CONTINUE TO SITE »
or wait 15 seconds

Blog

Putting Zero Trust into Self Service Banking Cybersecurity

The European Banking Authority (EBA) issued this alert in its latest update to its risk dashboard following the Russian invasion of Ukraine. The EBA said exposure to Russian, Belarus or Ukrainian banks collapsing was less of a threat than “second- round” effects like cyber attacks that may be more material from a financial stability perspective

Photo: Auriga

April 28, 2022

This month, European banks received a renewed warning about increased cyber threats from a top authority.

The European Banking Authority (EBA) issued this alert in its latest update to its risk dashboard following the Russian invasion of Ukraine. The EBA said exposure to Russian, Belarus or Ukrainian banks collapsing was less of a threat than “second- round” effects like cyber attacksthat “may be more material from a financial stability perspective.”

Cybersecurity hasn’t been off the agenda for banks for many years now but the fears are even greater than before. There is an obvious business modelfor cybercriminal gangs to target banking services and especially ATMs – steal money and valuable financial information about customers and cause business continuity disruption and service interruptions. Attacks on financial institutions can generate serious cash returns and encourage cyber criminals to invest serious internal budgets into R&D to prepare attacks.

New risks for banking security

As banks have even greater focus on digitalisation there is a need to continually review cybersecurity strategiesespecially at a time of increased risks and threats.

There should be a particular concern about the rise in ransomware attacks that shut down critical systems, extort massive sums and lead to damaging data theft. One recent study by cyber security experts at Palo Alto Networks Unit 42 revealed the average ransom demand on cases they saw climbed 144% to $2.2 million, while the average payment rose 78% percent to $541,010.

Banks have tended to be prime targets for ransomware attack, For example, last year Trend Micro reported that the banking industry was disproportionately affected with a 1,318% year-on-year increase in ransomware attacks in the first half of 2021.

Banks can reduce the likelihood of attacks and mitigate the damage caused if they consider how cybersecurity goes hand in hand with their digital transformation programmes especially on the deployment of even the most advanced ATMsand assisted self-service terminals (ASSTs) now being used in next generation branches and digital banking hubs.

In their cybersecurity planning, banks also need to consider how new ways of both working and banking affect the balance of risks. While the lockdowns are ending, hybrid working patterns remain and include banking staff who aren’t always working out of their branch or office. Security leaders need to be considering whether employees working from home are inadvertently creating security vulnerabilities.

Similarly, the steep rise in customers doing online banking brings risks when so many of them who are new to digital banking services can be more susceptible to online scams or phishing attacks that could lead to serious breaches.

Fundamentally the goal has to include reducing the attack surface and having a greater visibility of what is happening and faster insight into anomalous activities that could be or are suspicious.

Zero trust approach to Self Service banking security

For banks, their endpoint devices ranging from workstations to ATMs to ASSTs are vulnerable to attack and a starting point for their cybersecurity review. The approach that is increasingly discussed is zero trust and this can be relevant to securing critical endpoints and the other parts of the banking service infrastructure.

First of all a quick definition. Zero trust means a cybersecurity system that minimises the level of implicit trust so that a system is only used and accessing software when stringent checks are done. This important concept can be successfully applied to ATMsand ASSTs as they comprise several software layers including an operating system, hardware vendor software layer, the multi-vendor layer, plus the different tools for operations, monitoring, security and so on.

The risks with these layers is how, unlike PCs, the software updating on these devices tends to be reactive not proactive. This means vulnerabilities can slip into software inadvertently, making the concept of zero trust critical in isolating a layer that’s unpatched.

The value of zero trust to securing digital self-service banking is you are not trusting the assumed security of mainstream software. This distrust is important because cyber attackers will hijack legitimate tools and software to launch an attack.

Additionally a zero trust strategy for banking endpoints should extend to the third party tools and services who have legitimate access to ATMs and ASSTs when servicing these devices. Again you need cybersecurity that interrogates whether their access at a specific time or place is correct or authorised.

To help you apply a modern approach to protecting fleets of ATMs and ASSTs, here’s a useful checklist:

  • Reduce the attack surface: anything will be allowed only if needed, and not just when it’s legitimate, only if they’ve been certified for proper operations.
  • Control whoever is going physically to manipulate the ATM. Standard solutions like antiviruses have the same level of protection at any time, but when we’re talking about critical devices, and a 3rd person is manipulating it, you must be able to control the level of protection and activate specific policies in that specific moment. The bank should be able to monitor what the technician is doing at a time of highest exposure to an exploit
  • Make the job of managing banking cybersecurity easier. Consolidate protection measures on a single platform such as application whitelisting, full encryption of all hard disks and media, file system integrity protection, hardware protection and a firewall to stop network attacks.

To find out more about how Auriga helps banks in protecting older and newer generations of ATMs, ASSTs and the rest of the systems used in next generation bank branch operations, check out here.

Included In This Story

Auriga

Auriga is a top international software solutions company, specialized in end-to-end systems that integrate the various delivery channels used in retail and internet banking.

Request Info
Learn More

Related Media

Blog
Improving banking security
Blog
Bridging the security gap in financial services
Article
Protecting ATMs from cyberattacks
Blog
ATM Monitoring vs. Fear of the Unknown: Staying Ahead of Evolving ATM Threats
Blog
Compliance and Security in ATM Management: What’s Shaping the Future?
Blog
Combating 3 ATM security threats in 2025

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
First National Bank to open 30 branches
Replacing the ATM: Pros and cons of new vs. remanufactured
Romanian man arrested for alleged cash trapping ATM scheme
U.S. Bank resumes crypto custody services


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'