North Korea’s ATM threat should put cybersecurity teams on alert

In October, the FBI and the Department of Homeland Security issued an alert that North Korea has been behind a global operation of tampering with ATMs. The “cash-out” scheme has targeted banks in dozens of countries, generating millions of stolen dollars.

While these sorts of schemes are nothing new, the recent alert from the FBI should serve as a wake-up call to financial institutions to pay proper attention and to take those steps needed to improve their cybersecurity strategy.

Keith Bedford/Bloomberg

The fact is, increasing consumer demand for digital engagement through multiple endpoints, coupled with aging systems, have led to the creation of vulnerabilities that can affect banks of all size, from global institutions to local credit unions. And for hackers, ATMs serve as welcome mats for company networks where much customer information is stored. Hackers work fast and their tactics often evolve faster than targets are able to keep up with. However, there are several proactive steps banks can take to help combat these threats.

Overcommunicating the threat with bank customers should be a no-brainer. But instilling confidence in them starts with transparency and reminds them of why they chose your organization over another. Implement a “see something, say something” policy reminding them that if they notice any unusual activity on their account that they should alert the institution immediately. Hackers need an easy entry point into an organization and customers are essentially Patient Zero. So utilize them as the first line of defense through empowerment.

Emerging technologies, such as microsegmentation, have been proven to defend against outside actors in a variety of different applications. Microsegmentation partitions networks into segments, shrinking the potential attack surface and preventing attacks from spreading laterally throughout a network. This solution can make ATM networks undetectable to unauthorized users by dividing them into multiple segments that are highly secure, reducing the level of security risk even if a hacker were to gain access.

Some software-based microsegmentation solutions utilize encryption to add an additional layer of security by encrypting and protecting all data in motion. Because they are software-based, these solutions are easy to adopt and integrate into existing networks, limiting updates to applications or interruptions to ATM operations. More important, investments in these technologies can help strengthen and protect a bank’s brand reputation in an era where personal data security is top of mind among consumers.