Inside Man And Cybanetix

Inside man and Cybanetix: how to stop the modern day bank heists.

Hollywood loves a bank heist movie, ideally one where the ‘bad guys’ get away with a coy smile and lots of money/jewels/stash. In Spike Lee’s Inside Man, the ‘bad guys’ are trying to steal information, specifically the reveal of money delivered by a Nazi, in order for the bank’s owner to open it initially. This leaves the audience rooting for them; they’re committing a crime, but with the moral high ground, or trying to bring to light a horrific crime. 

Unfortunately, bank heists are never so simple and often leave many with lifelong damage, from money to trauma. That’s why, at the start of this year, DORA was introduced to provide better protection for financial institutions within and around the EU.

The Scene:

Digital blackout

this is an excellent Hollywood trick

When the team first enters the bank, they begin by disabling all digital surveillance and internal communications; no one outside can see what’s happening on the inside. This gives them time; they can set up their ruse with the hostages by dressing them in the same clothes as the robbers and continuously moving them to disorientate both the hostages and the police on the outside.

While this is an excellent Hollywood trick, in reality, if DORA had been adequately implemented, the ICT risk management and threat monitoring protocol would have kicked in and caught their mischievous actions.

At Cybanetix, we would have equipped our client with a detailed Security Assessment, identifying and providing a comprehensive breakdown of any potential risks foreseen, along with their solutions. With this information, the institution could have developed a business continuity plan in preparation for any potential attacks relevant to the identified threats.

Therefore, in our rewrite of the movie, as soon as the systems went offline, the bank’s business continuity plan would have initiated with automated alerts immediately sent to the relevant authorities. There may also be off-site surveillance backups for an additional layer of security.

The Scene:

Skeletons in the safe deposit box

Cybanetix conducts detailed due diligence to identify any existing risks

In this movie, the real prize isn’t the money, but a little-known safe deposit box containing WWII-era documents that implicate the bank owner, Arthur Case, in some immoral behaviour. The bank heist is a cover-up; in reality, the robbers are there to retrieve the assets from the box and release them into the world, thereby exposing Case’s unethical actions and his means of securing money to open the bank in the first place. At the end of the film, you’re rooting for the heist team, cheering them on because, although they have committed a crime, morally they were in the right.

Unfortunately, this is another remarkable Hollywood aspect. In real life, actual bank robberies are primarily motivated by the desire for money, with little to no regard for moral considerations. As part of DORA compliance, organisations need to assess their third-party risk. This encompasses a range of forms, including supply chain integrity, reputation monitoring, and risk assessments of partners and senior stakeholders. During a company’s onboarding process, Cybanetix conducts detailed due diligence to identify any existing risks and rectify them.

Consequently, in the Cybanetix rewrite, the document would have been flagged in an internal audit, likely years before, leaving nothing for the robbers to want to find. It may have even already been investigated and removed, depending on the organisation.

The Scene:

Where’s the evidence?

Under DORA, all banks must report any major ICT-related incidents

When the police finally arrive, all evidence of the robbery has been erased, with no digital proof of the event ever having taken place. The detective in charge struggles to find any credible evidence to convict the robbers and ultimately follows the lead on the safe deposit box. In the film, all the robbers remain out of the police’s reach, and it is heavily implied that they’re never caught.

Under DORA, all banks must report any major ICT-related incidents within hours of detection and provide a detailed analysis of the incident. Working with Cybanetix offers institutions a real-time critical incident response through the SOC service, alongside standardized incident management and reporting plans to ensure minimal downtime when an attack occurs.

In our rewrite, this incident would have been escalated to national regulators and EU-level authorities. Although the heist is based in NY, DORA still applies to US-based institutions if they provide critical ICT or financial services to EU-based financial entities. The robbers would have been tracked down using metadata, residual access logs, and out-of-band communications; they would have been found, prosecuted, and sentenced, unable to stay hidden indefinitely, as the film implied.

The Takeaway:

Where’s the evidence?

these kinds of heists don't exist in the real world.

In Inside Man, one of the greatest bank robberies is pulled off with no evidence that it ever even happened in the first place, with ethically pure bank robbers who were there not to steal but to bring light to a bad crime that had happened years ago. Unfortunately, these kinds of heists don’t exist in the real world. Modern robbers seek to reap the greatest gains, often leaving the companies devastated behind. That’s precisely why DORA was introduced for financial institutions within and with links to the EU, as a protection buffer for both the institutions and their consumers. At Cybanetix, we collaborate with our partners and clients to support those required to become DORA compliant through various avenues, helping to keep everyone safer.