Promote the banking cybersecurity strategy: business culture and Zero Trust model. After the great changes that these years of confinement and pandemic have fostered in society, and specifically in how we were used to receiving and providing services, in 2022 resuming pre-covid routines globally, not without difficulties. In the return to daily life where the forced acceleration in digitization processes has changed most habits, both of consumers and of employees and service providers, the topic that has perhaps gained the most prominence over the past few years is cybersecurity. From the medical field to the banking environment, different industries have experienced a consolidation in what the PWC Report on the business environment calls the “culture of cybersecurity” (already in 2020 the average of this level of knowledge in Spain was 2.8 over a range of values ​​of 1 to 5). Despite the efforts to raise awareness among employees and collaborators, in 2022 there still seems to be a lack of a strategic component focused on effective prevention. And in fact, as reported by the IBM “Cost of data breach” report, 79% of organizations that have critical infrastructures have not yet implemented or are in the first steps of implementing Zero Trust architectures, that is, Zero trust in unauthorized access.

banking cybersecurity

Faced with all this, CISOs of banks face a major challenge and must adopt a 360º vision based on expert knowledge of the physical and technological infrastructures that support their business processes, as well as threats, ever changing and challenging, to which they are exposed.

Promote the banking cybersecurity strategy: business culture and Zero Trust model

In terms of critical infrastructure management, banking and the financial sector in general are, in fact, one of the most cyber-vulnerable: according to the IBM X-Force 2021 report, in 2020 alone the number of attacks they received increased by 238% .In this context, the ATM is one of the weakest links and the greatest source of losses for entities – around a third of bank fraud worldwide is committed through one of them – as it is physically exposed to the manipulation not only of end customers and technical support teams, but also of potential malicious users.

ZeroTrust

Thus, in the cybersecurity strategy focused on critical devices such as ATMs, it is essential to prioritize availability, maximizing service time, and for this it is essential to have a zero trust policy (“Zero Trust”) based on control of accesses and changes, both hardware and software, as well as the monitoring of on-site maintenance activities on devices, which represent the windows of greatest exposure to cyber risks. Prevent the execution of any unplanned activity on The ground is as important as monitoring authorized activities, and this requires adopting a holistic security solution capable of protecting, monitoring and controlling all the bank’s points of contact. The value of the Zero Trust strategy, in this case, lies in its ability to enable financial institutions to secure digital banking self-service without relying on the assumption this security of software provided by vendors, internal deployment or remote access tools, or third-party companies in charge of on-site maintenance activities. The situation is complicated, we are dealing with perfectly structured cybercriminal organizations with high levels of funding and innovation, which is why we in the industry must move even faster, establish a strong watch and stop threats before they even arise.Author: Juan Ramón Aramendia, Head of Cyber ​​Security Product Engineering at Auriga