This month, European banks received a renewed warning about increased cyber threats from a top authority.
Cybersecurity hasn’t been off the agenda for banks for many years now but the fears are even greater than before. There is an obvious business model for cybercriminal gangs to target banking services and especially ATMs – steal money and valuable financial information about customers and cause business continuity disruption and service interruptions. Attacks on financial institutions can generate serious cash returns and encourage cyber criminals to invest serious internal budgets into R&D to prepare attacks.
New risks for banking security
As banks have even greater focus on digitalisation there is a need to continually review cybersecurity strategies especially at a time of increased risks and threats.
There should be a particular concern about the rise in ransomware attacks that shut down critical systems, extort massive sums and lead to damaging data theft. One recent study by cyber security experts at Palo Alto Networks Unit 42 revealed the average ransom demand on cases they saw climbed 144% to $2.2 million, while the average payment rose 78% percent to $541,010.
Banks have tended to be prime targets for ransomware attack, For example, last year Trend Micro reported that the banking industry was disproportionately affected with a 1,318% year-on-year increase in ransomware attacks in the first half of 2021.
Banks can reduce the likelihood of attacks and mitigate the damage caused if they consider how cybersecurity goes hand in hand with their digital transformation programmes especially on the deployment of even the most advanced ATMs and assisted self-service terminals (ASSTs) now being used in next generation branches and digital banking hubs.
In their cybersecurity planning, banks also need to consider how new ways of both working and banking affect the balance of risks. While the lockdowns are ending, hybrid working patterns remain and include banking staff who aren’t always working out of their branch or office. Security leaders need to be considering whether employees working from home are inadvertently creating security vulnerabilities.
Similarly, the steep rise in customers doing online banking brings risks when so many of them who are new to digital banking services can be more susceptible to online scams or phishing attacks that could lead to serious breaches.
Fundamentally the goal has to include reducing the attack surface and having a greater visibility of what is happening and faster insight into anomalous activities that could be or are suspicious.
Zero trust approach to Self Service banking security
For banks, their endpoint devices ranging from workstations to ATMs to ASSTs are vulnerable to attack and a starting point for their cybersecurity review. The approach that is increasingly discussed is zero trust and this can be relevant to securing critical endpoints and the other parts of the banking service infrastructure.
First of all a quick definition. Zero trust means a cybersecurity system that minimises the level of implicit trust so that a system is only used and accessing software when stringent checks are done. This important concept can be successfully applied to ATMs and ASSTs as they comprise several software layers including an operating system, hardware vendor software layer, the multi-vendor layer, plus the different tools for operations, monitoring, security and so on.
The risks with these layers is how, unlike PCs, the software updating on these devices tends to be reactive not proactive. This means vulnerabilities can slip into software inadvertently, making the concept of zero trust critical in isolating a layer that’s unpatched.
The value of zero trust to securing digital self-service banking is you are not trusting the assumed security of mainstream software. This distrust is important because cyber attackers will hijack legitimate tools and software to launch an attack.
Additionally a zero trust strategy for banking endpoints should extend to the third party tools and services who have legitimate access to ATMs and ASSTs when servicing these devices. Again you need cybersecurity that interrogates whether their access at a specific time or place is correct or authorised.
To help you apply a modern approach to protecting fleets of ATMs and ASSTs, here’s a useful checklist:
- Reduce the attack surface: anything will be allowed only if needed, and not just when it’s legitimate, only if they’ve been certified for proper operations.
- Control whoever is going physically to manipulate the ATM. Standard solutions like antiviruses have the same level of protection at any time, but when we’re talking about critical devices, and a 3rd person is manipulating it, you must be able to control the level of protection and activate specific policies in that specific moment. The bank should be able to monitor what the technician is doing at a time of highest exposure to an exploit
- Make the job of managing banking cybersecurity easier. Consolidate protection measures on a single platform such as application whitelisting, full encryption of all hard disks and media, file system integrity protection, hardware protection and a firewall to stop network attacks.
To find out more about how Auriga helps banks in protecting older and newer generations of ATMs, ASSTs and the rest of the systems used in next generation bank branch operations, check out here.