The threat of debilitating cyber-attacks is at an all-time high. According to PwC’s Global Economic Crime Survey, cybercrime is now the second most frequently reported economic crime with financial institutions being a favorite target. Compounding this challenge, financial institutions must store and exchange client information with other institutions and databases to facilitate rapid decisions and transactions. CIOs must focus on securing their own network as well as mitigating the risks that external partners may introduce, all without disrupting business processes.
Military and intelligence agencies around the world have grappled with this challenge for years. The same tool they’ve relied upon could also help financial institutions maintain tight cyber security while enabling new business process optimizations: Secure KM (Keyboard/Mouse) switches.
"Financial institutions must store and exchange client information with other institutions and databases to facilitate rapid decisions and transactions"
New Regulations Take Effect
As the threat of cyber-attacks on financial institutions became more prevalent and the severity of the damage a breach could have both on the firm and the larger economy became better understood, the New York State Department of Financial Services (DFS) enacted 23 NYCCR500 in early 2017 to establish a standard for licensed firms to follow. 23 NYCCR500 is roughly based on established NIST guidelines which provide a basic outline for cyber security, requiring firms to:
1. Identify and assess internal and external cyber vulnerability risks
2. Deploy a defensive infrastructure, leveraging technologies that best fit with the organization’s business
3. Implement policies and procedures to protect the organization’s stored Non-Public Information (NPI) against unauthorized access, use, or other malicious acts from both internal and external threats
4. Detect cyber threats and breaches
5. Deploy business continuity policies and technologies to respond and recover from a cyber attack
6. Fulfill regulatory reporting requirements in the event of a breach
The DFS left the actual details up to each individual firm’s discretion, requiring that a designated CSO/Risk Manager or board sign off on the firm’s policy and audit results.
A secure KM switch ensures that each source remains physically and logically isolated
Best Practices and Beyond
A CSO/CIO’s mission in the financial sector is dramatically complicated due to the need to tightly integrate a firm’s decision-making systems and private client information with 3rd parties and public databases. While common-sense security practices can mitigate the threat of a security breach, integration with external sources relies on the use of software API’s and the vast public internet—leaving ample room for a sophisticated attack.
To combat this, agencies such as the CIA, NSA, FBI, and DoD physically isolate their networks and network assets, ensuring that the most mission-critical data is never exposed to the public internet and only accessible to those with tightly controlled permission. The air-gap network ensures that advanced signaling attacks that may compromise a desktop have no way of propagating to more sensitive systems as there simply is no route from one network to the other. Further, to protect against internal theft or maleficence, these agencies also filter and sometimes block exposed USB ports on servers and desktop computers to ensure the data integrity is never compromised and never stolen.
It’s a strategy that financial firms would be wise to follow.
Optimizing the Desktop for Efficiency and Security
The desktop environment in most financial services facilities is a crowded space. Multiple monitors and systems bring in and display information from different sources that a sales manager or trader needs to make decisions. To address the overcrowding, specialty monitors on the market today allow for a simultaneous display from four separate client machines onto a single large format, 4K display. They specifically address the needs of securities traders and other financial professionals requiring instant views of disparate information sources in order to enhance their decision-making effectiveness and capabilities.
In order to combine the keyboard and mouse controls across the four quadrants, however, a KM (Keyboard/Mouse) switch is required.
A secure KM switch allows the operator to simply move his mouse from one quadrant to the other, seamlessly switching the mouse and keyboard controls from one PC to the other. In addition, a secure KM switch ensures that each source remains physically and logically isolated, such that none of the multiple sources impacts any of the others. When looking for a secure KM switch, look for ones that are certified against the NIAP Protection Profile 3.0 standards for peripheral switching devices (the NSA’s cybersecurity standard mandated for desktops at most federal and state law enforcement agencies).
Enhanced Security, Increased Efficiency
With the recent and well-publicized security breaches and new industry regulations, cybersecurity can no longer be an afterthought at financial firms. A breach can adversely impact an organization’s reputation, valuation, and customer confidence. The IT security industry is rapidly innovating to get ahead of threats and help organizations protect their networks without obstructing their ability to conduct modern business. For those organizations that believe absolute protection is a must, a NIAP Protection Profile 3.0 certified KM switch can provide enhanced security against the spread of an attack and employee or contractor maleficence while increasing operator efficiency and effectiveness.