Top Banking Security Concerns

bank-security.jpg

In regards to new technology, fraud and cyber security, there are recent concerns around hacking impact on the 2016 elections, data security in banking and many other regulated industries.  Besides driving growth and profitability, the top challenges in banking includes managing risk around;

  • Compliance
  • Fraud/Cybersecurity
  • Integrating new technologies
  • Integrating technology platforms after a new merger or acquisition
  • Identity Theft

In interviews with CionSystems executives, a cyber-security engineering firm focused on security in the banking & medical industries, they see consistent problems in three primary areas:

  1. Identity - Computer security systems that enables the right individuals to access the right resources, at the right times and for the right reasons".

  2. Access - selective restriction of access to a physical or online resource.  (Includes resources such as online banking systems.)

  3. Authentication - the process of comparing credentials and then comparing those credentials with a record of authorized users.

Zubair Ansari, the CEO of CionSystems says, “…the crypto wars will continue to heat up.”  Also, indicating that what he’s seeing is that Banks and payment companies continue to be popular targets for local and international hackers.   Indicating also that, shareholders and government agencies will be recommending and requiring that cybersecurity rules for banks will get tougher moving forward. 

The prediction is that IT Due Diligence will need to focus on insider security threats.  Meaning that employee, contractor and vendor access to information “Inside the firewall” will need to be audited more frequently.  Because of the technology industries push towards the “Internet of things” (IoT) there will also be new security and privacy risks.  And there will of course be the same recommendations around:

  • Password policies will become much more strict and disciplined
  • Identity theft
  • Disgruntled employees with access
  • Secure and Immediate de-provisioning while complying with regulations for employees, contractors, vendors and other accounts
  • Online and in-person Impersonations
  • Stricter email policies (think malware, strange links and reconnaissance emails)
  • Card-not-present, credit card fraud is continuing to rise
  • Stolen Laptops

Many cyber savvy C-Level executives are solving these problems with new generations of cyber security software and appliances created by companies like CionSystems

New solutions include:

  • Multi-factor authentication – a simple solution loaded onto a server and a computer (laptop, phone, tablet etc.) that adds additional authentication metrics. This dramatically improves authentication reliability (keeps away people who shouldn’t be there) without adding a lot of work, hassle or overhead to what the end user is already doing.

  • System information & comparison – These security solutions, when added to the network, compares a “known good” system configuration (of say a server) with the present system. If there’s a difference, (such as an unexpected new information on the server) the difference is reported to the system admin.  The system admin can review the server and identify breaches made by hackers or viruses.

  • Active Directory Manager Pro and change notifications – When the network uses multiple types of Identity systems (tracking who has rights to what) on one or more security platforms there are very few ways to track overall security rights to resources or individuals. GPO managers can track user rights across multiple Identity systems, then provide a report on user access to all resources and users on the network.  This can be used to identify risks, gaps and holes in security.

These are some, but not all, of the modern cyber security solutions available.  The value here is that traditional systems require the end user to do more work to be more secure.  With these and other modern cyber security solutions, there is little if any additional overhead for the end user.  There will be some configuration by the IT team to automate the solution.  Once completed, reports all anomalies to the system admin without needing anything further from the end user.

If you have any questions on the security solutions in this article or other solutions that we’ve researched, but didn’t make it into this article, send us a question.  We’ll be happy to help you with answers to your security questions for banking, HIPAA, PCI or education solutions.

Topics: Cybersecurity Bank Security