A Measured Approach
The Sheer Importance of Securing Banks Requires a Multifaceted, Proactive Approach
BTy Bill Wayland
he threat landscape continues to evolve for every business. But banks and financial services com- panies face especially urgent demands – from ag- ing infrastructure, outdated technologies, and the skyrocketing cost of brick and mortar locations, to
cyber-attacks, fraud and changing federal and state regulations. Adding to these challenges is a shift in how consumers want to interact with their bank today and the need for financial institu- tions to differentiate their organizations. The obstacles may seem daunting, if not completely overwhelming, at times.
A logical first step to better understand how these risks may affect your business is to conduct a thorough risk assessment. This risk assessment can help pave the way to help ensure your assets are protected while also helping improve your client’s inter- action, satisfaction and overall customer experience.
Aging Infrastructure and
Outdated Technologies
Looming large on the horizon is the fast-approaching sunsetting of Microsoft Windows 7. Most, if not all ATMs are built on the Windows 7 platform and come January 2020, organizations that have not already upgraded or secured a service contract to up-
22
JANUARY/FEBRUARY 2020 | SECURITY TODAY
grade at a future time, could face potentially serious risks.
After January, Microsoft will no longer support Windows 7, including issuing future security patches, security updates, non- security hotfixes, free or paid support options or online techni- cal content updates supported by Microsoft. For those financial institutions that will continue to run Windows 7 on their ATMs, they have the option of purchasing an Extended Security Update
(ESU) that will provide support through January 2021.
The ESU program will include security updates deemed “criti- cal” or “important” for the ATMs. Without purchasing an ESU for ATMs or upgrading to Windows 10, organizations that expe- rience a breach to their networks after that time could be liable
for any losses the consumer may experience.
The upgrade requires a new “PC core” and a software up-
grade, but financial institutions may want to consider taking that a step further to include third-party monitoring and servicing of the ATM. With internal IT and security resources stretched thin, outsourcing the service, maintenance and monitoring of ATMs to a Managed Service Provider (MSP) may make sense for some organizations.
These services can help to ensure that the latest security patch- es are installed as they become available. Real-time monitoring
BANKING SECURITY
guruXOX/Shutterstock.com