[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Hacked bank unifies defences
By Tom Young
24 Jan 2008
The bank subjected to the UKs largest ever robbery attempt will be the
first in this country to take a joined-up approach to physical and
Sumitomo Mitsui Banking Corporation (SMBC) aims to integrate security
across 19 offices throughout Europe and the US. Staff will have a single
profile, so that the system identifying physical location is the same as
that tracking network activity.
To create the holistic system, the traditional management split has been
united in a single role, said Andrew Weston, senior security officer at
I am now responsible for physical security and information security the
integrated project would be much harder without the combined approach,
In its first phase, the joined-up system will be rolled out to 2,000
users in the UK by July.
A combination of one-time passwords and fingerprint checks will be
required to log on to any bank system.
The ultimate aim is to have physical and logical access systems, as well
as CCTV, all linked together across Europe and the US in the next three
years, said Weston.
In 2005, the bank was the subject of a 220m robbery attempt using a
combination of physical and electronic tactics. Thieves gained physical
access to the bank and used key-logging devices to glean passwords later
used by hackers to access computers.
Weston declined to comment on the incident, but acknowledged that
internal threats are a growing concern in the banking sector.
Over the past year or so everyone has become increasingly aware of the
dangers from inside an organisation, he said.
Combining physical and network security sounds like a logical step. But
the strategy does have drawbacks, according to Richard Hackworth,
ex-chief information security officer at HSBC.
Integrating these roles is not a priority for managing risk, he said.
The issues and skills needed are different for each job and the areas of
danger are so different that historically it has been very hard to do.
The technology will be supplied by Imprivata.
Subscribe to InfoSec News