Endpoint Innovation Needs for Financial Institutions
We’re observing National Cyber Security Month by digging a little deeper into the financial industry’s regulatory compliance challenges. Previously we highlighted the FFIEC Cybersecurity Assessment Tool, an end-to-end resource for large and small banks to identify risks and develop Cyber Security strategies and plans.
Part one of the assessment discusses the five inherent risks faced by financial institutions. It’s no surprise that the top priority on the list involves network connections:
- Technology and Connection Types
- Delivery Channels
- Online/Mobile Products and Technology Services.
- Organizational Characteristics
- External Threats
The FFIEC (Federal Financial Institutions Examination Council) shows security risk levels as related to solution maturity in this illustration below. Essentially, it boils down to maximizing investments for ultimate risk protection. The greater any given risk, the more robust the solution required. While this seems obvious, it may feel out of reach. That’s why we like this tool - it provides a clear path to addressing the biggest risks.
Endpoint Security: From “Baseline” to “Innovative”
The network connection guidelines place even the most basic network endpoints in the highest risk level. Wireless network access, BYOD and the number of network devices are just a few of the factors considered. Based on our experience, most financial institutions fall into the significant or higher risk categories. The implication is that the advanced and innovative security solutions below should be deployed.
- Baseline: Controls are in place to restrict the use of removable media to authorized personnel only.
- Evolving: Automatic prevention of attempted network access by new and unregistered devices. Anti-virus and anti–malware tools are installed on all endpoints.
- Intermediate: Mobile device scanning (jailbreak/rooted detection, for example).
- Advanced: All endpoints lacking the latest security patches are quarantined and patched before the device is granted access to the network.
- Innovative: Deployment of a centralized endpoint management tool.
As robust as it is, the list is missing a key component: the growing number of network-connected devices that cannot support security software needs to be addressed. These are the devices that often cannot be controlled due to their lack of visibility. The ability to discover, profile and control endpoint access of all devices, managed or not, needs to be added to the “Innovative” category.
We consistently hear from our customers about their heightened concerns regarding network hacking and the associated financial ramifications. Solutions to these challenges are actually simple and readily accessible. Read here about how one customer addresses their endpoint challenges using Great Bay Software security products.
There’s a win-win to meeting regulatory requirements. Financial institutions have greater confidence when it comes to passing audits, and their customers are better protected against the threat and risks of Cyber Crime.