Bank ATM cashpoint machines have always been prime targets for both physical and cyber threats for obvious reasons; they contain large amounts of cash and sensitive customer information. Yet, as the growth in hybrid working and migration to cloud applications has extended bank communications infrastructures to include public Internet paths, new cyber vulnerabilities have also opened up.
Accordingly, this post offers an overview of the real cybersecurity landscape for banking, and suggests some possible solutions. In particular, it looks at how Secure Web Gateway (SWG), Next Generation Firewall (NGFW) and Secure Access Service Edge (SASE) technologies can protect financial service organizations such as banks from the newer threats created by Cloud and Internet connectivity.
Cyberthreats to bank ATM cashpoint networks
Because bank ATM cashpoints are obvious physical targets, they are all monitored by video, so that every transaction and all individuals accessing the machines are recorded. Nevertheless, the machines are still subject to attacks; the worst example being called ‘jackpotting’[i], because it manipulates the machine’s cash dispenser either by hacking into bank software or with special equipment – and, if successful, can empty the entire machine rather than just cash related to one account.
Another vulnerability is the large number of actors involved in cybersecurity, including financial institutions, installers, service providers, developers, and others. This can mean too many people have administrative rights to ATM systems, potentially increasing the risk of unauthorized access.
An ATM cashpoints ecosystem is complex, comprising multiple hardware and software components. Because of this, organizations find it difficult to organize and apply proactive software and operating system update policies or have centralized, full visibility of their security infrastructure.
Other considerations relating to ATM cashpoint security include:
- Banks must ensure the best security for their ATMs by implementing the best practices of the ATM Industry Association, or ATMI
- ATMs use legacy operating systems, without security support from the manufacturer
- They cannot be taken offline to be rebooted; they need to be available 24/7, 365 days a year with maximum security, so require a different approach to cybersecurity
- Attacks are more targeted than in the IT world and require specific protection from specialized solutions
Banks need a centralized security solution that protects, monitors, and controls their ATM cashpoint networks so they can manage their entire ATM network in one platform to stop malware attempts or fraudulent activity at compromised ATMs. Layers of this platform include:
- Application whitelisting to prevent execution of malware or unauthorized software
- Full disk encryption of all hard disks and volumes
- File system integrity protection to block an attempt at modifying critical files
- Hardware protection to prevent connection of fraudulent hardware
The rapidly-changing financial services landscape
However, while banks are working to recognize and counter threats to their ATM cashpoint network, they must also accommodate the dramatic changes that have affected the entire financial services (finserv) sector over the last decade. Most financial affairs today are managed digitally, rather than in person and on paper[ii].
While improving their services digitally, finserv companies have also been working to improve their own infrastructure to streamline processes, optimize productivity, enhance real cybersecurity, and operate in a more effective, agile and flexible manner.
Before COVID, finserv companies like banks had been operating mostly out of their offices. However, the pandemic’s social distancing and lockdown restrictions shifted the hub of productivity to employees’ homes. At its outset, many companies and IT teams thought the pandemic would last just a few weeks, so they used VPNs to provide disparate employees with access to key resources and applications available within their organization’s on-premises network infrastructure.
However, as the hybrid working culture increasingly becomes the norm, VPNs are no longer sufficient as a viable, productive, and long-term solution. The networks they connect to were not designed to support remote operations. This can lead to bottlenecked traffic, hampered productivity, and security vulnerabilities that force network managers to make visibility concessions.
While employees are now distributed to various locations, many of the tools they use to work productively are based in the cloud. Public Internet connectivity becomes a desirable if not essential part of their communications network. It therefore makes sense to support this eco-system with properly managed cloud solutions, with robust protection from suitable cyber-security measures. These must protect the organization from Internet-born threats in addition to protecting the on-premises network.
Secure web gateways
Secure Web Gateways (SWGs) offer one such solution. They protect an organization from online security threats and infections by enforcing company policy and filtering Internet-bound traffic[iii]. A secure web gateway is an on-premise or cloud-delivered network security service.
Sitting between users and the Internet, they provide advanced network protection by inspecting web requests against company policy to ensure malicious applications and websites are blocked and inaccessible. A secure web gateway includes essential security technologies such as URL filtering, application control, data loss prevention, antivirus, and https inspection to provide organizations with strong web security.
According to the 2019 State of IT Security survey conducted by eSecurity Planet[iv], web gateways are one of the top IT security spending priorities, and a security technology that users have the most confidence in. Although these gateways have been around for some time, their popularity and the need for strong security while accessing the Internet and web applications remotely, is not expected to diminish any time soon.
Analysts expect a 20% growth in the web gateway market, with sales projected to more than double by 2025, reaching $12 billion. Furthermore, leading analysts notice there is a trend in how secure web gateways are deployed. The market for cloud-hosted secure web gateway services is now outgrowing the market for appliance-based secure web gateways as more organizations move to the cloud.
Next Generation Firewalls
Next Generation Firewalls (NGFWs) offer more security functionality than secure web gateways. They provide advanced network protection and can distinguish between friendly and malicious traffic.
Secure web gateways mainly identify and protect against advanced Internet-based attacks using web traffic inspection at the application layer. Though Next Generation Firewalls also inspect Internet traffic, these firewalls primarily use deep packet inspection to identify and allow safe applications into the network, while blocking and controlling dangerous applications.
NGFWs can also block modern threats such as advanced malware and application-layer attacks. They include:
- Standard firewall capabilities like stateful inspection
- Integrated intrusion prevention
- Application awareness and control to identify and block suspicious apps
- Threat intelligence sources
- Upgrade paths to include future information feeds
- Techniques to address evolving security threats
Unified Threat Management
Unified threat management (UTM) describes an information security (infosec) system that provides a single point of protection against threats, including viruses, worms, spyware and other malware, and network attacks. It combines security, performance, management and compliance capabilities into a single installation, making it easier for administrators to manage networks.
UTM systems combine multiple security features into a single device or software program. This can help because there are five primary threat types that organizations need to protect against:
- Phishing and social engineering
- Viruses, worms and Trojans
- Denial of service (DoS)
Using a single UTM system to manage all these threats eliminates the unnecessary complexity that arises when separate technologies are used to resolve each of the issues.
More recently, a new approach to security infrastructure has emerged. Known as SASE, it stands for Secure Access Service Edge. It combines networking and network security services into a single, cloud – delivered solution which secures access to apps and all other resources within the cloud. It comprises SD-WANs and NGFWs.
For financial technology (Fintech) companies that rely on data processing as a cornerstone of their business, a secure cloud-based SASE platform will allow them to move traffic as needed[v]. Fintechs can use the cloud-based platform’s flexibility and scalability to adjust on what they need to use at that moment in time, enabling faster deployments and ensuring employees can continue working. SASE can also help keep costs down, which is critically important as businesses face the challenges of the last year.
Teldat’s be.SAFE Premium solution is an excellent example of cloud-based cybersecurity protection. It supports access from anywhere and allows large bank or other corporate remote branches and remote workers to connect to the Internet securely. Operation is simple as the integrated SD-WAN and security network can be run from a single pane of glass.
Electronic devices – and the components they are built from – have been seen to suffer random failures that are not related to material aging (i.e., they have no memory) but follow an exponential probability density function