Offshore banks might be tax havens, but they’re no havens in terms of network security, according to Andrew Hay, a security professional who worked in the offshore banking industry for some time.
In a talk given today at the SOURCE Boston conference, Hay said that many offshore banks, some of which are located in island nations, aren’t in a position to provide security that’s proportional to the amount of money they hold.
These banks are very popular places to store money. Hay cited estimates that 26 percent of the world’s wealth is stored with nations that are home to only 1.2 percent of the world’s population. This includes 31 percent of the net profits of U.S. multinational companies, he said.
Hay cited several factors that contribute to lax security at such banks. For one thing, he said, government regulations in many island nations make it difficult to hire non-locals, while at the same time, there’s a shortage of expertise among locals.
Getting up-to-date tools, such as firewalls, can also be difficult. Equipment can take a long time to arrive at an island nation, and when it does get there, it can spend weeks or months sitting in customs. As a result, companies often have to buy spares for any new item they purchase, which makes upgrading very expensive.
It’s not uncommon, Hay said, for companies to operate critical infrastructure with expired system support contracts. Sometimes, equipment that’s been retired by its manufacturer is still in use.
Hay said that these banks are also being targeted by a wide variety of common attacks, including phishing and website defacement. In some cases, they’re also vulnerable to older attacks that wouldn’t work on up-to-date infrastructure.
There hasn’t yet been a high-profile data breach to get the attention of offshore banks, but Hay warns that it’s only a matter of time.