EXPERT COMMENT

Banks vulnerable because they are not pro-active

In Summary

• Banks should employ Cyber Security resilience methods to protect their Automated Teller Machines (ATM) from being hacked.

• Failure to employ the right protection mechanism has exposed many financial institutions to attack

Barclays bank Head quarters
Barclays bank Head quarters
Image: FILE

Banks should employ Cyber Security resilience methods to protect their Automated Teller Machines (ATM) from being hacked.

This means identifying, protecting, detecting, responding and recovering from an attack as opposed to only protecting, detecting and responding.

Failure to employ the right protection mechanism has exposed many financial institutions to attacks, which, based on proven research, can take as short as six seconds to manipulate the systems.

There are three ways an ATM attack happens. These include exploiting codes to the ATM to manipulate it to make it perform any task.

Second, the attackers can send a malware to control the ATM and lastly attackers aware of the code used to run the ATM from the back end can also manipulate an ATM.

To further protect these type of hacking as witnessed in the Barclays Bank Easter Holiday weekend, banks should focus on their controls and how they are being operated.

They should carry out a lot of vigilance and audits on the bank staff and firms consulted to provide services around ATM functions.

Besides, there is need for a 24/7 threat intelligence surveillance and audit and threat hunting and not just monitoring of the network and traffic.

Threat intelligence sees the behaviours of any anomaly happening and if someone is trying to control the ATMs.

The surveillance will stop an attack from happening or notify the necessary authorities.

While this is key, banks should stop using outdated operating systems from running ATMs as most of are easily vulnerable to attacks.

In addition, there is a need to invest in the right skills set to handle the ever-evolving technology.

Nonetheless, they should bank on upgrading the skills of their current employees. As it is today, even university students can easily manipulate systems.

Most senior managers are aware of what they need to do but are not aware of what to focus on or to handle.

Earlier concerns revolved around cybersecurity, which involves protecting, detecting and responding to attacks.

However, this is now shifting to cyber resilience, and it’s what most organization need to pick up.

The banks need to be pr0active because most do not have the strategy and have to wait until an attack happens before they identify the challenge and later recover.