Money in the Bank Protecting financial Institutions through cyber resilient physical security
By David Uberig
We have all read or heard about incidents of cyber crime targeting government and com- mercial entities to compromise services or harvest information. As you can image, fi- nancial institutions are a primary target for
attack.
While they have top-notch security, financial institutions may
be still be the target of threats involving software and hardware vulnerabilities that could lead to exploitation. The most consis- tent feedback we hear is that their primary concern is cybersecu- rity. Given that financial institutions can lose customers, revenue, and reputation because of a breach, this is hardly surprising.
Physical security in banking has evolved toward network- based solutions with high-resolution cameras and high-capacity recorders. These devices have operating systems, communication capabilities, and passwords just like any other computer on a net- work. Any poorly protected device can easily become the attack surface hackers need to gain access to a financial institution’s in- frastructure.
As a result, IT teams have become involved in the process of testing, selecting, and deploying all the devices on a bank’s net- work, including cameras and video management systems (VMS). The shift from focusing on physical security to IT security has changed the discussion. Many IT specialists ask questions about whom a vendor works with, and how they secure their products. However, when they aren’t sure about what questions to ask, it is up to vendors to lead these conversations.
Financial institutions need physical security system vendors
who understand their cybersecurity concerns and who are work- ing to mitigate against the risks associated with cyber threats. To start, they should be looking for four Key Cybersecurity Mea- sures:
DEVICE HARDENING PROTOCOLS
While changing factory-set passwords might seem like a simple action, many institutions struggle with it. This is partly because of the sheer volume of devices they have on their networks. How- ever, it is also because, during the installation process, many skip this step, assuming they’ll come back to it later. Unfortunately, just one camera that still has the default password can increase a network’s vulnerability to attacks.
Cameras that do not have default passwords and instead re- quire users to set strong passwords before attaching the device to the network help protect banks. In addition, some vendors, like Hanwha Techwin, also provide network hardening guides that re- duce the risks associated with improperly or unprotected devices.
END-TO-END ENCRYPTION
Given the volume and type of data that financial institutions are collecting and storing, end-to-end encryption is vital. It is not enough to encrypt data in motion. Financial institutions must also be able to encrypt data at rest as well.
Encrypting data in motion protects it from anyone who is sniffing a system with the intention of capturing data packets passing through a network. On most networks, this means pass- words and other account information. Within a physical security
24
NOVEMBER/DECEMBER 2021 | SECURITY TODAY
BANKING SECURITY
Luca Santilli/Shutterstock.com