Cyber Security
Don Randall
Lessons from the Bangladesh attack
O
n 4th February 2016 Thursday, a day before Bangladesh’s weekend kicked off, 35 fake transactions from the Bangladesh Central Bank were sent in a matter of hours. The entire attack cycle, stretched over the next few days, ended when the funds reached the final destination on Monday 8th February 2016, the first day of Chinese New Year in Philippines. The investigation of “TTP” (technique, tactics, procedures) revealed other attacks with similar characteristics – $12 million
By Jane Lo
stolen from Ecuador's Banco del Austro in 2015, and a foiled attempt at Vietnam's Tien Phong Bank in May 2016. Today, there is still no word on who was responsible, and Bangladesh Bank has retrieved only about $15 million, mostly from a Manila junket operator. What lessons can we learn from the Bangladesh attack? We spoke to Don Randall, MBE, who was Head of Security at the Bank of England in 2008, and the Bank’s first Chief Information Security Officer in 2013. Today, he continues as the Cyber Ambassador in various commercial areas.
Tell us a bit about your experience in the private public sectors?
framework defined in consultation with Her Majesty’s government.
I served with the City of London Police from 1969 to 1995, with specific emphasis on fraud and counter terrorism before 13 years at JPMorgan Chase as Managing Director for International Security Manager for Europe, the Middle East, Africa and the Asia Pacific regions. I joined the Bank of England in 2008 and was appointed the Bank’s first Chief Information Security Officer (CISO) in 2013. The CISO role undertook 4 functions: Policy and Standards, Intelligence Investigation and Forensics, Education, and Support for the “CBEST” program, a
What are some of your key observations from your security experience in relation to economic crime?
16 | Australian Cyber Security Magazine
A time period spanning weekends and public holidays such as Christmas is when a window of opportunity to commit fraud is greater. Differing time zones, cultures and attitudes widens this window of opportunity. We see this activated in the Bangladesh attack over an international weekend. The timeliness of response was complicated not only by time zone differences but also asynchronous workweeks