In light of foreign conflicts and the existing rash of global, large-scale hacks, how can financial companies and institutions protect themselves?
By Bryan Keepers, Director of Channel Sales Americas, Opengear
The modern cyber landscape is undergoing something akin to the Cold War, where there are no direct confrontations between factions but clandestine attacks. Notoriously, in 2020, there was the SolarWinds hack, where suspected non-domestic hackers carried out ransomware attacks against several US corporations and government agencies. Recently, there have been multiple hacking incidents that some experts attribute to foreign conflicts, including hackers penetrating websites belonging to multiple overseas agencies and displaying anti-government and anti-invasion images and messages. Likewise, hackers linked to foreign governments breached the networks of US government agencies for at least six states. Moreover, a cybersecurity company accused the US National Security Agency of infiltrating and monitoring companies and governments in over 45 countries. Unfortunately, businesses, especially financial services, could get hit in the crossfire.
As cyberattacks increase in frequency and sophistication, financial organizations need to protect themselves and minimize the downtime caused by cyberattacks. Last year was particularly bad for businesses in the financial services sector, with organizations suffering the largest number of known breaches in 2022, second only to government organizations. More than 60% of global financial institutions with at least $5 billion in assets were targeted by cybercriminals this past year. The average cost of a financial services data breach is $5.85 million, resulting in brand damage, lost customers and thousands of dollars in fines. Most concerning is that less than a quarter of financial service organizations feel “very well” prepared for a cyberattack and the network outages accompanying these breaches.
As the world’s most regulated industry, the financial sector is constantly under pressure to meet new compliance requirements. To comply with these regulatory demands, financial institutions are integrating more Internet of Things (IoT) at branch locations, increasing the usage of mobile apps and creating more distributed sites – all requiring additional network capabilities. Nevertheless, the more complex a financial company’s network becomes, the more vulnerabilities get created inadvertently. And, like a vicious cycle, more breaches lead to more network outages. The time it takes network engineers to resolve downtime is also getting longer, causing significant productivity loss, decreased customer satisfaction and increased employee turnover. In addition to focusing on encryption and security strategies to reduce and contain cyberattacks, financial businesses must also work to build a resilient network capable of bringing operations back up to keep ATMs running, branches open and apps operating.
One approach to ensuring a secure network that can also bounce back quickly from an outage is leveraging an out of band network, which provides an alternative pathway, allowing the network to continue operating even if the product network becomes unavailable. Consider that 98% of Millennials, who generate a massive portion of US income, rely on mobile apps for various banking activities. Should the network go down, these valuable customers will still have a way to use a bank’s service if an out of band network is in place because engineers can separate and containerize the functions of the management plane. Similarly, an out of band network is an ideal independent management plane. It operates free from the primary in-band network giving engineers secure, reliable and – most importantly – remote access to the primary network. The ability to remotely identify and remediate network issues is invaluable, as sending engineers on-site whenever there is an issue can take hours or even days to fix.
All network devices for financial intuitions are potential targets – branch and edge devices are no exception. Every aspect of the network infrastructure needs to have built-in security and resilience. Take, for example, an ATM network with machines in many remote sites; since the beginning of 2022, there has been an increase in malware-based attacks on ATMs. Should an ATM go down because of a cyberattack, there is the risk of lost revenue, but also the threat of compromised data. Typically, when an outage occurs, a bank would send a technician on-site to resolve it, which is ineffective and time-consuming. However, with an aforementioned out of band network, engineers will always have remote access when the network is up and down. And by installing out of band management units at each ATM, companies can reduce downtime to a few minutes, bringing machines back up and running swiftly. Perhaps the most helpful aspect of an out of band network is that it eliminates the need to send an engineer physically on-site and then have them carefully and securely open up the ATM.
While an out of band network is pivotal to recovering quickly from outages caused by cyberattacks, it is not a replacement for cybersecurity hardware or software, merely a critical addition to a business’s complete security posture. As society grows more dependent on financial apps and digital systems to store, transfer and deposit money, the more vulnerable it becomes to the endless cleverness of cybercriminals. From 1834, when a pair of thieves effectively conducted the world’s first cyberattack by hacking the French Telegraph System and stealing financial market information, until today, our world has become embroiled in cyber thefts on a global scale – which isn’t changing anytime soon. Financial services and institutions need to recognize this reality and protect themselves accordingly.
About the Author
Bryan Keepers is the Director of Channel Sales Americas at Opengear. As a channel veteran, Bryan has over 25 years of experience working in sales and with partners. He has grown Opengear’s Partner Program and channel presence exponentially, becoming a thought leader on channel strategy, differentiating Opengear and building valuable relationships as a trusted advisor. Bryan can be reached online at First Name can be reached online on LinkedIn and at our company website https://opengear.com/