Commendation Award Banks need to take different approaches

By Bright Gameli Mawudor

Attacks on information security infrastructure is evolving on a daily bases due to sophisticated methods being adopted by cyber criminals. Korean banks have to take on different approaches to safeguard their customers from losing to hackers and also retain reputation.

This has to be looked at from the following points of view:

Customer awareness and browser platform varieties

Customers need various forms of awareness about how they can be hacked and precautions given to them to be extra alert when doing transactions using various mediums of interacting with the bank.

This can be done through advertising through social media, newsletters and also warnings on mobile applications or Internet banking website.

Aside from that, it will be a good idea for Korean banks to refrain from Internet explorer restrictions when it comes to compatibility as it has been known to have the most vulnerability in the world which hackers take advantage to exploit customers when doing Internet banking.

Other platforms such as Google Chrome and Mozilla Firefox should be good alternatives for extra security purposes

Internal bank staff training and system pen-testing

The bank staff is usually neglected when it comes to awareness. Yet it only takes one of them to be hacked for an attacker to pivot through the entire infrastructure.

Red Team assessment is a good practice to help identify gaps in the banking organization from an attacker’s perspective.

This will involve not just a penetration testing of the physical and logical systems but also testing the working staff of various attack vectors with the most flawless being social engineering.

Social engineering has contributed to one of the world top breaches for the past four years now. Focus should be put on high priority personnel such as CEOs, IT heads and directors as they hold the most valuable information.

Bank Serverside DMZ HonetPot campaign

With frequent attacks on banks, they might be quick to recover from disasters but preventive measures have to be employed to avoid future attacks by identifying target sources and their methodologies.

With a carefully implemented HoneyPot, the banks can protect their infrastructure by identifying what types of tools and methods hackers are using to gain access.

This will lead to an excellent patch management implementation accompanied by a Penetration testing done with a full sight and not blind actions.

The best part of HoneyPots is that, there are many open source solutions that could be used thus does not make it expensive to implement and easy analyze. However, this is best done on the Demilitarized Zone (DMZ) to allow for as many attacks as possible without affecting live system.

Continuous monitoring

A bank can implement the best firewalls and have the best anti-viruses installed on their systems or even have a good training program for its staff but if they do not monitor the network activities with respect to traffic flow, it becomes a worthless system or architecture.

The traffic coming in and out of the bank network can help determine an on-coming attack. Analyzing these traffics with an intrusion detection and prevention system in a combined effort can help reduce the attack surface and frequency of attacks for a perfect situational awareness of activities.

Majority of firewalls only focus on inbound traffic and are mostly signature-based, according to publicly released patches.

A good way for Korean banks to secure customer data is to also focus on outbound traffic of data theft as an extra layer of defense in the nature of how much volume is leaving the network. This is because hackers usually try to ex-filtrate data in small packets as much as possible to avoid detection.

Internal fraud is the final security measure to consider as it is on the rise in current banking industries. Banking staff tend to either install malicious applications or send out data to unauthorized personnel.

With respect to that, the following are the main pointers:

Careful analysis of SSL traffic is needed for email servers as traditional methods are signature based.

URL filtering is essential to know the type of rogue websites that are being visited in the banking domain and anomalies should be reported.

Bring Your Own Device (BYOD) policy should be reviewed to meet corporate standards to avoid malicious applications inside the bank networks.

Data Loss Prevention (DLP) technology should be adopted to identify sensitive data and cover them with encryption for protection.

A combination of all the above mentioned practices and methodologies will help secure Korean banks and its customers data and allow for smooth business continuity.