News & Commentary

11:37 AM
Kathy Burger
Kathy Burger
Connect Directly

Can Security Be More Than the Topic du Jour?

Thanks to recent high-profile card and password breaches, security is a hot topic. Will this help banks protect critical information -- or make them an even more attractive target?

Security is always a top priority for banks but generally doesn't generate the "buzz factor" of newer topics such as customer engagement or big data. But in recent weeks security has been very much a hot topic -- not just for banks, but also for retailers and telecom firms, among industries that have been subject to high-profile and large-scale breaches. Put these developments within the context of increased public awareness of privacy constraints (and lack thereof) due to the ongoing revelations about National Security Agency (NSA) surveillance of citizens and political leaders, and you have the circumstances for a new round of discussion and debate -- educated and otherwise -- over corporate and governmental security practices.

Just as technology is now pervasive in all aspects of banking, so security concerns are inherent in all types of banking transactions and functions, including payments, data management, account opening, cash management, marketing and core banking. This probably has made it relatively easier for security and IT executives to get funding for firewalls, encryption tools, identity management systems and other solutions geared toward protecting customer and corporate data. But it also probably makes the cultural, political and economic aspects of security management all the more complex and challenging. When something is pervasive we tend to take it for granted. With engagement, simplicity and access the watchwords for customer as well as employee (at all levels) interactions, I would imagine it's becoming harder -- not easier -- to impose procedures and policy on people who "want what they want when they want it."

Another aspect of security that's not new but that's been pushed to the forefront is cooperation. In our global and connected economy, fraudsters and crooks have many ways to communicate and transact with each other. Increasingly crimes such as the Target card breach are not the work of a lone hacker, but rather are the result of a series of deals among a variety of nefarious buyers and sellers. In the meantime, while financial services firms have begun to do a better job of communicating and cooperating with each other to share information about threats and crimes, banks now find themselves at odds with retailers as to who is responsible for the most recent crimes.

[Who's at fault for recent security breaches at major retailers? Banks and Retailers Face Off Over Target Breach and EMV Adoption] Bankers know only too well that security is a moving target -- something that can't be solved, but that can be anticipated, understood and identified. It remains to be seen whether or not the current debate will ultimately improve financial services security capabilities, or if it peter out when the next "hot topic comes along (and in the process make banks even more vulnerable). To that end, this week Bank Systems & Technology will provide a variety of perspectives on the state of security management and steps banks should take to prepare for future attacks.

There probably won't be consensus but there won't be hype, either. What do you think is the biggest challenge banks face in balancing security concerns with customer and employee demands for real-time access and convenience across multiple transaction channels?

Katherine Burger is Editorial Director of Bank Systems & Technology and Insurance & Technology, members of UBM TechWeb's InformationWeek Financial Services. She assumed leadership of Bank Systems & Technology in 2003 and of Insurance & Technology in 1991. In addition to ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
2/13/2014 | 2:48:20 PM
re: Can Security Be More Than the Topic du Jour?
That's a good point, just look at what has happened to Target post-breach. Banks already are dealing with reputation problems, they will be blamed for breaches even if they are the acts of criminals. Maybe one good thing about the Target debacle is that it will serve as a wake-up call.
User Rank: Apprentice
2/13/2014 | 8:10:30 AM
re: Can Security Be More Than the Topic du Jour?
Everybody talks about the dangers of being hacked, but no one seems to talk about the costs. ItGs not just about dollars and cents. Your companyGs reputation depends on the way you protect data.

I would recommend reading this:
User Rank: Author
2/4/2014 | 1:41:56 PM
re: Can Security Be More Than the Topic du Jour?
Not only are the attacks becoming more sophisticated and frequent, but banks have to be ever vigilant about every third party they share data with. A bank could have the best security in the world, but if a vendor partner, or a retailer it has no control over, gets hacked, then it's an issue.
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.