Putting zero trust into self-service banking cybersecurity

For banks, their endpoint devices ranging from workstations to ATMs to ASSTs are a starting point for their cybersecurity review. The approach increasingly discussed is zero trust and can be relevant to securing critical endpoints and the other parts of the banking service infrastructure

June 20, 2022 | Auriga

European banks recently received a renewed warning about increased cyber threats from a regulator. The European Banking Authority (EBA) issued the alert in its latest update to its risk dashboard following the Russian invasion of Ukraine.

The EBA said exposure to Russian, Belarus or Ukrainian banks collapsing was less of a threat than “second- round” effects like cyber-attacks, which “may be more material from a financial stability perspective.”

Cybersecurity has been a priority for banks for many years now, but the fears of an attack have continued to grow. There is an obvious business model for cybercriminal gangs to target banking services, and especially ATMs, where they can steal money and valuable financial information about customers and cause business continuity disruption and service interruptions.

Attacks on financial institutions can generate serious cash returns and encourage cyber criminals to invest serious internal budgets into R&D to prepare attacks.

New risks for banking security

As banks have an even greater focus on digitalisation, there is a need to continually review cybersecurity strategies especially at a time of increased risks and threats.

There should be a particular concern about the rise in ransomware attacks that shut down critical systems, extort massive sums, and can lead to damaging data theft. One recent study by cyber security experts at Palo Alto Networks Unit 42 revealed the average ransom demand on cases they saw climbed 144% to $2.2 million, while the average payment rose 78% percent to $541,010.

Banks have tended to be prime targets for ransomware attack. For example, last year Trend Micro reported that the banking industry was disproportionately affected, with a 1,318% year-on-year increase in ransomware attacks in the first half of 2021.

Banks can reduce the likelihood of attacks and mitigate the damage caused if they consider how cybersecurity goes hand in hand with their digital transformation programmes, especially on the deployment of even the most advanced ATMs and assisted self-service terminals (ASSTs) now being used in next generation branches and digital banking hubs.

Banks also need to consider how new ways of both working and banking affect the balance of risks. While national lockdowns have ended in numerous countries, hybrid working patterns remain and include banking staff who are not always working out of their branch or office. Security leaders need to be considering whether employees working from home are inadvertently creating security vulnerabilities.

Similarly, the steep rise in customers doing online banking brings risks when so many of them who are new to digital banking services can be more susceptible to online scams or phishing attacks that could lead to serious breaches.

Fundamentally the goal must include reducing the attack surface and having a greater visibility of what is happening and faster insight into anomalous activities that could be or are suspicious.

Zero trust approach to self-service banking security

For banks, their endpoint devices – ranging from workstations to ATMs to ASSTs – are vulnerable to attack and a starting point for their cybersecurity review. The approach being increasingly discussed is zero trust which can be relevant to securing critical endpoints and the other parts of the banking service infrastructure.

First of all, a quick definition. Zero trust means a cybersecurity system that minimises the level of implicit trust so a system is only used and accessing software when stringent checks are done. This concept can be applied to ATMs and ASSTs as they comprise several software layers including an operating system, hardware vendor software layer, the multi-vendor layer, plus the different tools for operations, monitoring, security among others.

The risk with these layers is how, unlike PCs, the software updating on these devices tends to be reactive, not proactive. This means vulnerabilities can slip into software inadvertently, making the concept of zero trust critical in isolating an unpatched layer.

The value of zero trust to securing digital self-service banking is you are not trusting the assumed security of mainstream software. This distrust is important because cyber attackers will hijack legitimate tools and software to launch an attack.

Additionally, a zero trust strategy for banking endpoints should extend to the third-party tools and services which have legitimate access to ATMs and ASSTs when servicing these devices. Again, banks need cybersecurity that interrogates whether their access at a specific time or place is correct or authorised.

To help you apply a modern approach to protecting fleets of ATMs and ASSTs, here’s a useful checklist:

  • Reduce the attack surface: anything will be allowed only if needed, and not just when it’s legitimate, only if they’ve been certified for proper operations.
  • Control whoever is going physically to manipulate the ATM. Standard solutions, like antiviruses, have the same level of protection at any time. When talking about critical devices, and a 3rd person is manipulating it, banks must be able to control the level of protection and activate specific policies in that specific moment. The bank should be able to monitor what the technician is doing at a time of highest exposure to an exploit
  • Make the job of managing banking cybersecurity easier. Consolidate protection measures on a single platform such as application whitelisting, full encryption of all hard disks and media, file system integrity protection, hardware protection and a firewall to stop network attacks.

To find out more about how Auriga helps banks in protecting older and newer generations of ATMs, ASSTs and the rest of the systems used in next generation bank branch operations, check out here.



Lookwise Device Manager - The Cyber Security Platform

Video | Banking Lookwise Device Manager - The Cyber Security Platform

Securing APIs Key to Protecting Information

Best Practice | Banking Securing APIs Key to Protecting Information

The ThreatAdvice Breach Prevention Platform for MSPs

Video | Banking The ThreatAdvice Breach Prevention Platform for MSPs

CyberBytes Email Newsletter From ThreatAdvice

Brochure / Fact Sheet | Banking CyberBytes Email Newsletter From ThreatAdvice