries.
A keen understanding of the importance of cyber security for financial institutions was revealed to me when I found a unique opportunity to work for an IT consulting company on a project with a financially challenged South Asian bank. The bank was being acquired by another bank from a rich foreign country. This bank being acquired, had a computer network based on a Microsoft workgroup environment that was a decentralized environment. The bank that was taking over had a requirement that the decentralized computer network workgroup environment had to be migrated to a centralized more scalable Microsoft Active Directory Domain Infrastructure. This project was designated to a local IT consultancy firm where I was employed. When we initiated the project, a team of IT consultants were sent over to the bank sites to conduct a survey, establish a survey report and submit it to the top management of the IT consulting firm.
The datacenter of the bank was situated at its head office. The situation inside the bank was nowhere close to ideal. After testing the computers, we started to detect anomalous behaviors in the client computers such the slow processing and lack of response of the Operating Systems on the machines. After further inspection and running anti-malware software, it became clear that most of the PCs were infected with malware.
At the bank’s network the users were free to download anything from the Internet. They were also able to copy any type of information from different types of media such as flash drives, CDs and DVDs into the hard disks of their office workstations. There was no system in place to guard the network against these morbid behaviors of the users in the bank. It was this freedom that was the reason behind the heavy malware infection of the banking network.
The lack of basic security practices led to the fact that the computer network was open to threats from internal and external malware. The technical support team had insufficient number of workers and they were not properly trained or motivated. The network administration was also of ill quality, as there was no central control to address security issues.
Although the bank had some anti-malware software in place but that was not sufficient to fully protect the network. When the devices at the datacenter of the bank were examined, it was found that the network had a firewall but the devices that were considered extremely essential for the security of a financial institution like a bank, were missing. Absence of these vital devices like Intrusion Detection Systems (IDS) and an Intrusion Prevention systems (IPS) exposed the banking network to internal and external security threats. Certainly, this bank, under investigation had a very serious security situation and the complete severity of the threat still had to be properly assessed.
On the server side, a domain controller running on Windows 2003 was deployed specifically for the Microsoft Exchange 2007 server. This email server was running on Windows 2003. The users of the bank’s network had two separate sets of credentials. The users used one set of credentials to login to workgroup workstations and they used another set of credentials to login to outlook to process their emails.
We used specific updated anti-malware software and found some fatal malware on the Microsoft Exchange 2007 server during rigorous scans. It was obvious that the servers on the network was under an alarming level malware threat. The oracle database was also installed on Windows Server 2003 that was luckily free of infections.
The users in the bank were also complaining of spam emails hitting their mailboxes. The Microsoft ISA 2004 was also found to be infected and spreading malware to the network.
There was no second guessing that the malware threats to Microsoft Exchange server 2007 and Microsoft ISA 2004 had to be neutralized in order to cut the infection of viruses to the rest of the network. The servers had to be taken care of before the client machines.
We, the consultants prepared a report that was based on the security problems of the network at the bank and it was submitted to the upper management of our consulting firm. A meeting with the top IT officials of the bank and other stakeholders was arranged. The severity of the security threats to the computer network at the bank were on the agenda. It was made clear by the consulting firm that before taking any step regarding the bank’s network migration from the Workgroup to Microsoft Active Directory Domain, the bank’s network had to be secured.
It was proposed by our consulting company that the work at the bank should be split into two different projects. The first project was to focus on enhancing the security of the bank’s network. The second project, the workgroup model was to be migrated to Microsoft Active Directory Domain model and the client machines was to be joined to the new domain after resolving all the technical hurdles that was to be incurred.
The consulting team was given clearance to start the first project to secure the banking network. This project was focused on the hardening of the network security, initialized from the servers at the bank. The main objective was to take the fresh backups of the servers and run a rigorous scans to detect and eliminate fatal malware after the installation of more sophisticated anti-malware software to clean the bank servers and enhance their security. This process for the ISA server went smoothly but the email server, Microsoft Exchange 2007 started to show errors with high severity. The Microsoft Exchange server had to be stabilized through software repairs along with neutralization of the malware threat. The evening was the off-peak working time, designated to amend the Microsoft Exchange 2007 server. The server was rebooted in safe mode and the Microsoft Exchange 2007 server software was repaired. It was thoroughly scanned for malware with GFI MailEssentials. An anti-malware and anti-spam software specifically designed for Microsoft Exchange Server.
The bank had a huge network of approximately 400- 500 computers on different sites. The security of these computers was also to be dealt with in this project. The hardening of the client computers accelerated after all the servers were secured. To carry out this phase of the project, more manpower was needed, so the consulting company hired young IT professionals on contract basis offering them internship to help out with malware removal tasks at the client machines. Training was given to them to clean malware and secure client machines. This led to the progress of malware eradication on client side of the bank’s network. We also deployed EMCO network malware on the banking network to remotely address the security issues. This way the bank had gotten rid of its most lethal security threats. At the end of this project, recommendations were made to acquire resources such as trained manpower, security hardware and software for protection of the bank’s IT infrastructure to combat against future threats for the banking network.
It was an interesting experience that can be concluded in a nutshell that Information security is extremely important, ignoring it can lead organizations to formidable losses and even bankruptcy. The information security of financial institutions is many times more important than the organizations that does not deal in finances. It can be speculated that the main reason behind the business failure of this bank was isolation of its key financial instrumentations and tools to manual operations due to security concerns. This in turn led the bank to a lag in productivity that resulted in loss of its market share in a highly competitive business environment. This in turn resulted in monetary losses that ended up in lack of funds to maintain information security of its computer network. All these factors adversely came about in the final form of the acquisition of the bank.