Off-shore financial institutions get lots of business from those who think their money is safer on a (nearly) deserted island. But one security expert says it's a myth.
Some economists believe as much as half the world's capital flows through offshore institutions. You can also break down the math this way: Less than 2 percent of the planet's population inhabits these tax havens, yet 26 percent of the world's wealth can be found in these places.
"You would expect that isolated offshore financial centers, such as those in Bermuda, Cayman Islands and the Bahamas would be exponentially more secure than your local bank branch due to the magnitude of money being protected but you would be wrong," said Andrew Hay, a Canadian security practitioner and author who will give a talk on the subject at SOURCE Boston Wednesday.
In an e-mail exchange conducted in advance of the conference, Hay said foreign nations, malicious attackers, and malware makers know that most tax havens, especially those located in small water-locked countries, are behind the times when it comes to security. This knowledge, combined with the amount of money that flows through the offshore financial centers, makes them juicy targets for major financial exploitation.
The goal of Hay's presentation is to squash those myths and outline the risks of offshore banking in explicit detail.
"The gist of my talk is about dispelling the myth that the understanding and implementation of security in offshore banking nations like Bermuda, the Caymans, the Bahamas, etc. are exponentially more secure than local banking institutions. The entire talk is set to a 'Gilligan's Island' theme and each slide as lyrics from the theme song to help explain the topic. I'm going for fun but informative," he said.
Hay estimates that technology in most of these island nations are about a decade behind the rest of the world. Firewall models are no longer supported by the manufacturer and are out of warranty. If core routing equipment goes down, it may take days or weeks for a replacement to arrive -- and get through customs, he said.
Staffing is another problem.<.p>
"Most island nations have strict work permit regulations that restrict the expatriate (or expat)," he said. "If it's time to renegotiate your contract, any qualified Bermudian can challenge for the position. If they are qualified, then your permit does not get renewed. Similar restrictions are in place in Cayman and the Bahamas. In the Bahamas, however, upon hiring an expat the company must designated a local to shadow them to learn, and eventually take over, the job."
Specifically, Hay hopes to leave his audience with the following thoughts:
- Just because the institution is responsible for the handling and protection of money, doesn't necessarily mean that they are willing to implement the required controls to safeguard it.
- Staffing is a huge concern for offshore banks.
- How easy is it to establish a new information security program when you're only there for 3 years? How about steering an existing program when the previous guy was only there for 3 years? Is that efficient?
- Remember how hard it was to persuade the executive team to invest in security 10 years ago? If you move to an island nation you're looking at the same problems all over again.
Read more about application security in CSOonline's Application Security section.
This story, "Offshore banking more secure? You're dreaming" was originally published by CSO.