Blog: Security: a changing industry requires a changed approach

This Q&A with Diebold Nixdorf experts Julie Osborne, Global VP and Head of Services and Martin Nearhos, Principal Security Architect—Global Services Portfolio, was conducted by RBR Banking Automation Bulletin for their September 2018 issue and is reprinted here with permission.

RBR: Why are financial institutions having difficulty managing their self-service security?

Martin Nearhos (MN): Maintaining the security of end customers’ assets and information has always been a high priority for the industry, but threats against the self-service banking channel have evolved, and it is now much harder to keep up. Attacks against ATMs have traditionally been regionally isolated or slow-moving, but this is no longer the case. We are now seeing increasingly complex attacks – such as varied forms of jackpotting – taking place across the globe, while the threat of traditional physical attacks has never gone away. It is a lot to combat.

Julie Osborne (JO): Financial institutions also do not have the time or in-house expertise to keep security measures up to date. Banks and credit unions are under constant pressure to do more with less as retail banking paradigms shift, and even if financial institutions wanted to hire in-house security specialists, these resources are expensive and in high demand as businesses and governments fight cyber security threats.

There is also the constant pressure to stay compliant with security regulations and industry standards. ATM security service providers can help relieve the burden of staying on top of changes and staying protected against attacks.

RBR: What is the alternative to self-management of ATM security?

JO: It is increasingly popular for financial institutions to work with organizations such as Diebold Nixdorf that have intimate knowledge of the ATM channel and offer specialized security services as part of ATM fleet management arrangements. They want someone with 24/7 Secure Operations Centers for monitoring and who can take care of all necessary maintenance and hardware and software upgrades for them. Some financial institutions do not have the capability in-house to reliably maintain secure ATM environments, and others would simply rather have someone else handle it because it is a specialist capability.

RBR: What is Diebold Nixdorf doing to align with this trend?

MN: We have rolled out our ‘Managed Security Services’ offering as part of DN AllConnect Self-Service Fleet Management Services?. These services, in general, are designed to take the burden of effectively managing an ATM fleet off the financial institution, and Managed Security Services tap into Diebold Nixdorf’s global experience securing customer data, channels and endpoints against physical and digital threats.

JO: That’s right. Managed Security Services are designed to:

• Optimize security harnessing 24/7 monitoring, proactive threat elimination and in-depth understanding of emerging threats to fight back against attackers;
• Increase efficiency freeing our customers’ staff from day-to-day ATM security management responsibilities while streamlining processes; and
• Manage operational risk providing real-time threat insights, remote troubleshooting and a deep understanding of industry requirements.

Ultimately, we provide multilayered protection and real-time information to ensure we have the visibility to keep customers’ ATM networks protected and available while also providing the information they need for effective ATM security audits.

RBR: What does an engagement like this look like for a customer? What options do they have?

MN: An existing customer who is already using Self-Service Fleet Management – a suite of services designed to run multivendor self-service devices – can decide what level of protection makes sense for their organization based on their business and operational risk. With a new customer, all the fleet details would be analyzed, then the customer would select the appropriate security services. We offer a basic ‘everyone needs this’ level of protection called Security Core Services and a more comprehensive tier called Security Enhanced Services.

• Security Core Services provide everything needed to comply with PCI requirements and other standards, combining the hardening of various aspects of the ATM with remote monitoring and software/patch deployment functionality. This includes device monitoring, secure connectivity services, managed firewalls, peripheral device controls, anti-malware protection, application patch management, intrusion detection and prevention, and more.
• Security Enhanced Services build upon the foundation of Security Core Services, adding advanced protection against complex logical system attacks. We still recommend this sort of protection to everyone, but know that financial institutions will want to prioritize their investments in advanced security. Components of this offering include hard drive encryption services, enhanced intrusion protection and advanced access management services.

When a customer has Diebold Nixdorf’s Managed Security Services, we can proactively monitor the ATM for suspicious activity, protect terminals more effectively in real time, respond quickly when attacks are detected and engage with the customer to resolve the incident.

RBR: Why do customers choose Diebold Nixdorf to provide these services?

JO: There are a number of companies that offer some form of enterprise Managed Security Services, but few can provide comprehensive protection at the ATM channel.

• We have been the leading voice on ATM security in the industry in recent years, and we have been recognized as one of the most experienced, respected ATM service providers in the world. We are regularly monitoring new attack vectors, working with security agencies and industry groups to proactively tackle threats, and we are committed to quickly rolling out solutions to new challenges.
• We take a risk-based approach to Managed Security Services by offering a customizable service to meet the needs of the customers we serve. For example, financial institutions are more incentivized to lock down an ATM that is remotely located than one in a secure branch environment, and we give them the flexibility to roll out security services according to that risk.
• We provide 24/7 monitoring and rapid, remote response when issues are detected or new security patches become available. When a customer requires in-person assistance, they receive it from service professionals who are well respected for the technical service they provide to more than 1,000 Managed Security Services customers worldwide.

RBR: How are customers responding?

JO: The response to Managed Security Services has been quite positive. Threats against the self-service channel aren’t going away anytime soon, but with these services, financial institutions can spend less time trying to prevent attacks and spend more time with their customers, growing their business.

MN: Right. And while Managed Security Services have been rolled out across the globe, the services continue to evolve. There are a number of exciting developments in the pipeline, so those who start benefiting from our Managed Security Services today know they can only expect more value in the future. We are also working on a similar offering for endpoint protection in retail environments, and we look forward to debuting that in the near future.

Ready to refresh your approach to security? Learn more at DieboldNixdorf.com/Security.