Cyber threats frustrate banks’ digital efforts

The financial industry finds itself at a crossroads. On one hand, customer expectations demand that banks innovate digitally. On the other is a realisation that any new digital experiences will inevitably expand the threat footprint.

Mobile banking apps many banks have launched improve convenience and accessibility for customers. However, the apps also increase how cyber attackers can penetrate security systems to steal bank data, user information and money.

A new security framework that addresses this new threat landscape is urgently required.

A security system with TLS/SSL encryption, decryption and inspection can help prevent such attacks from taking place, by decrypting incoming traffic and inspecting it for threats, says Rayan Mohtasib, regional sales manager, Strategic Accounts at A10 Networks.

Additionally, banks today cannot transform without cloud and most financial institutions now operate private clouds. Though considerably safer than its public cousin, private cloud is not without risk.

A10 Networks’ advanced load balancers with central management and analytics provide a unified solution that allows customers to manage and deliver secure, elastic, cloud-native applications and services centrally across the entire private cloud infrastructure.

“A10 Networks Thunder SSLi interoperates with many major security vendor solutions and can support customers’ legacy infrastructure. It can also reduce operational costs because as a company expands its infrastructure, Thunder SSLi offers a centralised point of TLS/SSL decryption for enterprise traffic,” says Mohtasib.

Banks in Saudi Arabia face very specific and equally perilous cyber threats, given the country’s strategic geopolitical standing. The work-from-home requirements brought on by the Covid-19 pandemic have only elevated the threat level.

“Most enterprises now heavily depend on remote access, which was previously not allowed, and most traffic before was trusted because it came from inside the network. With most users now accessing the network from outside, the increase in the risk of malicious traffic coming into the enterprise’s network is significant,” Mohtasib warns.

Decryption
Encryption is a double-edged sword in cybersecurity.

Attackers are increasingly using the cover of encryption to execute phishing, malware, ransomware and other attacks, Mohtasib observes. To overcome this, enterprises need to step up their security by enabling decryption on their network, he adds.

A dedicated TLS/SSL decryption solution, such as the A10 Thunder SSLi, provides fast and reliable decryption, versatile enterprise security, and load balance across multiple firewalls to scale.

According to NSS Labs, the typical NGFW experiences up to 90 per cent performance degradation with decryption. This means if a firewall does 18 Gbps of throughput pre-decryption, an organisation will need 10 firewalls to match the originally “promised” performance of 18 Gbps. “With A10 Thunder SSLi, you benefit from a smaller footprint, less complexity, and lower cost,” Mohtasib says.

SSLi offloading is a requirement for financial institutions in many countries to ensure they have better visibility into their traffic. Banking regulator Saudi Arabia Monetary Authority (SAMA) has not made it a mandatory requirement of its e-banking policy as of now. However, the consensus is that SAMA will make SSLi offloading mandatory soon, Mohtasib says.

Most cybersecurity products in the market can perform at a fairly advanced level protecting against known malware. It is the unknown threats that can potentially destroy an enterprise’s credibility, Mohtasib warns.

Additionally, most customers have such cybersecurity solutions already in place and could fall into a false sense of security. However, attackers have advanced their attack toolkit and know how to avoiding detection. “A successful malicious attack is not only measured by the damage it caused, but also by how long the attacker was hidden within the network,” says Mohtasib.

The Covid-19 pandemic has brought a lot of changes not only in enterprise’ behaviour but also in customers’ expectations. Banks are now focused on providing digital services either through their apps or through their websites, Mohtasib observes.

“At A10 Networks, we can work with our customers to bolster the mobile app or website by providing an application load balancer or a web application firewall (WAF). This involves working at the infrastructure level with those banks to make sure they have full business continuity and availability at all times,” he concludes.