How a new generation of digital bank branches is at risk from cyber attack.

Banks have been focusing on cybersecurity for many years now, but the risks they face seem greater than ever before. As the industry undergoes a rapid digital transformation in its services and new style digital bank branches, there should be a simultaneous focus on modernizing cybersecurity strategies.

Some of the raised concerns can be traced to whether the Ukrainian war will spill over into cyber attacks on the banking system. An alert in spring 2022 from the European Banking Authority suggested the risk of this happening had increased. On its risk dashboard, the EBA said the dangers of the exposure to Eastern European Banks collapsing were less of a threat than “second-round” effects like cyberattacks that “may be more material from a financial stability perspective.”

Whether driven by nation states or not, cybercriminal gangs continue to target banking services – particularly ATMs – to steal money and valuable financial information about customers and cause business continuity disruption and service interruptions.

According to Zion, the global ATM market accounted for US$15.1 billion in 2020 and is expected to rise to US$21.2 billion by 2028, growing at a CAGR of around 4.8% between 2021 and 2028. The financial services industry is undergoing rapid digital transformation, banks cannot afford to neglect cybersecurity strategies, especially at a time of increased risks and threats.

The European Association for Secure Transactions (EAST), which tracks ATM fraud attacks for financial institutions in the EU, reported 202 successful jackpotting (ATM malware and logical attacks) in 2020; resulting in losses of €1.24 million (approximately US$1.4 million or about US$7,000 per attack). While other types of ATM fraud reported, such as card skimming and physical attacks were down, jackpotting attacks represented a 44 percent increase in number of attacks and a 14 percent increase in losses from 2019.

These attacks on financial services can generate lucrative cash returns, which encourages gangs to invest serious internal budgets into research and development to prepare attacks.

However, banks can still take preventative measures to reduce the likelihood of attacks and mitigate the damage caused. Cybersecurity management must complement and coexist alongside digitalization programs, especially on the deployment of even the most advanced ATMs and assisted self-service terminals (ASSTs), which are now being used in next-generation branches and digital banking hubs, that are particularly vulnerable to attack. Security leaders should hone into these for cybersecurity review and consider the Zero Trust model. It helps to secure critical endpoints and other parts of the banking service infrastructure. It is mission critical for security teams to minimize the attack surface, obtain greater visibility of what is happening, and have faster insight into anomalous activities that could be (or are) suspicious.

Zero Trust is defined by a cybersecurity system that minimizes the level of implicit trust so that a system is only accessing software and in use when stringent checks are done. This important concept can be successfully applied to ATMs and ASSTs as they comprise several software layers, including an operating system, hardware vendor/software layer, the multi-vendor layer, plus the different tools for operations, monitoring, security, and so on. Unlike PCs, the software updating on these devices tends to be reactive, which means liabilities can slip into software inadvertently – making the concept of Zero Trust critical in isolating a layer that is unpatched.

Here is a useful checklist to consider when adopting a modern approach to protecting fleets of ATMs and ASSTs used as the digital hubs in new-style bank branches:

• Reduce the attack surface. Access will only be allowed when needed, and not just when it is legitimate, only if the user has been certified for proper operations.

• Control whoever is going to physically manipulate the ATM. Standard solutions like antiviruses have the same level of protection at any time, but when critical devices have a third party manipulating it, banks must be able to control the level of protection and activate specific policies in that specific moment. The bank should be able to monitor what the technician is doing at a time of highest exposure.

• Cybersecurity for banking made easier. Consolidate protection measures on a single platform such as application whitelisting, full encryption of all hard disks and media, file system integrity protection, hardware protection, and a firewall to stop network attacks.

The value of the Zero Trust strategy lies in its ability to allow financial institutions to secure digital self-service banking without trusting the assumed security of mainstream software. This distrust is important because cyber attackers will

hijack legitimate tools and software to launch an attack. Zero Trust for banking endpoints should extend to third-party tools and services that have permission to access ATMs and ASSTs when servicing these devices. Effective cybersecurity must interrogate access and verify it is correct or authorized at all times.

2022: Delivering omnichannel digital retail innovation with an emotional connection

Sarah Friswell • 17th December 2021

Radical changes took place in 2021 retail sales models, with traditional in-store retailers adopting digital apps and clienteling to offer a hybrid in-store and digital presence. Already-online retailers raced to embrace complex technologies to deliver omnichannel digital experiences. Customer experience can’t mean more to brands, and the human touch of ‘in-store’ assistants is a growing...

A new dawn of digitalization: 2022’s defining insurtech trends

Lorenz Graff • 16th December 2021

As the insurance industry continues to evolve in line with the shift in tech, culture and consumer demand, 2022 looks set to see the innovation stakes raised even higher. Lorenz Graff, CEO and co-founder of bsurance, advises the four defining trends which will shape the insurtech industry in the year ahead:

5 top tips for ensuring your conversational AI project is...

Amber Donovan-Stevens • 11th October 2021

Conversational AI is becoming more popular as a way of automating messaging and speech-enabled applications that offer human-like interactions between computers and humans. But it’s often hard to get these projects right. This article will look at five key areas that will help improve your Conversational AI project, explains Dan Johnson, Head of Automation, Future...