How This Small Bank Kicks Cybercriminals Off Its Network

For an officer of a community bank in Minnesota, Joseph Thornell has no shortage of cybersecurity concerns keeping him up at night.

"Mobile security is a constant worry in this changing world where phishing is always a risk," said Thornell, a security technical architect at Bremer Financial Corp. in St. Paul. "We're constantly improving awareness among our staff of phishing threats. We worry about things like cross-platform banking attacks. We worry about employees' mobile devices being used as a method to penetrate the bank's network. These are fast-paced days."

Such is the new reality for bank security officers all over the country, as phishing attacks, card data breaches, online banking account takeovers, and complex wire transfer schemes proliferate (among a host of other threats).

A survey Kaspersky Lab released Monday found that 93% of 300 financial services organizations polled worldwide were victims of cyber-attacks in the past 12 months. The security software company's study also found that 82% of businesses of various kinds would consider leaving a financial institution that suffered a data breach, and 74% of companies choose a financial organization for its security reputation.

Bremer shared some details about its response to the challenge, providing a rare window into how some banks are managing the escalating risk of cyberattacks.

The $8.7 billion-asset bank has 4,200 endpoints to safeguard, used by 1,900 employees in 87 branches and corporate locations. These points of entry range from personal computers to tablets and smartphones.

To protect itself, the bank recently upgraded its security technology to control who can access what across its network and to give it visibility into everything going on in the network, including on employees' mobile devices.

Bremer deployed network access control software prepackaged into a server — known as ForeScout Technologies' Counteract appliance — to control who can use its network and protect the endpoints.

The appliance provides a dashboard and reports that show all users' devices, applications and systems that are requesting access or already on the network. The bank can use the appliance to set access policies and set up alerts.

As cybercriminals change and refine their tactics every day, knowing what fraud patterns to look for is not easy.

"There are things that are obvious that we watch for, but it's a daily job to keep up on things," Thornell said. "We monitor. We're very restricted with what we allow, so we're preventing a lot of things that would normally come in."

The bank particularly wanted a solution that could identify and distinguish mobile devices from other types of computing endpoints. "And we needed the ability to differentiate corporate devices from personal and guest, whether that be vendor or facility folks that would be on site," Thornell said.

Such technology would have been helpful to Target, whose massive breach last winter began when hackers broke into the remote access software of a company that provided heating and air conditioning to the retailer.

"We wanted ways to automatically segment those [third-party users] based on set criteria and if needed, isolate them completely from the rest of our users and devices," Thornell said. "If something is vulnerable based on baselines you set, you segment that, you keep it off your network until it meets your requirements."

In addition to controlling access across company-owned devices, guests and vendors, Bremer wanted to increase its defenses against advanced persistent threats through continuous monitoring and mitigation.

The bank integrated the ForeScout appliance with its QRadar security information and event management and anti-virus solutions. Thornell plans to integrate the appliance with the bank's mobile device management system and wireless network provider to provide oversight over employees' and vendors' use of mobile devices.

In the end, Bremer will have "a very holistic view, not just of the end points but communications across them," said Thornell.

The appliance will be able to look for viruses and Windows updates. It will check the devices that are logging into the network for applications or settings that are out of policy.

"A policy violation is as much of a risk as an attack virus," said Scott Gordon, who is the chief marketing officer for ForeScout Technologies.

The appliance alerts Bremer's security team whenever something odd crops up. It also provides a real-time dashboard to track network activity. "The member of my team who administrates that has it up at all times. He's watching and reacting," Thornell said.

Overall, Thornell considers the visibility and monitoring features of the new technology as important as the enforcement of policies and rules. "Go big with policies in monitor mode, and you can really gain a significant amount of intelligence from the system, with little to no impact on the end user experience," he said.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER