Post Bank security breach preventable
Regular identification and control of IT risks would have significantly helped to prevent the recent security breach at the Post Bank in January according to financial services firm, Grant Thornton.
The Post Bank security breach was allegedly caused by a lack of proper IT controls which directly resulted in an estimated R42 million being stolen in just three days.
Michiel Jonker, senior manager, IT Advisory at Grant Thornton Johannesburg said: “What’s more concerning, is that the breach not only resulted in financial losses for the business, but it also caused negative publicity.”
Jonker noted that the King III Corporate Governance report clearly outlines that it is the board of directors’ responsibility to govern all business risks, including IT risks, as well as all vital technology investments, for publically listed organisations as well as government institutions.
A rise in information systems has naturally resulted in higher effectiveness and efficiency in organisations, especially in recent decades. But Jonker stresses that it is possible for organisations to implement cost effective IT and manual controls and solutions in order to minimise the potential negative impact of IT threats.
“With the implementation of automated and manual controls, Post Bank officials would have been able to prevent and detect the occurrence of identified risks and reduce the impact of these risks through various correction procedures before they occur,” Jonker said.
Grant Thornton argues that many incidents can be prevented by controls addressing normal day-to-day issues and risks including the prevention of password sharing among users, and the active promotion of security awareness among employees.
“It is a well-known fact that many security exploits on the Internet and within company networks could have been prevented in the past but that it was as a result of neglecting to update basic operating and application security systems as well as the timeous implementation of available patches, that these security incidents did occur – many times with devastating results,” Jonker concluded.
Loading ...