This blog posting represents the views of the author, David Fosberry. Those opinions may change over time. They do not constitute an expert legal or financial opinion.

If you have comments on this blog posting, please email me .

The Opinion Blog is organised by threads, so each post is identified by a thread number ("Major" index) and a post number ("Minor" index). If you want to view the index of blogs, click here to download it as an Excel spreadsheet.

Click here to see the whole Opinion Blog.

To view, save, share or refer to a particular blog post, use the link in that post (below/right, where it says "Show only this post").

Bank With No Cybersecurity Gets Hacked.

Posted on 8th April 2022

 Show only this post
Show all posts in this thread (Cybersecurity).

There is a reason why computer experts recommend that you have cybersecurity software and processes, as demonstrated by this story (reported here on The Register).

Apparently the Andra Pradesh Mahesh Co-Operative Urban Bank's firewall licence had expired (at least they had one, which maybe still worked, but there would have been no more updates), and they had no phishing protection, intrusion detection system or intrusion prevention system. It is therefore no surprise that they got hacked, resulting in a significant amount of money being stolen.

I feel sorry for their customers, who were probably assured that the bank had comprehensive cybersecurity systems and processes in place.

For your computer systems to be secure, you need to be paranoid. For example, if you are reading this on my web-site, your access is through 3 different firewalls. That paranoia should extend to not sharing details with your friends, family, colleagues or employer of what kind of cybersecurity you have in place (notice that I didn't tell you what and where my 3 firewalls are).

Even for securing your home computers, you need to be paranoid: at the very minimum, firewalls and antivirus programs, both regularly updated; and scan your systems regularly.

Another thing you might want to look into is your Internet modem. In the old days, when all traffic ran over IPv4, all your home systems (servers, desktops, laptops, NAS, mobile phones and Internet of Things smart devices) were hidden from public view by NAT routing in the Internet modem. Then IPv6 was introduced: older IPv6 capable Internet modems (like the Techicolor TC7200) offered no firewall protection of IPv6 devices on your home network; they were all visible and accessible to anyone on the Internet; newer Internet modems like the FritzBox 7590 have IPv6 firewalling. You can find out by reading the manufacturer's user handbook, or checking the administration interface (if it has a section to allow your IPv6 devices to be accessed from the Internet, which you would need to do for a web-server or email-server, then it has an IPv6 firewall).