When it comes to your company’s online security, it always helps to have a plan in place. Typically, you’ll enact a password policy, incorporate a firewall, and have incremental backup systems in place to recover any compromised data; a dedicated barrier against cyber-criminals.
There is, however, another school of thought: You can’t be the victim of a cyber crime if you’ve got no cyber to work with.
Malta’s Bank of Valletta tested this theory at the beginning of February, thwarting a large-scale cyber-attack with the gloriously drastic manoeuvre of shutting down its entire IT infrastructure.
When security personnel noticed that cyber-criminals had broken into the system, syphoning a crisp €13 million into foreign accounts, they simply took the nuclear option and shut down all the bank’s IT functions. This scorched-earth approach crippled online services - such as email systems and banking apps – as well as 44 branches and ATM systems. For 18 hours, the Bank effectively ceased to exist.
Imaginably, it worked. The plan foiled the heist, reversed the fraudulent transactions and predictably infuriated a great many customers, who were left without their regular banking services between the 13th and 14th of February. Yet the Bank insisted that their move was the right one, claiming in a press statement:
“This unfortunate incident proved that the contingency plans in place and the preventative measures taken by the Bank of Valletta were appropriate and that these measures safeguarded the Bank, its customers and stakeholders”.
Such was the scale and infamy of the attack that Malta’s Prime Minister, Dr Joseph Muscat, echoed the Bank’s sentiments:
“It is no joke having a bank that controls half the economy shut down for a whole business day, but at this stage caution trumped every other consideration”.
Yet the Bank wasn’t the only business hobbled by the move. In an interview with the Times of Malta, Abigail Mamo, of the Chamber for Small and Medium Enterprises, explained how shop owners reliant on the Bank’s point-of-sale systems were left without working card payments. With no contact to or from the BOV, business owners were forced to decline customers without any information on their plight.
Both the scale of the attack and the Bank’s response make for interesting reading, not least for the drastic measures taken; yet there are parallels here to the responsibilities of businesses within the EU. Personal data is fast becoming the currency of businesses, and with GDPR measures enforcing strict and vigilant procedures for its protection, that data becomes a major business concern.
While the Bank effectively stopped all trade for a day, as did many of the banks clients. the data and reputation it salvaged was potentially of even greater value. A foolhardy response then - but admirable in its dedication to customer protection.
Read the full story.
Proactively protect your business interests with a Cyber-Security setup from Mirus.
Our Secure IT Solutions target, prevent and protect against cyber-attacks, while our Data Recovery systems get your business back on track if the worst were to happen.
Can you instantly restore accounts and data when disaster strikes?
Have you tested it?
Don't let your business grind to a halt should your data back up fail, or should you suffer a data breach or attack.
With Backup Specialists Datto and Mirus, we can ensure your mission critical data is backup, secure and instantly retrievable. Find out more: