When $81 million was stolen from the Bangladesh Bank in 2016 and laundered through casinos in the Philippines, many in the financial world were shocked, but not the risk managers at the Bank of the Philippine Islands.
For some time, ahead of the world’s biggest cyber heist, security experts at the bank had noticed a sharp uptick in cyber activity in the Philippines from a variety of locations, says Marita Socorro Gayares, chief risk officer at BPI.
“We noticed months before the attack that there were also some patterns of unusual access attempts in the bank’s systems coming from various IP addresses, and we were able to detect that some third party may be interested in trying to penetrate BPI. There was a direct link between the attack on the Bangladesh central bank and our bank’s decision to invest more in cyber security,” she says.
As a result, the BPI board signed off an ambitious programme of improvements to its cyber security in 2017, which included a conscious decision to spend at least two billion pesos (US$19.7 million) annually – as part of an IT spend equivalent to 9% of the bank’s total revenues – to guard…
