Security

10:15 AM
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

Aligning Technology, People & Processes for Data Security

Combating today's hackers will take the right mix of technology, people, and processes.

It’s been a year now since the Target breach, and the frequency of data breaches continues to quicken while the stakes are getting higher and higher for banks.

“If you look at fraudsters, the pool of activities they are perpetrating is getting bigger and bigger, and it's getting close to commercial banking,” David O’Connell, senior analyst at Aite Group’s wholesale banking team, said during a panel discussion yesterday hosted by InformationWeek Financial Services and sponsored by Dell Financial Services.

“I think we’re getting close to a major breach at a commercial bank,” O’Connell observed. With commercial banking services like wire transfers becoming banks’ most profitable business, such an attack would cause major harm for an institution.

An infographic rendered by an an artist based on the data security panel discussion.
An infographic rendered by an an artist based on the data security panel discussion.

Commercial banking organizations are particularly vulnerable right now compared to retail banking ones, as many providers of security and fraud prevention solutions haven’t repurposed their retail banking solutions for the commercial side, O’Connell said.

[For more of our coverage on data security, check out: Must. Kill. Passwords.]

Plus there are powerful actors with huge resources that may look to attack banks without any aim of financial gain to begin with, Ben Feinstein, director, development and operations, Dell SecureWorks Counter Threat Unit, added during the panel discussion: “That’s really the great fear -- that a sovereign actor could burrow into our infrastructure and hurt us at a certain time.”

As difficult as the cyber security landscape looks, though, there is hope for institutions looking to defend their customers’ data and money. “It might seem that these criminals are omnipotent, but for them to really pull off a hack, to penetrate systems, surveil them, and manipulate them, they can’t do all of those things in complete stealth,” said Aite’s O’Connell.

For banks, technology won’t be the complete answer to protecting data from criminals. Having the right monitoring and employee training in place will be just as important, as banks will need to have the eyeballs on their systems to catch any intrusions.

“Technology by itself won’t solve the problem. It’s people and processes that are missing,” Dell’s Feinstein said. “If you look at the controls that you have in place, and you make people responsible and accountable, then you don’t necessarily need to buy the latest new product… Without good processes and training, the investments in new solutions won’t move the needle.”

There are new solutions coming to market that can help deal with the threat of data breaches, which are worth consideration. “What do you do if you already have an intrusion? How do you quarantine and remediate that? We’re seeing a lot of venture capital investment in network breach solutions that can help with that,” Dell Software Group's enterprise security specialist Alan Helman noted. “The successful solutions will really limit the number of alerts. The people who are responsible for monitoring these networks have so much information coming at them, they’re just getting bombarded. So the fewer red alerts for them to take action, that’s how you get the best ROI for that product set.”

Gaining better control over domain administration credentials, and preventing their reuse if compromised by hackers, is also a worthy investment, Dell’s Feinstein suggested. Many of the recent data breaches have been enabled by hackers stealing admin credentials to gain access to and manipulate sensitive information. “If there is one capability that you could change, it would have to be doing something to prevent the misuse and reuse of domain administrator credentials,” he said. “There are a lot of technologies to prevent the reuse of that.”

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
KBurger
100%
0%
KBurger,
User Rank: Author
12/10/2014 | 12:08:52 PM
Where the money is ...
David O'Connell's comments about the vulnerability of corporate banking organization are very important, I think -- there should be no "that's someone else's problem" thinking in financial services when it comes to security. We already have been hearing that as the biggest banks, which have been the prime targets for breaches, get better at identifying and preventing these threats, the criminals simply will shift to the next "easiest" targets -- corporate banks (and their corporate clients), community banks/credit unions, insurance companies, etc. Hopefully some of the lessons learned from the consumer/retail side -- not just about technology and process, but also the customer experience angle (balancing security and convenience) will be recognized and leveraged in other parts of the banking business.
Kelly22
50%
50%
Kelly22,
User Rank: Author
12/12/2014 | 4:33:51 PM
Re: Where the money is ...
This was a great discussion. It's true that in today's environment, security should be everyone's problem. No company is safe from cyberattacks, and smaller institutions should be paying attention to larger ones to inform their strategies and protect against future harm.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
12/15/2014 | 10:44:18 AM
Re: Where the money is ...
The monitoring part of the puzzle is oging to be very difficult for smaller institutions. They can't afford to have large numbers of employees monitroing their systems all the time to detect a breach, but that is what the current environment requires. They're going to need vendors to come up with better detection systems to help with that, like David Weiss said.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
12/15/2014 | 10:42:13 AM
Re: Where the money is ...
I foudn his comments about the vendor solutions for the commercial side interesting. You'd think these vendors would have jumped on the opportunity already to recalibrate their solutions for the commercial banks. That seems like a win-win for the vendors and the banks. I wonder what's holding that up.
tekedge
50%
50%
tekedge,
User Rank: Apprentice
4/28/2015 | 7:12:48 PM
Aligning techology people and processes for data security
Totally agree with the comment that employee training and keeping the security protocols in place will play a big role in data security! Technology can only do so much the training is going to be the deal breaker! 
tekedge
50%
50%
tekedge,
User Rank: Apprentice
4/28/2015 | 7:14:59 PM
Aligning Technology...
Does mobile banking create more data  security risks for the financial institutions and how well they have the technology for data security....
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.