Introduction
IT professionals in the banking and finance sector tend to spend a significant amount of their time on the game ‘whack-a-mole’. But they’re not playing this in the arcades. Instead, they’re experiencing this game while solving the random day-to-day issues of complex infrastructures and systems in the banking and finance industry.
One of the most common (but often forgotten) example is physical ATM security. ‘Nobody uses those things anymore’ you might say, but you’d be wrong – over 10 billion transactions are performed at ATMs in the US every year.1 The scary part is, every one of these transactions is a possible doorway to a data breach (which the Ponemon Institute estimated cost $3.86 million each in 2020). So, although digital currencies and fintech seem to dominate the news, the banking and finance sector also needs to remember to pay attention to non-news cycle security risks – like physical ATM security.
A leading Thai bank realised the importance of ATM security
Despite increased cost-cutting measures, a leading bank in Thailand was still reporting profit declines due to persistent losses from their ATM network. The bank had 5,000 ATM machines operating across the country so naturally, the most common cost was upkeep as vendor support is increasingly hard to find. But, their reliance on these physical systems was also creating significant security vulnerabilities – both internally and externally
Insider security threats
Like most banks, their ATM network had inadequate file-encryption solutions to ensure that any and every file could withstand insider threats from technicians. While this is a common problem among businesses who rely on dispersed physical systems, the bank had been misinformed that file-level encryption solutions cannot be easily mapped to existing infrastructure.
As a result, this bank suffered regular internal attacks from maintenance staff who were being bribed to provide access to data. This was all too easy to do as ATM upkeep entails manual processing and multiple touchpoints. Staff and third parties could easily conceal unauthorised access and plug in external media hard drives with minimal risk of being caught. The worst part about it was, the crime would only be spotted long after the incident had taken place.
Because this bank wasn’t thinking about flexible and comprehensive File Level Encryption as a solution, there was nothing to stop cyber criminals from gaining access to customer data and banking information. In the absence of any security software that secures data at the file level, cyber criminals could later use it for fraudulent activities or sell it to third parties – all without the bank’s, or the customer’s, knowledge.
External security threats
Adding to the complexities of ‘whack-a-mole’ maintenance, the bank was also falling victim to persistent and sophisticated external threats from spoofed card infections via malware. This occurred because their legacy hardware did not have adequate application control to prevent malicious attacks.
The bank had overlooked this security risk because on the surface, ATMs seem like simple machines to interface and conduct transactions. However, the bank soon realised that physical ATMs also act as a portal to their wider network and that a spoofed card could easily cause an ATM to lose connection with the central server, allowing it, or other machines on the same network to be taken over – without triggering any alerts or logs. In the absence of an application control, ATMs could be emptied of their content without the bank being able to detect the threat and block the action.
Not only were the bank’s existing security solutions ineffective at protecting their data, they also left the central network exposed. The bank was in the process of migrating to newer systems, which entailed changing security infrastructures to support remote working goals. Their CEO at the time referred to their situation as ‘adding on new pipes and rooms to a house’ and they soon discovered legacy technology, like homes, have hidden flaws and the old doesn’t always work with the new. As the new technology they invested in was increasingly required to work in tandem with the old, the bank soon realised more security gaps were surfacing and the seams and foundations needed better protection.
Our client values the simple and proven SecureAge approach
The Thai bank’s ATM network was presenting a perfect storm of challenges. The simple reason for this is that physical systems were built for a different era. Not only have customer behaviours changed, but the threat landscape has also evolved.
Intrigued by our focus on protecting the data itself, and aware of the fact that they could not withstand a breach of any size, the bank reached out to us to find a new way to secure their nationwide ATM network. They realised that by implementing a security solution that focussed on their most valuable asset, the data, it wouldn’t matter what hardware or system they were using – old or new, the data would remain protected wherever it went.
We offered the bank two security solutions to counteract the threats they were facing, both of which could be added to existing infrastructure and wouldn’t force them to change workflows.
Option 1: 100% Data protection
The SecureAge Security Suite enabled this bank to minimise the impact of insider threats by ensuring that all data was encrypted, and that any files stolen would be useless to the thief.
Our unique PKI-based approach to File Level Encryption provides 100% protection for ALL data throughout its lifespan and in all three states: in-transit, in-use, and at-rest. In addition to providing reliable defence, the SecureAge Security Suite provides offense by blocking ALL unauthorised processes from running, including spoofed card attacks. The data lens to security recognises that there is no such thing as ‘sensitive data’ in today’s world and that perimeter defences and data discovery and classification are ineffective. The SecureAge Security Suite is a complete and versatile data security addition to any environment.
Option 2: 100% Malware detection
The alternative approach we offered was our intuitive application control, CatchPulse Pro, which uses an AI-powered engine with a personalised ‘allow list’ from a central management server.
CatchPulse Pro is an equally effective and flexible option for physically dispersed and complex systems like ATM networks. While anti-viral are ‘deny-lists’ of known threats and the best AI on the market today can detect around 99% of known and unknown threats, CatchPulse Pro makes 100% malware protection possible in any environment.
With CatchPulse Pro, any threats that fall outside the 99% detection rate of our AI-powered engine are denied by default and then flagged to administrators with recommended actions. When faced with the unknown, competitive approaches apply blanket rules such as delete or quarantine – rules that can have significant unintended consequences. CatchPulse Pro blocks first and then asks for guidance when it knows it needs it.
Where are your security gaps?
While physically dispersed systems may be incompatible with some security features surrounding access, (such as multi-factor authentication, single-sign-on, and role-based access), it is a misconception that digitisation must include scrapping and starting over. Both the SecureAge Security Suite and CatchPulse Pro can fill your security gaps without interfering with other applications and without requiring new infrastructure. Our security solutions were designed to protect data in the wild and plug security gaps wherever they exist – reach out today to schedule a personalised demo of how SecureAge Security Suite works or download CatchPulse Pro trial to witness how it is possible to achieve 100% malware protection with our endpoint protection platform with intuitive application control.
1 http://www.nationalcash.com/statistics/