Maintaining an audit trail

The Bank of England has ordered UK banks to detail steps taken to secure computers connected to the SWIFT bank-messaging network after a still-unidentified group used the system to steal £56m from Bank Bangladesh. This previously unreported action marks the earliest known case of a central bank in a major economy ordering its member banks to conduct a formal security review in response to a cyber attack. However, the Bangladesh theft has shaken the global system for transferring money between both commercial and central banks. 

The FBI, authorities in Dhaka and various private forensic experts are now investigating the cyber heist in Bangladesh, where thieves raided a central bank account kept at the Federal Reserve Bank of New York, stealing £56m. They installed malware inside the bank's headquarters that hid traces of their attack in a bid to delay discovery so they could access the funds.

Once an attack has been mounted and money stolen, steps must be taken to find it and also to ascertain how the criminals ‘got in’. However, as one insider admitted, many firms still face considerable challenges at this stage because they don't have a structured audit trail of evidence that can be accessed quickly and which would be watertight in legal proceedings.

Meanwhile, even for organisations that have implemented proper log collection and management, crucial information can be missing that would enable them to reconstruct the details of a breach and unveil the root cause of the problem. Forensic investigation by specialist forensic accountants is especially important in incidents where privileged accounts are affected.

Therefore, in any case of cyber attack, or as a preventative measure, organisations would be advised to engage forensic accountants to highlight weaknesses and follow the trail that will lead to the perpetrators.

Author: Roger Isaacs, 31 May 2016

Share on Twitter