Building trust in banking through robust cybersecurity
There’s a old Dutch proverb: ”Trust arrives on foot, but leaves on horseback”. Nowhere is this truer than in the world of banking. It’s an industry built on trust between a bank and its customers, who hand over their most valuable assets and expect them to be kept safe and secure.
For many decades after the first banks were established, that protection was physical. Today, the much greater threat comes electronically, as cyber criminals make constant and increasingly sophisticated attempts to access and bank’s network and systems and with it customer data and financial information.
Increasing adoption of connected devices
With the increasing adoption by banks of network-connected devices – together commonly known as the Internet of Things (IoT) – the threat of cybersecurity vulnerabilities increases too. These devices include network security cameras for video surveillance and network door controllers for managing physical access for bank employees. It’s ironic that an often-overlooked risk in the crossover between physical and cybersecurity can also come through potential vulnerabilities in the physical security devices themselves.
Therefore, a failure to look holistically at both physical and cybersecurity – to connect the physical with the logical – will inevitably create vulnerabilities.
Process plus technology
Cybersecurity is the practice of protecting a bank’s systems, networks, and programs from digital attacks, and critically needs to include both comprehensive security processes and robust technology. The best security-related features built into a technology will be undermined if they haven’t been enabled or configured correctly.
To sustain customer trust, banks must have IT systems in place to manage network devices efficiently and effectively, and react immediately to new vulnerabilities. A key advantage of network devices is the ability to manage them remotely, allowing banks to:
- Manage all major installation, security and maintenance tasks
- Proactively manage cybersecurity
- Allow for fast and easy configuration of new devices
- Enable efficient installation of firmware upgrades and applications
Due diligence in security solution supplier
Furthermore, it is essential that banks undertake significant due diligence in relation to the cybersecurity credentials of any manufacturer and integrator of physical security equipment; and physical security equipment manufacturers themselves must ensure that their products don’t become a weakness in a bank’s cybersecurity.
While this includes, but isn’t limited to, the features on the security devices itself, it also relates to manufacturers having a philosophy of security by design. Elements include deploying a fully-secured development environment, with controlled and authorized access to facilities and resources, to ensure that firmware can’t be tampered with from the moment it leaves the development environment to deployment within the bank.
Physical and cybersecurity managed as a whole
Ultimately, banks must view their physical security and cybersecurity as an integrated whole, ensuring that one doesn’t create a vulnerability in the other. In some cases this may mean breaking internal silos; bringing together departments that have previously worked in isolation. But when customer trust remains a core differentiator for banks – and something that can be lost in an instant – it’s an essential step to take.