Cybersecurity in banking: an analysis of the hacking incident and the threat of quantum computing

The recent hacking incident that affected a financial institution in Peru, explored in an interview with Bach Nguyen Cybersecurity Engineer, Shareholder at Circle, hints not only at internal vulnerabilities in the bank's security system but also at the challenges of a new generation of technological threats. Nguyen breaks down how these risks materialize in practice and the need for cooperation between ethical hackers and banks to strengthen financial systems. Below, we explore the key themes of this discussion, from ethical hacking to the potential risks of quantum computing.

A malicious employee or a poorly managed vulnerability?

One of the speculations Nguyen addressed in the interview is that there is a possibility that the hacker made a social engineering attack on an interbank employee. However, the opposite scenario is also explored: one where an ethical or well-meaning employee, when communicating security flaws, was not listened to. In this context, Nguyen suggests that mismanagement on the part of the bank's security department could have contributed to an employee's frustration or even facilitated the hacker's attack.

Contrast between ethical hacking and malicious hacking

Hacking, when ethical, acts as a powerful tool to expose vulnerabilities in systems and strengthen their defense. However, in this case, the hacker would have crossed the line between ethical and malicious, opting for blackmail actions by attempting to extort the bank for $4 million. Nguyen stresses that ethical hackers should seek solutions, not create new victims, suggesting that the hacker could have worked with the bank to close vulnerabilities rather than exploit them.

Hacking techniques and their impact on the financial system.

Nguyen describes the possible techniques the hacker may have used to gain access to the bank's systems, such as social engineering, where attackers manipulate employees to obtain confidential information, and exploiting vulnerabilities in the bank's software. This type of attack not only affects banks and their customers, but also represents a danger to the stability of the financial system, as it diminishes public confidence in the ability of institutions to protect their funds.

The damage caused by the attack affected not only the institution, but also its clients and, more broadly, the Peruvian financial system. The lack of good faith on the part of the hacker, who preferred to obtain a personal benefit rather than help solve a security problem, becomes a warning for banks, who must strengthen their cybersecurity programs to protect both their employees and their customers.

The importance of proactive security in banking.

Nguyen recommends that banks work closely with ethical hackers and cybersecurity experts to prevent future attacks. A partnership with the ethical hacking community could help identify and mitigate vulnerabilities before they are exploited. In addition, he notes that the bank's internal logs and security measures could shed light on how the hacker accessed its systems, and how to prevent similar attacks in the future. He also stresses the importance of adopting more robust encryption algorithms, such as direct protection in the database and not relying on basic techniques such as base64 encryption, which could be easily cracked by a competent hacker.

Quantum computing: a new risk for global banking

The advance of quantum computing represents a major challenge for banks and the financial system in general. Although Nguyen admits to having limited knowledge in this area, he stresses that banks, especially in Latin America, may not be ready to face a quantum threat in the next five years. Nguyen suggests that the global financial system may be exposed to risks if it does not take proactive steps to adopt quantum computing-resistant technologies.

One of the most worrying points is the potential for quantum computing to break current encryption systems, which form the basis of data security in banking. Without quantum computing-resistant encryption, hackers could easily access financial data without leaving a trace. Nguyen proposes that banks work together to invalidate stolen funds through quantum attacks, thus limiting the financial impact of such attacks.

Educating users and redesigning financial systems

With the looming threat of quantum computing, Nguyen highlights the importance of financial education so that users understand the risks and can make informed decisions. He also emphasizes the need to redesign banks' security systems to be resilient to quantum computing, thus protecting the global financial system against a potential crisis. Nguyen suggests that banks could collaborate with the government and technology sectors to find solutions to help strengthen security in the face of these developments.

Conclusions and recommendations

Nguyen's interview highlights several critical aspects of cybersecurity in banking today. First, cooperation between banks and ethical hackers is essential to anticipate and mitigate risks. In addition, financial institutions are called upon to strengthen their internal security protocols and adopt encryption technologies resistant to quantum computing.

Banks should act proactively to protect against hacking threats by implementing robust cybersecurity programs and collaborating with security experts. Nguyen concludes that prevention and collaboration between the financial sector and ethical hackers are key to building a robust and secure financial system in the face of advanced technology challenges.