Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Offshore banks might be tax havens, but they’re no havens in terms of network security, according to Andrew Hay, a security professional who worked in the offshore banking industry for some time.

In a talk given today at the SOURCE Boston conference, Hay said that many offshore banks, some of which are located in island nations, aren’t in a position to provide security that’s proportional to the amount of money they hold.

These banks are very popular places to store money. Hay cited estimates that 26 percent of the world’s wealth is stored with nations that are home to only 1.2 percent of the world’s population. This includes 31 percent of the net profits of U.S. multinational companies, he said.

Hay cited several factors that contribute to lax security at such banks. For one thing, he said, government regulations in many island nations make it difficult to hire non-locals, while at the same time, there’s a shortage of expertise among locals.

Getting up-to-date tools, such as firewalls, can also be difficult. Equipment can take a long time to arrive at an island nation, and when it does get there, it can spend weeks or months sitting in customs. As a result, companies often have to buy spares for any new item they purchase, which makes upgrading very expensive.

It’s not uncommon, Hay said, for companies to operate critical infrastructure with expired system support contracts. Sometimes, equipment that’s been retired by its manufacturer is still in use.

Hay said that these banks are also being targeted by a wide variety of common attacks, including phishing and website defacement. In some cases, they’re also vulnerable to older attacks that wouldn’t work on up-to-date infrastructure.

There hasn’t yet been a high-profile data breach to get the attention of offshore banks, but Hay warns that it’s only a matter of time.

0 comments about this story. Start the discussion »

Tagged: Web, security, networks, finance, phishing, source boston

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me