Banking Cybersecurity: A Smarter, Simpler and Sustainable Approach to Network Separation
By BUFFERZONE Team, 28/06/2016
Banks. Investors love them, governments support them, businesses rely on them, and over the course of their lifetime individuals probably use them more frequently than any other type of professional service. Unfortunately however, there is another group that also has a keen interest in banks: cyber criminals.
Indeed, while no industry is immune from cyber threats and attacks, banks and other institutions in the financial sector are especially under siege, because they have the two things that today’s cyber criminals covet: cash, and confidential customer data that can be leveraged to exploit third party businesses and retailers — ultimately leading to more cash. In light of this, Websense Security Labs finding that financial services institutions are hit by four times as many cyber attacks compared to companies in other industries is unsettling, yet unsurprising.
Different Threats, Same Targets
What’s more, while cyber criminals have no qualms about using old malware to attack new victims — as evidenced by a campaign earlier this year in which the decade-old Zeus banking trojan was used to target institutions in France – an even more pressing worry is the surge in attacks involving sophisticated finsec-targeted threats, credential-stealing malware, PoS malware, ATM malware, social media attacks, spear phishing, and DDoS-based extortion. Sometimes, cyber criminals are even cooking up a customized medley of threats to unleash widespread devastation against banks, as was illustrated in the notorious $1 billion cyber heist that came to light last year.
Regulators: Increase Cybersecurity Face the Consequences
And still, the heat on banks continues: because while cyber criminals are pummelling them non-stop, government regulators are reminding (read: warning) them that they have both a legal and ethical duty to beef up their cybersecurity. As noted by Deloitte in an assessment of top regulatory trends for banking in 2016:
[The National Institute of Standards and Technology] has released a preliminary framework that provides guidelines and leading practices for thwarting cyber threats. Banks are expected to incorporate these and other leading standards and practices into their cybersecurity programs. Those that fail to do so face action from regulators, which have broad authority to ensure banks have adequate governance and risk management capabilities—including the ability to effectively manage cyber risks. Regulatory scrutiny is especially high for systemically important financial institutions (SIFIs), which are expected to follow the highest possible cybersecurity standards.
Good News, Bad News – Separating the Internet from the Internet Network
Naturally, bank executives and compliance officers are racing to get at least one step ahead of the next attack, and many institutions are either choosing or are mandated to implement physical separation between their internal network and the internet. The good news is that this is a very effective strategy, as there is no communication from the internal network to the outside – and any discrepancy is instantly and clearly noticeable. The bad news, however, is this typically leads to both a major reduction in productivity, and a massive increase in costs.
In terms of reduced productivity, employees are obligated to learn new processes and use unfamiliar tools to view information from outside the bank. And even still, employees cannot interact with the information. And in terms of surging costs, while implementing two-network infrastructure may be financially feasible at headquarters, it can be excessively expensive to do so in remote branches and representative offices that do not have full-time IT support. And having two networks is a financial non-starter in disaster recovery sites.
Fortunately for banks – and just as unfortunately for cyber criminals – there is a solution that enables logical network separation and complies with security compliance standards and regulations, but without diminishing employee productivity or sending costs to unsustainable levels: BUFFERZONE.
The Way Forward: Virtual Container Technology
BUFFERZONE creates a virtual container that separates endpoints into two distinct zones: one that can only access the internal bank network, and one that can only access the internet.
As a result, if an employee’s endpoint is infected with malware – including advanced threats such as ransomware, zero-day exploits, etc. — it is immediately trapped in the virtual container, and cannot compromise the endpoint or transfer to the internal network. Instead, the bank’s IT team is alerted to the threat, permanently wipes the container (either locally or remotely), and accesses threat intelligence from their SIEM to fortify vulnerabilities and prevent future attacks.
And just as importantly, BUFFERZONE lets employees use their web browser, read emails, download attachments, and perform other tasks that are necessary for day-to-day productivity and performance. When they need to transfer files from the virtual container to the network, employees use a secure bridge that neutralizes potentially malicious content by making imperceptible micro-changes that destroy malware, yet leave files intact.
The Bottom Line
Cyber criminals are single-minded and will do what works over and over again. Unfortunately, they are finding plenty of ROI in attacking banks that have historically have been forced to choose between unaffordable and unmanageable physical network separation, or remaining at least partially exposed to potentially devastating threats. Now, thanks to BUFFERZONE, banks have a smarter, simpler and sustainable way to keep their data, customers, assets and reputations safe.