Technology is moving extremely fast and you don’t want to miss anything, sign up to our newsletter and you will get all the latest tech news straight into your inbox!
I want to recieve updates for the followoing:
I accept that the data provided on this form will be processed, stored, and used in accordance with the terms set out in our privacy policy.
No thanks I don’t want to stay up to date
Following the leak of Credit Suisse account data to a German newspaper, we explore what financial institutions can learn from the dangers of insider threats
It was reported last night that Credit Suisse have defended its position, following the leak of data from over 30,000 accounts, holding over $100 billion (£73.6 billion), to German newspaper Süddeutsche Zeitung by a whistleblower.
From here, this data was then shared with the Organised Crime and Corruption Reporting Project and 46 other news organisations, including the New York Times, The Guardian and France’s Le Monde.
The group of outlets, upon investigating the data, which were from accounts held from the 1940s to the 2010s, alleged that Credit Suisse was hosting accounts belonging to human rights abusers and businessmen placed under sanctions.
Notable account holders include a chief aide to former President of Pakistan, General Muhammad Zia-ul-Haq, and Zimbabwean fraudster Billy Rautenbach.
The investigations conducted by the consortium have been collectively named the ‘Suisse Secrets’.
The exact affiliations of the whistleblower who released the account data, if any, are not yet known, however they told Süddeutsche Zeitung over a year ago: “I believe that Swiss banking secrecy laws are immoral. The pretext of protecting financial privacy is merely a fig leaf covering the shameful role of Swiss banks as collaborators of tax evaders.”
The future of Fintech – where are we heading in 2022?
Sebastien Marchon, CEO of Rydoo, predicts what the future holds for the Fintech space over the course of 2022. Read here
In response to allegations, the second largest bank in Switzerland denied wrongdoing, claiming that the data was “predominantly historical”, and that the findings were taken out of context.
A statement released by the financial institution continued: “Approximately 90% of the reviewed accounts are today closed or were in the process of closure prior to receipt of the press inquiries, of which over 60% were closed before 2015.
“Of the remaining active accounts, we are comfortable that appropriate due diligence, reviews and other control-related steps were taken in line with our current framework.
“We will continue to analyse the matters and take additional steps if necessary.”
While it’s now common practice for Swiss banks like Credit Suisse to share data with other countries, via an exchange system established in 2018 to tackle tax evasion, many developing nations are currently excluded from this system.
Meanwhile, Article 47 of the 1934 Federal Law on Banks in Switzerland has applied to any third party that “reveals” or “exploits” a secret that has come from within a Swiss bank, since 2015.
According to The Guardian, The UN special rapporteur on the promotion and protection of the right to freedom of opinion and expression, Irene Khan, has stated that this article is being assessed.
“The general principle must be that all organisations should have a duty of care to protect personal data appropriately, and to adhere to local privacy laws where applicable – including GDPR, the UK’s DPA and the Swiss Federal Act on Data Protection in the case of Credit Suisse. All these regulations mandate that adequate security must be in place,” said Peter Galdies, founder and senior consultant at data protection and privacy specialists DQM GRC.
“In this case the question is, how did the individual have such access that they could download and distribute the details of over 30,000 clients? Was the individual in a role where this kind of access was required, or were access controls too loose? It’s impossible for us to comment on the specifics, but what we can say for sure is that all organisations should review their systems and controls to ensure that such large-scale access to sensitive data is suitably controlled and limited to the minimum number of essential personnel.”
Post-Brexit: how has data protection compliance changed?
Freelance business and technology journalist Graham Jarvis explores how data protection compliance has changed post-Brexit
In response to the Credit Suisse data leak, Jake Moore, global cyber security advisor at ESET, said: “The threats posed on the inside of a company remain the most difficult to protect in cyber space.
“Staff often bring more risks than any remote attack as they are equipped with the advantage of having overriding powers and insider knowledge, making it impossible to protect from completely.
“Whether a data leak is conscious or not, staff are often overlooked when it comes to the biggest threats in an organisation. Insider threats are sometimes forgotten about after the vetting stage but they usually lead to the most damaging consequences and can leave a more challenging clean-up operation in their wake.”
Today’s revelations show a need to stay aware of the dangers of insider threats. While there’s no guarantee yet that the whistleblower in question was an employee of Credit Suisse, financial institutions need to remain vigilant about anyone who gains access to account data.
Sufficient security to deal with possible insider threats calls for a zero trust approach across all endpoints: users need to be authorised before being granted access every time, regardless of the device used. Risk assessments should be constantly carried out, with policies and protocol adjustments being documented, and the behaviour of users need to be monitored for anomalous actions that could lead to data being leaked, such as with the account assets involved in this Credit Suisse case.
The so-called ‘Suisse Secrets’ findings also brings into question a balancing act to be considered, between the need to keep account data secure and a wider public interest when it comes to human rights and breaches of democratic practice, among other controversies. With the UN looking into the aformentioned Article 47 of the 1934 Federal Law on Banks in Switzerland, legislation may be set to shift following this incident. With Swiss watchdogs surveilling the situation, this certainly is a legal situation that looks set to evolve in the coming weeks and months.
The pace of change has never been this fast, yet it will never be this slow again.
19 October 2022 / David Schwed, COO of Halborn, discusses how Web3 security will differ from Web2 security, and […]
18 October 2022 / Gartner has today announced its top 10 strategic tech trends that CIOs and IT executives should explore in 2023.
17 October 2022 / Sarah Polan, field CTO EMEA at HashiCorp, discusses how a high-trust workplace can work effectively with a no-trust network security approach.
14 October 2022 / Jason Hayman, partner at Portaltech Reply, spoke to Information Age about how value can be driven from Digital Commerce capabilities, and discussed a recently established partnership with Spryker.
14 October 2022 / Following a company “refounding”, Panzura is looking to disrupt the data management space by offering its multi-cloud data logistics platform, with an app suite being built on for customisation.
13 October 2022 / Vodafone Business research has revealed that further collaboration and better use of tech will be key to enabling business sustainability goals.
12 October 2022 / N-able’s rebranded cloud-first data protection operations — collectively named Cove — aim to empower managed service providers, with the vision of enabling acceleration of innovation for SMEs.
12 October 2022 / Ron Kol, CTO of Bright Data, discusses how web scraping can help organisations maintain a competitive edge in their market.
11 October 2022 / Data startup GRAID Technology offers a software-defined solution that helps enterprises leverage RAID technology at scale.
77 Cornhill, London EC3V 3QQ
T. +44(0) 207 846 1378
Part of the Bonhill Group.