Incidents of cybercrime are on the rise, with banking one of the most targeted sectors. This situation is having a knock-on effect on financial industry’s overall security posture. In attempting to stem the cyber tide, resources are often drawn away from another important area – the physical security of infrastructure, writes James Somerville Smith
Care must be taken with even the physical security infrastructure to ensure that none of the security system provides a cyber-gateway. Design regulations are in place in the industry to ensure that, for instance, peripheral equipment, such as cameras or readers, that are in public spaces are both outside the institution’s firewall and hold no data or intelligence that could create an attack path. However, good design should also include using cybersecure equipment to reduce the chances of attack further
Go deeper with GlobalData
With any gap in security providing an opportunity for breach, this is exposing banks to significant risk. To mitigate this, it is essential they adopt a holistic approach to the design and deployment of both physical and cybersecurity measures.
Adapting to demand for digital banking
The rise of digital banking has significantly increased the range of attack vectors available to cyber criminals. With growing pressure from digital-only competitors like Monzo and Revolut, traditional banks have had no choice but to implement the slick money management applications that businesses and consumers have come to expect.
While this may improve the customer experience the organisation provides, it also means there are more channels to secure when planning and implementing their security strategy.
This development has required banks become more cyber literate than ever before, and resulted in cybersecurity emerging as one of the top tech investment priorities across the industry – often at the expense of physical security like access control.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataTo address this issue, greater integration of systems is required – and this need extends beyond just physical and cybersecurity solutions. Banks need the ability to drive broad integration across the full range of enterprise technology solutions at the backend. Continued use of standalone systems can leave gaps throughout the network, creating more work to fully test the integrity of multiple systems, as well as potentially creating vulnerabilities that can be exploited.
Take the issue of ex-employees and building access. A weak link in many organisations, ex-employees will often retain access rights due to delays updating security databases. Not only does this leave businesses open to theft and corporate espionage, it can undermine cybersecurity and data integrity if an ex-employee was to access IT systems.
Broad integration of business and security systems
By integrating with broader business systems, like Enterprise Resource Planning (ERP), organisations can avoid these kind of instances by automating revocation of access credentials as soon as an employee is removed from the payroll. This kind of integration is also effective at preventing unauthorised access to both IT systems and physical locations. Linking physical access security to Single Sign-On, for example, an organisation can lock an employee account unless the user in question has entered the building correctly.
Banks can provide themselves with additional cover by employing multifactor authentication, such as the use of both ID cards and biometric authentication. This helps to provide a failsafe in the event an individual with access rights was to lose their card, or if it was cloned for malicious purposes.
The linking of access control to broader systems also helps facilitate more effective and secure management of visitors. When it comes to IT contractors, this is especially important given the impact their actions could have. Imagine a scenario where an unqualified contractor was granted access to servers and resulted in a digital banking platform going offline.
The business cost to the organisation, both in terms of lost customers and revenue, has the potential to be huge and long-lasting, with ongoing damage to reputation and brand image.
By integrating certificate management into the access control function, businesses ensure not only that individuals have the security profile necessary to enter a building, but that they have the competencies required to perform their role while onsite.
Coping with compliance
It is important to recognise that while operational efficiency, health and safety, and security are major drivers for adopting these kinds of technologies, in the world of finance there is another hugely influential factor at play – regulatory compliance.
Highly regulated, banks face severe penalties for failing an audit. Non-compliance at a single site could result in large fines or even losing their business license. From GDPR to Sarbanes-Oxley, when banks select a technology solution, they need the ability to pull historical data from a wide range of sources and generate reports to provide indisputable confirmation of compliance. Once again, broad integration across physical and digital systems ensures the accuracy and the complete system of record required in an especially stringent business environment.
Of course, when it comes to selecting an integrated solution for your business, it’s not just about the functionality product itself. In an ever-evolving threat and regulatory landscape, banks need the support of a vendor prepared to work as a trusted partner in an ongoing capacity.
As such, the technology provider they select must provide guarantees that their systems are kept up to date with changing compliance rules. Further, they should be prepared to go beyond these minimum requirements, providing proactive, ongoing penetration testing to identify emerging vulnerabilities.
Easier integration
Fortunately, advances in connected building systems are making integration easier than ever before, allowing operational and security inputs from across a business, whether a single or multi-site environment. This is crucial for banks. Whether head office, a local branch or the datacentre, every part of the organisations needs protection from the perimeter to the core of their operations.
Ultimately, the goal for banks should be to work toward a platform whereby the entirety of their systems, whether facilities, operations or IT, can be monitored and administered from a single screen. Doing so drives massive efficiencies and allows better recognition of and addressing of issues. Moreover, it provides maximum control over users, ensuring that people, assets and facilities can continue to operate properly and at full capacity.
James Somerville Smith is Global Customer Marketing Leader, End-User Programmes, Honeywell Commercial Security
