As October is National Cybersecurity Awareness Month (ECSM), we would like to take a look back at the BankSec 2022 conference, the annual leading RBR conference focused on banking security, which Auriga could not miss.
It was a a fantastic opportunity to share ideas and network with industry peers and discuss the best strategies to ensure the security of a bank’s assets, as well as how to defend their networks efficiently and reliably.
Joining Auriga at the event was Marco Mejia from 5B, a customer and the largest ATM provider in Central America. He shared their experience using Auriga’s Lookwise Device Manager (LDM) cybersecurity solution, which helped them in successfully securing their fleets of ATMs from cyber-attacks. Let’s deep dive into the details…
Managing more than 2,600 ATMs in Guatemala alone, 25% of which belong to bank branches, 5B’s primary goals were to:
- Control ATM operations, especially when it comes to developing software images and on-site processes that technicians (who often come from third parties) perform for terminal maintenance.
- Prevent and monitor potential threats and unforeseen on-site activities.
- Maximise the up-time of the ATMs.
In summary, 5B’s greatest commitment is to guarantee the security and stability of its production ATM network, both in software and hardware. Especially considering that they are critical devices and, therefore, must be active 24 hours a day, 365 days a year.
The implementation of a cybersecurity strategy based on the LDM solution, through an appropriate set of protection technologies, makes it possible to secure key devices without interrupting operations. One of the key benefits of LDM is it centralises device network security to ensure efficient control. In addition, by concentrating security operations on a single platform, it ensures there is minimal impact on the performance of the devices.
5B’s security model follows three main rules:
- Define a procedure to safely develop a software image: The ATMs follow the LDM production security policy, with software and hardware whitelisting, to protect the integrity of the file system and prevent manipulation of critical files in software images, as well as block unauthorised hardware devices from connecting to the ATM. In addition, by having the LDM protection modules pre-installed and pre-configured with the security policy, all operating system users have access to the restricted privileges system without administrator permission.
- Define processes to safely carry out on-site maintenance activities for ATMs: Every on-site terminal maintenance activity is properly scheduled, authorised, carried out and monitored by the 5B cybersecurity team. This means work orders from unauthorised sources will be denied.
- Define 24/7 response and monitoring practices: This enables automatic detection of suspicious activities such as attempts to connect hardware devices to the terminals, while there is no on-site maintenance activity scheduled, or LDM security policy changes outside of maintenance hours.
This operation made it possible to achieve 98.4% optimisation in the up time of the entire 5B ATM network and allowed 100% of the hard drives encrypted to maintain the integrity of software and hardware. On the other hand, a continuous and successful cybersecurity process was achieved for the ATM network, based on the appropriate technology, personnel, and actions. 5B was then able to run 24/7 monitoring, which is crucial for the automated detection of suspicious activities and the implementation of premeditated response plans that include physical and remote verifications.
Finally, the LDM cybersecurity model allowed operations (including physical access to ATMs) to first pass through 5B to be authorised, scheduled, controlled, and monitored.