Join or Sign in

Register for your free asmag.com membership or if you are already a member,
sign in using your preferred method below.

To check your latest product inquiries, manage newsletter preference, update personal / company profile, or download member-exclusive reports, log in to your account now!
Login asmag.comMember Registration

Creating a framework for cyber-physical integration in banks

Creating a framework for cyber-physical integration in banks
In the UK and North America, financial institutions are shifting towards a global management system of physical security. A survey from Honeywell Commercial Security shows that half of the respondents (47 percent) said their company’s security is managed at a global level, with all branches under the same enterprise or integrated system, and a further third (32 percent) said they were planning to shift to a global model. 
 
With integration playing an important role across both security measures and markets, enterprise solutions featuring remote oversight and management are going to grow in popularity.

A holistic approach 

“The keyword is ‘integrated’,” explains Martin Koffijberg, Director, Business Development, Banking and Finance at Axis Communications. “A failure to look holistically at both physical and cybersecurity – to connect the physical with the logical - will inevitably create vulnerabilities. It is important to adopt some form of Enterprise Security Risk Management or Converged Security approach.” 
 
Both physical and IT security should follow the same cybersecurity principles and be evaluated in the same way, Koffijberg added. The first step has to be an acknowledgment from physical security practitioners that these security devices are connected to the network and, while performing security operations, create new risks to a business that hasn’t been seen with older technologies.

Framework components 

First, thorough and continued risk assessments need to be part of every physical security manager’s playbook. Today, many banks in the West have implemented sophisticated physical identity and access management (PIAM) policies, which control not only access into buildings but into the corporate network too. 
 
“These feature useful functions like shutting down access to networks when an employee leaves their laptop, desk or building,” Jun said. “Other functions include enforcing two-factor authentication before login and the use of analytics to flag suspicious network access or unusual activity.”
 
Speaking about his company’s experience in dealing with the situation, Kevin Sheridan, Director of Financial Institution Services for Convergint, said that their larger financial clients are focused on four key elements of securing their operational security systems to mitigate the risk of any potential vulnerabilities. These are: 
  • Device identification
With the volume of connected devices integrated into physical security systems at financial institutions, awareness of what devices are deployed, where they are deployed, and what their operational status has become more important than ever.  
  • Device hardening protocols

Password management is a focal point of our most sophisticated clients. Changing default passwords, while seemingly a rather basic activity, is something that many institutions have struggled to achieve given the volume of IoT devices deployed.  

  • End-to-end encryption
Physical security system architectures are increasingly having this level of network architecture as a requirement of physical security system design.  
  • Patch management
Keeping your systems up to date with the latest firmware patches and software updates, when combined with the aforementioned elements, reduces the attack surface significantly.

The human factor and AI

When designing a comprehensive security solution with a holistic approach, technology is only part of the problem to be dealt with. The other part is the people who use the technology. To mitigate physical breaches, human error, and surveillance monitoring, it’s also important to address the problem of fatigue.  
 
“That’s where deep learning and AI solutions can transform control rooms operations for major financial institutes, including those that operate 100s or even 1000s of cameras across large and multiple sites,” Jun said “Because deep learning learns over time, it distinguishes between environmental factors versus actual threats, such as an intruder or suspicious loitering. This translates into fewer false alarms and reduces the chance of control room operators shut down alarms, resulting in a quicker, more appropriate response to incidents.”


Product Adopted:
Physical Security Information Management Software


Share to:
Comments ( 0 )