Financial institution executives believe that cybersecurity threats will present the greatest challenge to their industry in 2021, according to a recent survey conducted by core technology provider CSI. And consider this story from securitymagazine.com, where hackers attacked a bank’s security system and took over their cameras. Even after the bank replaced the cameras, the hackers were so embedded that the bank had to replace its entire security system. The lesson? Don’t underestimate the risk of a cyberattack.
Blended threats
Many financial institutions believe that their current security program is good enough—but is it? The threats we face are dynamic, emerging, and global, and they often keep one foot on each side of the physical and digital divide. These blended threats require connecting data, building new capabilities, and gaining new insights, thereby eroding the distance between the roles and responsibilities of physical and cybersecurity teams.
The need for physical security isn’t going away, so it’s imperative that physical security teams and cybersecurity teams work together to ensure a holistic approach to financial institution security. So, how can your financial institution benefit from a collaborative working relationship between the physical security team and the cybersecurity team?
Adopt emerging technologies with confidence
As new IoT devices enter the market they can open up a lot of security vulnerabilities. Imagine the scenario where an attacker successfully gains entry to a server room or data center and installs malware or devices to capture confidential, sensitive data—or even brings down the network entirely. How would a financial institution with a conjoined physical and cybersecurity strategy mitigate this situation?
In this instance, cybersecurity teams faced with intruders could quickly connect the cyber footprint to a physical location. By mapping cyber and physical presence against one another, it’s possible to understand where threats originate. If an intrusive device is planted within an environment, cybersecurity teams can track its presence to its origin and identify those responsible for bringing it in via video surveillance footage. This provides a better view of the threat and more tools to protect valuable assets.
Additionally, consider developing the proper risk mindset and engage across the organization to innovate and behave collaboratively, thereby cultivating aninstitutionalized approach to governance, controls, and data protections. Cross-organizational cooperation can synergistically carve a path to adopting new IoT technology.
Deepen your customers’ trust
Online banking and mobile banking have skyrocketed with the pandemic. Extending a digital trust experience into branch locations and physical touch points with customers and members is imperative. 90% of consumers said they feel safer when they can see video surveillance cameras in their bank or credit union and would choose a financial institution with surveillance over one without, all other things being equal. In the age of COVID-19, consumers will be expecting physical distancing measures, cleaning protocols, and mask compliance. Addressing these challenges does not have to mean manual monitoring and processes. New physical security technologies with integrated artificial intelligence can look for multiple threats using multiple sensors in an integrated and seamless response.
Create synergies–branch transformation
As branches are redesigned to be more open with self-service kiosks and digital signage, tellers will not be behind a desk but will instead be roaming the branch to assist customers with more complex transactions, like home purchases, retirement, or the intricacies of starting a business. This leaves the opportunity for an integrated networked security solution in this physical domain that can provide critical customer experience data around people-counting and queue length/occupancy for branch performance metrics, but also cover perimeter security and asset protection concerns for both on-site and remote teams. Harnessing the insights from video data for evolving customer experiences becomes a competitive advantage to win.
Being successful today elicits a holistic approach to security to ensure there is consistent protection of consumer data, employees, brand reputation, and infrastructure. Digital transformation for the physical security world has evolved as innovation enables the harnessing of insights from video data to feed a dashboard of information for lines of business with revenue-generation initiatives. Together, physical and cybersecurity teams will be positioned to combat emerging threats, mitigate risk, and deliver value across the organization beyond their traditional roles.
Si trabaja en el sector de tecnología de red, probablemente habrá escuchado del término SD-WAN muchas veces en los últimos meses. En esta publicación, desarrollaremos algunos de los conceptos para ayudar a mostrar por qué SD-WAN podría ser de gran beneficio para su negocio.
SD-WAN significa diferentes cosas para diferentes proveedores, sin mencionar todo el hardware dedicado, el software y las licencias necesarias para ejecutar estas soluciones. El objetivo de SD-WAN es permitir a las organizaciones ahorrar dinero y atender sus necesidades de conectividad más rápido.
En Cisco Meraki, tenemos una solución SD-WAN incluída con la licencia base (licencia para empresas) en todos los dispositivos de seguridad Meraki MX SD-WAN y no requiere de servidores ni hardware adicionales. Solo conéctelo, configúrelo en el panel de Meraki y comience a ahorrar dinero, agregue valor en otras áreas del negocio.
SD-WAN es un acrónimo de (Software-Defined Wide Area Network) y es una tecnología que forma la familia de tecnologías de red definida por software (SDN), con otro ejemplo que es el acceso definido por software. El estar definido por software significa que las decisiones sobre cómo el tráfico puede enrutarse entre todos los sitios en la WAN están definidas por la política, y su comportamiento se adapta a la condición de la WAN en lugar de tener una configuración fija.
Las soluciones SD-WAN logran esto a través de una serie de funciones, tales como resistencia, seguridad, calidad de servicio, optimización de aplicaciones y mucho más. La solución Meraki SD-WAN utiliza una combinación única de estas tecnologías para crear una solución que sea fácil de configurar, implementar y administrar.
Si no está roto, no lo arregles
Si bien este suele ser un buen consejo, el dilema del innovador también nos enseña que si no introduces la tecnología disruptiva en un espacio establecido, como la WAN, ¡alguien más lo hará! MPLS ha visto mucha innovación, pero sería justo decir que esa innovación es, en su mayor parte, para los proveedores de servicios que ejecutan y ofrecen servicios WAN en la parte superior de las redes MPLS.
La simplicidad de Meraki SD-WAN significa que la potencia y la flexibilidad están directamente en manos del cliente o proveedor de servicios. Lo que significa que sin la necesidad de dispositivos, servicios o actualizaciones adicionales, los clientes pueden crear o beneficiarse de una conectividad de red más rentable.
Si bien este tipo de enrutamiento preferencial está disponible en las redes MPLS tradicionales, por lo general, solo está disponible a nivel premium, en un conjunto de clases limitadas y para redes o aplicaciones predefinidas. Mientras que Meraki SD-WAN combina la detección de aplicaciones basada en la capa 7 que viene en todo el stack de Meraki para lograr esto de una manera más breve
¿Por qué Meraki entonces?
A menudo bromeamos diciendo que la SD-WAN es solo un esparcimiento mágico basado en políticas construido sobre la VPN automática de Cisco Meraki. Sin embargo, utiliza tecnología abierta basada en estándares que probablemente ya haya usado. A lo que nos referimos específicamente aquí es una tecnología creada originalmente en Google, pero más tarde de código abierto, que está incorporada en la mayoría de sus productos (por ejemplo, Gmail, Google Drive).
Los dispositivos de seguridad y SD-WAN MX utilizan esta tecnología para inferir la latencia, la fluctuación de fase y la pérdida de paquetes de rutas virtuales entre 2 MX, como se muestra a continuación. Estas tres cosas juntas nos brindan la capacidad de calcular una Puntuación de opinión media (MOS), que se puede usar para calificar la aceptabilidad de una ruta WAN para el tráfico de voz.
Esto significa que una de las políticas que viene preconfigurada es la capacidad de elegir la ruta virtual que sea mejor para el tráfico de voz: una ganancia rápida para todos. En el caso de que cambie la mejor ruta virtual para la voz, el MX moverá automáticamente los flujos a la siguiente ruta más apropiada.
Para rastrear aplicaciones con diferentes características a la voz, simplemente puede agregar una clase de rendimiento personalizada que le permita establecer un umbral compatible para latencia, fluctuación de fase, pérdida de paquetes o cualquier combinación de las tres. A continuación, se puede hacer referencia a este criterio como criterio para la selección de ruta virtual en una única política de UI, como se muestra a continuación:
Finalmente, y completamente integrado en la solución, está la capacidad de ver cómo los flujos atraviesan las rutas virtuales de su red casi en tiempo real e históricamente de manera más poderosa:
Meraki ha estado simplificando tecnología compleja durante más de una década y SD-WAN es solo otro ejemplo en el que hemos aplicado la magia de Meraki para permitir que las organizaciones se centren en su misión. También vale la pena señalar que Meraki ha estado ofreciendo SD-WAN desde 2016, lo que la convierte en una de las plataformas tecnológicas más establecidas y estables en este espacio.
Miles de clientes en todo el mundo ya han elegido Meraki SD-WAN y miles más ya lo estan probando. Conoce más en nuestros webinars con demo en vivo de SD-WAN, registro aquí.
The last couple of weeks have shown how vulnerable our connected world can be. Reports of a new wave of Distributed Denial of Service (DDoS) attacks at a scale beyond what has been seen before are attracting worldwide headlines. With traffic floods now reaching the terabyte scale, only those with global resources and deep pockets can withstand such an onslaught.
“The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second.”
KrebsOnSecurity Hit with Record DDoS – KrebsOnSecurity – September 21st 2016
Powering this new wave of cyber weaponry is the Internet of Things (IoT). A nascent breed of devices taking their steps into the world at a time where the value of something is dramatically amplified by its integration into the network. Unfortunately this rapid push to connect everything has not always been balanced with the rapid push to secure the underlying technology architecture.
“That cyberattack was powered by something the internet had never seen before: an army made of more than one million hacked Internet of Things devices.”
How 1.5 Million Connected Cameras Were Hijacked to Make an Unprecedented Botnet Motherboard – September 29th 2016
One of the unwilling device types in these recent attacks are IP enabled security cameras. These cameras and recording systems are typically well connected and remotely accessed. When this is combined with poorly implemented web interfaces, default passwords, and a lack of cyber security oversight, systems are effectively waiting to be exploited.
“Attackers used an army of hijacked security cameras and video recorders to launch several massive internet attacks last week, prompting fresh concern about the vulnerability of millions of “smart” devices”
Hackers Infect Army of Cameras, DVRs for Massive Internet Attacks The Wall Street Journal – September 30th 2016
The Meraki MV Security Camera delivers on the promise of simple connected devices without security compromise. At the heart of MV is the same core software powering other Meraki devices like wireless access points and security appliances. This code has been honed over the last 10 years, battle tested in the most demanding of locations, and it provides the most secure control infrastructure of any security camera available.
All MV management traffic and video transport is encrypted by default: it’s not even possible to configure MV to operate without encrypted communications. Administrative access to the cameras is only available through the Meraki dashboard, an interface that can be secured with advanced technologies such as two factor authentication.
Beyond the individual devices, the Meraki infrastructure is housed in SSAE16 / SAS70 Type II certified data centres, undergoes daily penetration testing, and is covered by our security rewards program. These policies and processes allow us to meet the most rigorous of customer requirements, including the need to be PCI compliant.
The initial savings of a low cost or consumer grade security camera system may prove expensive later on. If it is trivial for cameras to be used to attack legitimate businesses and other organisations, how much extra effort would it take for someone to start snooping through those same cameras?
With the advent of National Cyber Security Awareness Month, the MV team will be posting more information on MV’s security architecture to highlight our commitment to a safe world of connected devices. Until then, for further information please contact us to find out more.