+
May 2013
31
Bank
notes
Community Bankers Association of Illinois
Q: What are the biggest threats to
data security for banks right now?
A:
There’s not one major threat but
multiple threats, and most banks aren’t
doing enough to protect themselves.
Banks often think they’re secure,
but they’re not. They need multiple
layers of security: they need a layer
of security around their network and
separate layers of security around their
most valuable servers and databases.
Just as important as layers of security
is around-the-clock human monitoring
because threat factors occur 24x7x365.
When organizations aren’t watching
their networks, hackers can enter
unseen and leave behind malware they
hide so well that it’s difficult for an IT
specialist to find it at a later date when
a problem has occurred. It often takes
an experienced incident responder who
has a vast knowledge of threats and
threat actors to find hidden malware.
Another issue banks have is they often
think they are compliant with their
industry’s IT regulations (PCI DSS,
GLBA/FFIEC), but they aren’t. They
also assume that just because they
are compliant, their network is secure,
which is a fallacy. Security does not
necessarily follow compliance, but when
a company does all it can to become
secure, compliance easily follows.
Q: What are some preventative
steps banks can take to avoid
data-security incidents?
A:
First, educate your employees,
customers, and partners who access
your network. Teach them about
getting confirmation from a sender
before opening attachments and
photos, and before clicking on links.
Warn them about visiting websites
known for hosting malware and leaving
passwords around their desks or in
their computer files.
Second,
implement
intrusion
prevention as a layer of protection
separate from the firewall.
Third, employ professionals to conduct
24x7x365 log monitoring. Although
most banks keep logs of the activity
on their networks, they don’t monitor
their networks often enough, and they
don’t have staff with the expertise to
fully comprehend the logs and react
to them. These cryptic logs keep a
record of all activity on a company’s
network, and need to be interpreted
at a higher level than most IT
professionals have. For instance, a log
might indicate that a single computer
has remotely connected to a client’s
network, and that could seem normal.
However, when multiple related
logs are aggregated, there is a bigger
picture to interpret, and banks need
someone with the expertise to do that,
because if multiple connections could
be observed on multiple ports, that
could indicate reconnaissance. One’s
interpretations of the logs that show
danger are described as an “alarm” or a
“red-flag.” A highly experienced security
expert should be the one interpreting
the logs in order to spot danger.
Q: What sort of communication
should take place among IT,
management and other departments
to make sure data is being secured?
A:
There should be a top-down
approach. Management needs to set
the tone and communicate with IT
and different department managers.
IT should implement policies and
procedures that physically forbid
people from doing certain activities.
n
Dell SecureWorks provides a wide variety
of security services to more than 1,000 banks
and financial services companies. For more
information on securing your financial
institution, please contact
Q&A:
WORKING
WITH
BANKS
TO
SECURE DATA
Jeff Multz, Director, North America Midmarket Sales, Dell SecureWorks, Atlanta, GA
