We have just entered the new year and already fresh concerns of cybersecurity are threatening the financial sector. In Britain, some of the largest retail banks have been forced to halt processing foreign currency orders after a cyberattack on exchange provider Travelex.
We have just entered the new year and already fresh concerns of cybersecurity are threatening the financial sector. In Britain, some of the largest retail banks have been forced to halt processing foreign currency orders after a cyberattack on exchange provider Travelex. In Africa, operations at several banks were affected after attack by Russian hackers.
There is no doubt that there will be more such incidents taking place in the future, given the nature of the technology and how hackers continue to successfully exploit vulnerabilities. But even more, concerning is how physical security is now connected to cybersecurity. With physical security solutions becoming more and more digitalized and integrated, an attack on either of the domains could have wide-ranging repercussions.
“Financial organizations are battling a growing number of physical and digital security threats,” said James Somerville-Smith, Global Customer Marketing Leader – End-User Programs at Honeywell Commercial Security. “According to new research from
Honeywell Commercial Security, which surveyed 1,000 large financial institutions across the UK and North America, physical security incidents in large financial institutions have increased across all access points, with half of respondents reporting that incidents affecting employee access systems, physical safety of staff and data centers have gone up over the last year.”
Sophisticated attacks and higher loss
According to Joon Jun, President of the Global Business Division at
IDIS, we are likely to see organized cybercriminals continuing to find and target any weakness they can exploit.
“With increased global political instability, we can also expect more state-sponsored cyberattacks on banks and other critical infrastructure where an attack can damage productivity and result in major disruption and financial losses,” Jun said. “We see this with threats from Iran and its allies in the Middle East as well as the continued risks from organized crime groups in Russia and other eastern European countries.”
On the cybersecurity front, major attacks and threats to the banking sector are focused in three areas, sensitive data exfiltration, ransomware attacks, and denial of service attacks targeting IoT devices, along with risks induced by third party vendors with weak internal cyber hygiene, according to Kevin Sheridan, Director of Financial Institution Services for Convergint.
Convergence of attacks
Alarmingly, several attackers have taken advantage of physical security solutions that are in place. For instance, hackers gaining access to surveillance cameras at ATMs are able to access the pin codes that customers enter. Jun pointed out that theft of biometric data as hackers look to bypass multi-factor authentication (MFA). This danger was highlighted last year when Kaspersky Lab researchers identified the selling of digital fingerprints together with associated personal data on the dark market.
Finding method in the madness
To tackle these growing problems of attacks on integrated security systems and avoid security breaches of any kind, banks must plug the gaps between standalone platforms by integrating their physical and digital security systems across the entire enterprise.
“As many financial institutions are both multisite and multiregional, such as retail banks with HQs and then branches, this means striking a careful balance between global central integration control and different regions using different systems and equipment – or locally monitored systems with global remote management as a possibility,” Somerville-Smith said.
However, an even major issue is that while cyber and insider threats make for more fascinating stories, physical security can often be overlooked. Jun explains that these risks have not gone away though and include bank and ATM robbery, cash-in-transit attacks, social engineering to gain access to restricted areas, and corporate espionage.
Plus, banks should also be considering the safety of their airspace, with drones posing not only a terrorist threat to corporate enterprises but cyber threats too as they have the capability to Wi-Fi spoof and trick employees and visitors into thinking they are connecting to a trusted network in order for hackers to gain access into a bank’s corporate network as well as harness personal data including banking details.