By Johnny Karam
Why are so many of the region’s financial institutions still leaving parts of their networks open to attack?
The financial services sector is facing a potentially damaging crisis of confidence with its customers. Until fairly recently IT security was simply about a firewall and a bit of anti-virus - not so today.
With the proliferation of new mobile devices, phones, PDAs, laptops, desktops, as well as critical servers, combined with the need to do business anywhere at anytime, globalisation and the changing security emphasis from notoriety to organised crime, the firewall is constantly in danger of being breached. And this time it's not just the infrastructure that will suffer - it's the customer, an even more damaging implication.
Customers are being constantly bombarded with attacks attempting to discover security details that would compromise their accounts, while USB memory keys and free WiFi guest access to the corporate network all spell danger, and so the number of points of vulnerability with the potential to compromise network security is increasing every day.
To make matters more complicated, IT compliance has emerged as an ongoing, critical business function that has a profound effect on an organisation's growth and success. The purpose of an increasing number of recent regulations, industry standards, and best practices frameworks is to achieve a common result: to preserve the security, the availability, and, ultimately, the integrity of business information.
The combination of increased entry points and more sophisticated threats means that all organisations need to reassess their security efforts and focus more heavily on endpoint protection and endpoint compliance. Perimeter firewalls can't block access to ports used for illegitimate purposes. Nor can they lock down the system fast enough to prevent a worm infection. Network intrusion detection systems can only reliably detect worms after they have compromised the system. Companies now need improved and enhanced connectivity to help provide and add services, but that just makes the risk more implicit.
Organisations that fail to have a solution to block and remediate non-compliant devices with automatic software and patch updates before granting any network access could leave themselves open to compromise. This leaves all company information as a potential target for theft, violation, and disruption. Without the ability to validate and manage the security posture of unmanaged devices they endanger sensitive information assets.
Financial services organisations have done little to help their customers in ensuring security from an end-user point of view. Levels of authentication are often simply controlled by an inadequate logon/password system, a system that is potentially putting the internet banking model at risk. If financial services organisations fail to put in place programmes to stem these security attacks they will end up having to rebuild physical on-line banking infrastructures in order to maintain customer confidence.
Banks need to become more proactive in helping customers mitigate against the risks associated with internet banking transactions. If the dangers are basically associated with the internet then no amount of server security is going to solve the problem. We are at the point where financial services organisations need to commit to partner with their customers and surely the answer is not that difficult to implement. Financial services organisations need to be able to implement security measures across the chain of customer-organisation electronic transactions and contact.
For today's financial services computing environments, critical information, and the interactions required to do business, must be constantly available. Endpoint security, and by association connectivity security, must be a required component of an overall security strategy.
Endpoint security solutions (at both ends of the value chain) enable organisations to evaluate, protect, and remediate managed and unmanaged systems as they connect to corporate systems. Endpoint protection offers financial services organisations and their customers a perimeter of defence to ensure that all electronic interactions are current with security software before the transaction takes place. This enforcement enables IT to address the crucial task of protecting the enterprise from exposure of intellectual property, costly network downtime, and possible security breaches that can undermine an organisation's brand integrity and affect customer confidence.
The only effective answer is to work at building a security strategy that encompasses both the IT infrastructure and the customer. This will improve the relationship between the bank and its customers, so why wouldn't you do it?
Johnny Karam is regional enterprise sales manager for Symantec Middle East and North Africa. For more information, visit