The financial industry and especially the banking industry faces almost extreme exposure to cybersecurity threats as through its systems flows money and data. Banking is used everywhere in our daily lives with multiple touch points in personal and business interactions.
Security Systems
Security systems like CCTV systems, Security Lighting, Alarms, Access Control, or Biometric systems are usually seen as physical systems, though they run on computer systems and leverage data that is stored in systems. They are usually excluded from regular cyber practices and need to be pulled into the cyber security fold for monitoring, mitigation, and improvement of their security.
Access control, monitoring, and security systems play a critical role in the banking industry ensuring the safety, driving secure access for staff as well as clients within the brick-and-mortar bank buildings and corporate structures of the bank. It should be considered the first line of defense against unauthorized access to the bank and its systems. It also provides internal security controls for staff within the bank, if the security systems are breached it could afford access to internal systems for malicious actors to attack the system from within.
Networking
Network access is critical for a bank, facilitating access to the internal systems of the bank, connections between different banks and the federal government, ATM access, and Internet banking access. Denial of Service attacks can severely cripple a bank and access to an individual’s bank account and could disrupt banking, retail and so much more if a bank’s clients cannot transact on its systems.
Data
Most if not all the systems around us are driven by data and the banking industry so much more so from financial data, risk data, and personal information to name but a few. Data is critical in the banking industry as our banking is mostly digital. Malicious actors are driven by the financial gain of exposing clients’ personal and financial data, the bank can suffer severe reputational risk as well as financial penalties if found in breach of data protection laws. Certain decision-making processes can also fail or be affected by data exposure for instance risk assessment could fail or be manipulated to change scoring for instance for loan rate decisions etc.
Supply Chain
A significant entity like a bank cannot do everything internally, it cannot write all its own software internally and depend on external companies to provide software and services.
Software supply chain security refers to efforts to manage security risks arising in the processes, components, and tools needed to develop and run modern software applications. Hackers can either gain knowledge via supply chains or conduct malicious activities within supply chains.
Gone are the days of monolithic applications developed in-house with an easily visible supply chain. Developers today build their apps as a collection of microservices, often using open-source components to provide desired capabilities and speed up software releases. The applications the get deployed on cloud infrastructure like containers.
Some examples of supply chain security breaches that even people outside of cybersecurity have likely heard of include SolarWinds and Log4j. The former saw threat actors weaponizing Orion, an IT monitoring solution with malicious updates and infiltrating the networks of companies like Cisco and the US government. The latter saw a zero-day vulnerability in Log4j, a Java-based logging utility common in enterprise IT ecosystems worldwide.
Supply chain attacks can happen in the following ways:
- Development and advertisement of a malicious package from scratch
- Creation of confusion with a malicious package of the same name as a legitimate package
- Subvert a legitimate package by interfering in the source and build of the package.
It has been reported that the rate of software supply attacks has increased over 742%. While ransomware is considered the payload, many consider software supply chain attacks the vector. In July 2023, it was reported that the first open-source software supply chain attacks targeting banks were discovered. Since software security involves protecting the entire process from the early stages of development to delivery to the end user, once a breach enters this pipeline it is instantaneous rendering many countermeasures ineffective.
While strategies such as software bill of materials (SBOM), tools to manage these software attestation and software composition analysis (SCA) have been utilized to help mitigate software supply chain attacks, securing the software supply chain requires continuous assessment of components (during development), vendors and the operational environment through the use of large amount of automated data. IQT Labs Software Supply Chain Compromises represents the largest available dataset on GitHub of publicly reported software supply chain compromises.
Physical Infrastructure
Without servers and connected terminals a bank cannot operate, these items may include laptops and computers used within the bank branch and servers that is used to host the banking data, data warehouses, and other software applications within the bank. If these systems suffer a denial-of-service attack it could force the bank to close the branches, and ATMs will stop working as well as internet banking and sales terminals. This will affect the internal staff of the bank where no services can be provided to the bank’s clients, and retailer payments, inquiries, and electronic transactions by clients cannot be done without physical hardware that is secure and functional.