Security issues in banks
By Ferina Manecksha
31st December 2001 (Computimes)

BANKING institutions are advised to acquire the ability to manage security incidents and escalate incident responses on a 24x7 basis. This is to fulfil operational and infrastructure requirements stipulated by Bank Negara in preparing them for electronic banking (e-banking) services.

According to e-Cop.Net Surveillance Sdn Bhd's chief executive officer Alan See, local banks have so far managed to handle initial key activities in security management such as penetration testing and system audit, and are equipped with firewalls and intrusion detection devices. He said before offering e-banking services, the banks need to equip themselves with capabilities to handle, manage and escalate security incidents. He added that while the level of awareness on the importance of Internet security is still low in Malaysia, banks are ahead in understanding its importance.

"The general public awareness on security has improved tremendously this year because of an increasing number of breaches and virus attacks," See said.

"This is a positive sign compared to last year as companies now realise a firewall and intrusion detection system is insufficient," he said. "They need a round-the-clock security surveillance as well as a tight internal security policy and practice."

See said apart from banks, organisations running mission-critical information servers with sensitive client information, like credit card companies, and government sites which offer online services should make security their priority.

Currently, e-Cop.Net has one foreign and four local banks using its 24x7 Internet security surveillance service.

"We have 30 clients in Malaysia, including insurance and security companies, manufacturing and public-listed companies. The aim is to growth our client base to 100 subscribers by the end of next year," he said.

The company offers pro-active detection and surveillance for its customers' networks through e-Cop.net, which monitors, traces, reports and handles customers' security incidents round the clock from its Global Command Centres (GCCs) in Kuala Lumpur, Singapore, Hong Kong and Japan.

When a security threat is identified, the GCC is immediately alerted and its security analyst will closely monitor and analyse the exception traffic.