Redefining “financial security”


Intelligent surveillance solutions are helping banks keep customers, and their financial information, safe and secure

By Aaron Saks, Sr. Technical Marketing and Training Manager, Hanwha Vision America

Banks are unique environments with equally unique security and surveillance requirements. Money changes hands, sensitive information is shared, confidential plans are discussed — these are only a few of the situations occurring in a banking and financial environment. Security professionals in these industries need intelligent video solutions that keep managers and customers safe and safeguard intellectual property and account data.

Keeping pace with the rise in online banking, mobile payments and electronic transactions is the growing threat of cybersecurity attacks. New innovations in technology can also create new opportunities for suspicious or malicious activity — making security a priority for any organization, but especially financial institutions.

With more of the world conducting their daily work and personal lives online, including banking transactions, many financial and banking customers are dealing with cybersecurity attacks just as often as physical security attacks. The level of these attacks can range from customers in a teller line trying to pass a fraudulent check, up to more significant criminal activities.

Online, it could include identity theft or misuse of customer information. These activities are often linked, so both departments need to work together as one team. At many banks, fraud and risk management are continuing to get more attention, and physical security departments need to work closely with IT teams to guard against on-premise and cyber-attacks. It’s important to have state-of-the-art camera systems as a first line of defense against fraud of any type at a financial institution.

In terms of the general cybersecurity landscape, two of the biggest network threats are botnets, which take over or flood your network and cause denial of service; and ransomware, malicious software designed to block access to a computer system. The many different devices or nodes connected throughout a network could be highly susceptible to either of these threats unless proper precautions are taken.

A growing use of artificial intelligence
Artificial intelligence (AI) and its diverse applications are impacting every industry and helping companies enhance their operations while building for long-term growth, especially for banking and financial institutions.

Beyond protecting and monitoring, surveillance and security solutions are increasingly incorporating on-board analytics delivering data that can drive intelligent business decisions and enhance data collection and analytics, especially for remote banking applications like drive-through lanes or ATM kiosks — all while reducing latency and system bandwidth burdens and enabling real-time data gathering and situational monitoring.

Authorized access
A bank’s camera configuration can vary from branch to branch. For example, cameras could be set up on the network with one login used by the VMS that allows for streaming video only and an admin login that is only used on rare occasions, such as updating firmware.

It really depends on the VMS. From a cybersecurity perspective, there’s what’s called the principle of least required privilege. That means giving each system user — and one user could be your VMS — the minimal level of permission they need for their jobs. For example, if someone wants to stream video, they don’t need admin-level permission to do that. The concept behind this is, if your VMS server gets attacked, they’re not going to get admin credentials because users are not sending my admin credentials. However, some VMS systems do require the admin credentials if they are pushing settings to the camera.

For example, to make this process more secure, Hanwha implemented through a firmware update the ability to have multiple admin users in a camera for that purpose, as well as audit capabilities.

You can configure a system for top-level admin access, and that’s restricted to system maintenance. If a technician needs to go on-site for a firmware update, they can use one password, but for day-to-day operations, users can log-in with a different account. That account may still have admin permissions, but it’s at least segregating out the user roles so there’s less chance of those credentials leaking out.

A bank could set up a separate login for every user with system access and create different profiles and permission rights. One benefit of the Hanwha WAVE system is that you can be as granular or as broad as necessary. For example, you can have an admin login that allows a user to view all cameras at any branch and make any setting changes. Then according to the level of employee and level of access required to do their jobs, the access can be made stricter and narrower as needed.

To protect against the risk of sensitive data leakage or potential breaches to financial systems, an organization’s IT department may require a Zero Trust Access approach, providing users with the minimum required privileges to perform their jobs. It basically means every identity and activity taking place across a network is verified.

Surveillance cameras often still operate during cyberattacks and continue to capture video. If someone gets the data off your cameras, then they can either hold that data hostage or convert it into bots to do their bidding against you. If the data, or the servers are important, then they should be protected. If they’re mission-critical, they need even more protection.

If you expect to rely on these devices to work at all times, then cybersecurity needs to be considered directly alongside physical security and not separately, to ensure you’re in the best position to capture the key footage that will assist in future forensic investigations.

It used to be that people would say, “My system is standalone; it doesn’t matter.” But the truth is, very few surveillance systems are truly air-gapped. There may be cameras segmented on one network, but what’s often overlooked is that a VMS server or NVR is usually sitting between them and those could be exploited.

Passwords still matter
Passwords definitely still matter and should be changed regularly. Although it’s easy and convenient, never leave the default admin passwords in effect, because that is an easy point of penetration for a cyber-attacker. If a password is too simple, then that’s an open invitation for attackers. Once someone gets access to a password, they don’t need to “hack” your system. They can just walk in the front door. Just as you wouldn’t leave your front door open or unlocked and expect privacy, it’s the same with passwords. Anyone can easily tamper with a camera or networked device.

There are also situations where certain bank employees are allowed entry to an IT room where cameras are installed. If their intent is malicious, then they may be able to log in to those cameras and perform any number of illegal activities, if the password is not strong enough. It’s typically recommended to use a mix of numbers and characters, making them as strong as they can be to successfully block any attempts at camera or network intrusions.

Weak passwords are one of the biggest reasons why devices get hacked. The bots on the internet are continually scanning, probing and trying to find any vulnerability to exploit, especially default passwords. Even if a bank’s cameras aren’t attached to the internet, the growing number of devices between each camera — VMS servers, switches, etc. — can easily be compromised, in turn making the connected devices internet accessible. There will always be bad actors trying to hack into a system, especially when money or data are the ultimate goals. Having insecure and weak passwords without the proper level of complexity is guaranteed to eventually fail. That’s why Hanwha implemented a policy against putting default passwords in our cameras. It makes it too easy for people to choose the path of least resistance.

Keeping current is critical
Upgrading a bank’s camera infrastructure can help deliver enhanced cybersecurity, for example during an investigation or when prosecuting identity theft or fraud. Keeping your security infrastructure current is critical, to ensure you have access to the latest surveillance capabilities. Like nearly every business operating today, a growing number of banking and financial institutions are realizing the benefits of AI. Beyond protecting and monitoring, surveillance and security solutions are increasingly incorporating on-board analytics delivering data that can drive intelligent business decisions. The role of data and analytics will continue to expand significantly as customers combine edge computing and AI to complement and enhance data collection and analytics.

The use of edge AI, especially with analytics based on deep learning algorithms, can be a key element in a range of “smart network” surveillance applications. These include object detection and classification, especially in remote applications like drive-through lanes or ATM kiosks — all while reducing latency and system bandwidth burdens, and enabling real-time data gathering and situational monitoring.

AI and edge computing will continue to improve the efficiency and effectiveness of network video surveillance systems, applying analytics (object, loitering, virtual line and area crossing detection to name a few) to monitor every type of area or situation.

Making surveillance easier
There are many ways a bank can make their surveillance deployments easier on their security teams and their budgets.

For example, a bank or financial institution can prioritize their security needs and then start small, implementing a security program in only one area of a business as a test. Then if they achieve success in that one area, their case for a larger spend for companywide deployment is much stronger.

In another scenario, a large bank with many branches may have plans to upgrade their camera network at several thousand locations. They can plan out an appropriate “phased” deployment strategy, rolling out 400 locations a month, or along whatever timeline makes the most sense.

Cloud-based services also give users added flexibility and scalability to customize and manage their services according to individual needs, and often on a “pay as you go” basis, so a company is not spending funds unnecessarily. For example, some cloud platforms, including Hanwha’s Wisenet Sky, offer a subscription model allowing users to choose the level of services they need at certain times of the year or by project.

Other criteria that may determine the type of security system and how much you need to spend for it are the intended use cases. For example, in many markets such as banking, there are regulations requiring both on-site and off-site back-up storage. In that case, hybrid allows you to have full on-site video recording capability combined with a full cloud user interface with all the necessary features and functionality, without tying up network bandwidth. If you don’t need to send all your data to the cloud all the time, then hybrid provides the best of both worlds. You can mix and match or go either way.

It’s also important to evaluate how sensitive your data is. If it’s financial data, or it’s GDPR controlled, you may not want to put it all in the cloud. The cloud is flexible and elastic and scales to your needs and resources — allowing you to control your spending.

The bottom line is, choosing the right type of surveillance system, and the right type of surveillance solutions partner, can be the right transaction for keeping employees, customers and data safe.