Securing Banks in a Digital World
How Technology and Risk Are Changing the Banking Market
The banking environment faces a multitude of risks, which are evolving and changing daily. Fraud, at the top of the list, leads to significant losses if not controlled, and today more than ever, banks are laser-focused on minimizing fraud attempts and must adopt a proactive approach to stay one step ahead.
Most banks have invested heavily in physical and network security to protect against traditional threats, but today greater threats loom on the horizon in the form of the Internet of Things (IoT) and the increasing number of periphery devices residing on the corporate network. Such devices include video surveillance, identity and access management and other physical security systems that are critical to the day-to-day operations of financial services firms.
These technologies, which were once analog-based and largely segregated from other IT systems, have transitioned to IP and are becoming a greater cybersecurity threat themselves. And with the proliferation of the IoT, a significant portion of which is comprised of security sensors, this problem is only going to grow. In fact, according to research firm Gartner, more than 8 billion connected devices were in use in 2017 and that is forecast to grow to more than 20 billion by 2020.
What Can Be Done?
The problem for most banks is that they already have thousands of cameras deployed throughout their various corporate offices and branches, which makes trying to address cyber vulnerabilities a tremendous challenge. Let’s take the typical branch surveillance deployment, for example. There is usually a mix of both existing analog cameras and IP cameras, along with an encoder, a network switch and a network video recorder (NVR) that is connected to the network.
The NVR, switch, encoder and IP cameras all have firmware that may need to be updated to mitigate potential cyber risks, and most of them also typically have usernames and passwords that could be exploited by hackers. Updating these devices individually on a site-by-site basis presents a logistical nightmare, which makes having some type of centralized management utility a must.
Aside from deploying centralized management, other steps that security managers at financial institutions should take to mitigate cyber threats to their physical security systems include:
- Regular Technology Refresh Cycles: Although many banks today replace computers and other IT hardware every three to five years, the same cannot be said of their security equipment. Security devices, like other technologies, are changing very quickly, which means vendors are phasing out certain pieces of equipment more quickly and will eventually stop supporting them. Getting buy-in for a technology refresh can be challenging, but unlike the days where these systems had to be purchased outright, numerous suppliers now offer leasing programs for their equipment and software, shifting the cost to an operational expenditure and placing the onus for maintenance back onto the vendor and/or integrator.
- Check and Perform Firmware Updates: Manufacturers today are routinely updating their products to ensure they’re protected against the latest threats. Unfortunately, many organizations are still woefully lagging when it comes to applying patches to impacted devices.
- Practice Good Password Hygiene: Network security experts have written at length in recent years about the need for organizations and their employees to leverage strong passwords, and the same thing can be said with regards to periphery devices, such as cameras and NVRs. Often, however, the passwords being used on these devices are still the default ones that came with them from the manufacturer or were changed to simple passwords like “123456” or “password.”
- Leverage MAC Access Control Lists (ACLs): Many people within IT security departments at financial institutions are concerned about the potential of an unauthorized user gaining access to a camera switch at a bank branch, plugging in a laptop and infiltrating the network or introducing a vulnerability to periphery devices themselves. ACLs allow end users to detect the MAC address of an IP camera and, should it be unplugged, subsequently block any other device from connecting to it.
Cybersecurity is only one critical challenge on the minds of today’s banking leaders. To stay up to speed with a constantly shifting risk landscape and progressing threats, financial institutions must not only plan for today, but also look ahead to ensure the most innovative technologies and solutions are leveraged in the constant fight against fraud. As new trends and strategies emerge, security leaders should stay prepared and continuously work to gather as much data and intelligence as possible to modernize, simplify and automate their business.
Moving forward, the common goals of most financial organizations – satisfactory customer engagement, enhanced security and fraud reduction – will be significantly affected by these factors:
Big Data and Analytics
It has become clear that for financial organizations to predict and identify threats in real time, actionable, intelligent data analysis that links cyber and physical security must take place to present a unified risk scenario to the appropriate analysts and operators. Tomorrow’s analytic applications will propel increased situational awareness and provide instant notifications to facilitate immediate action.
Automation and Modernization
Solutions of the future must allow security teams to dedicate time and effort to relevant tasks and efficient responses, while leaving certain operations, such as firmware updates and camera verification, up to automation. Modernized processes will need to take advantage of prominent trends, including the IoT and the cloud, while elevating the customer experience and overall loyalty.
Advanced Investigative Tools
Security systems will continue to develop to support streamlined and simplified investigations. Biometrics are poised to impact the financial market tremendously, as technologies such as facial recognition and voice analysis create the potential for banks and credit unions to strengthen identification processes and track fraudsters.
Financial organizations should consider leveraging the latest in artificial intelligence and advanced analytics to help unlock the potential of automation and innovation as it relates to customer service. For example, intelligent systems can analyze customer activity by performing accurate people counting, tracking customer behavior (such as dwell times and wait times) and evaluating branch action. By leveraging this information, institutions can make informed decisions that can impact efficiency and safety and inevitably enhance customer satisfaction.
Banks around the globe face a new risk paradigm almost daily and require innovative strategies and tools to strengthen the security of valuable data and assets. The fact is that it’s not just the monetary loss that these businesses need to be concerned about – there is also a threat to the brand, customer trust and employee safety.
The practice of security – both cyber and physical – is a critical component of a bank’s organizational structure. It helps secure the branch footprint, alleviates risk, ensures operational compliance and improves fraud investigations. As we move through the remainder of the year, we will continue to see Big Data analysis, video analytics, cybersecurity and IoT-powered devices allow for the collection of myriad data points across systems, services and devices and also open doors to additional risk that must be managed. The banks prepared to investigate threats in a more proactive manner and generate actionable intelligence from collected data will be the ones best positioned to achieve their strategic intelligence and business objectives.