An analysis of the heist provides us with several valuable insights:
Secondly, it points out the inability of the financial industry to come together and share information which can help prevent recurrences of similar heists. In this case, the cyber heist on the first bank was repeated a second time.
Thirdly, it is obvious that there were inadequate security controls to protect the bank from this type of frauds. Failures would have been at multiple levels from inadequate risk assessment to ineffective security controls. In my experience, such failures are mostly due to a lack of appreciation of the business risk and on transferring this context to outsourcers. It may so happen that in this case the outsourcing firm strictly followed all the security processes as laid out by the bank, but still got hacked because there was no partnership in understanding the business context.
Fourthly, it is a rude awakening to the scale of cybercrime today. At 40 million dollars this heist is comparable to the largest bank robberies the world has seen.