Ensuring a comprehensive security design in banks

On an otherwise rather uneventful day in February 2016, the world’s headlines were dominated by news of the theft of US$81 million from the Bangladeshi central bank’s account with the U.S. Federal Reserve. This was one of the largest cyberattacks on a financial institution the region had ever seen, and in its wake reports of a number of other heists emerged.

These incidents threw fresh light on the security concerns of Asia’s banks and the need to deal with them at a cyber and physical level. In fact, given the fast rate at which physical security systems are integrating, it’s high time financial institutions in the region considered implementing comprehensive security systems.

What should the right bank security solution look like?

According to Ken May, VP of APAC Sales for Tyco Security Solutions at Johnson Controls, the requirements for banks are multifaceted. The ability to protect customers, staff, assets and premises are as important to a bank as providing customers with a more open “self-service” style of banking.

“Monitoring high-risk areas is the main issue for bank security,” May said. “Areas such as the ATMs need regular replenishment while self-service style ‘fast drop’ facilities need emptying. All these present security risks such as robberies or forced withdrawals. Another worrying threat to staff and customers is of violence arising from bank raids or mugging.”

An integrated approach provided comprehensive security to banks, May added. This approach combines security systems, remote monitoring and management services that enhance a bank’s operational efficiencies and provides managers with insights into the business. With remote monitoring, alerts and live video surveillance can be performed on any mobile devices, which allows the security team to respond in a timely manner.

Ashish Dhakan, MD and CEO of Prama Hikvision India, echoed these sentiments and stressed the need for cyber and physical integration in security.

“An ideal solution should be a combination of e-security (banking software) and physical security (surveillance cameras, access control, burglar alarms),” Dhakan said. “Since hacking is a very big threat these days, the integration of both systems can help in terms of cyber as well as physical security. If an alert comes in from the electronic security devices, the banking software should be alerted and vice versa.”

Integration is key

Beyond solutions like surveillance cameras and access control solutions, banks often need to have certain technologies in place to ensure safety. Solutions such as advanced anti-skimming technology, silent alarm notification, video surveillance, ATM lighting and remote video monitoring are some measures implemented by banks.

Having cameras positioned effectively and recording high-quality images is an essential deterrent. It gives institutions peace of mind knowing that any incidents will be seen on camera and recorded, and can be made available for any ensuing police investigation.

What matters the most in this is regard is the centralized approach these solutions can offer authorities.

“Cyberattacks are on the rise and are inextricably linked with threats against physical properties,” May said. “Digital identities have been compromised on a massive scale and cybercriminals are getting better at stealing identities such as user IDs and passwords to create bogus accounts. Modern phishing attacks are well targeted, difficult to detect and aim to grant malicious intruders the broad permission to (access) confidential data, devices and online services.”

To effectively combat cyber as well as physical risks, it is necessary to have integrated, automated controls in place to detect and prevent known and unknown threats at every stage of the attack lifecycle. Attacks can be initiated not just by outside actors, but also by bank employees, making the role of strong access control critical.