Why Financial Institutions Need a More Effective Way to Manage Their Physical Security Devices
For financial institutions, maintaining the necessary level of security involves protecting themselves and their customers from both physical and cyber threats. To keep branches and other physical locations safe, they invest in various types of connected physical security devices, including IP cameras and access control systems.
But managing all of those devices is a major challenge, and it’s common for inadequate device management to result in both physical and cyber risks. This reality can leave financial institutions vulnerable not only to the danger of a robbery or theft, but also to the reputational and legal fallout that can result from a cyberattack via these connected devices.
A serious need for physical security devices
There are good reasons for financial institutions to rely on connected devices for their physical security. Although bank robberies have become less common in recent decades – with criminals focusing increasingly on cyber attacks instead – data from the FBI shows that physical robberies are still a threat. For example, there were 1,964 robberies, burglaries, and larcenies targeting banks, credit unions, and similar financial institutions in the U.S. in 2021 (the most recent year for which these statistics are publicly available as of this writing) – up from 1,788 in 2020.
Meanwhile, today’s technology creates new risks against which financial institutions must protect themselves. As bank robberies have become less lucrative over time, cyber thefts have become more enticing to criminals. That trend should concern the physical security teams tasked with protecting banks and other financial institutions – especially because their branches often house digital equipment such as servers containing valuable, confidential, and extremely sensitive information. Should a threat actor manage to physically access that kind of asset, they could do serious damage.
And the danger for these institutions is about more than the direct financial harm that a theft could cause. Should a physical or cyber incident put a dent in customer trust, that can have a major impact on how safe consumers feel keeping their money at the targeted institution.
Facing this evolving threat landscape, financial institutions have become heavily reliant on connected devices to bolster their physical security. For example, IP cameras – often with advanced capabilities like license plate and facial recognition – are critical to monitoring their facilities and alerting staff to potential threats. And by using electronic key cards instead of traditional keys, they can take a more cost-effective and flexible approach to access control – while reducing the risk of insider threats by automatically creating a log of entries and exits.
The risks and costs of inadequate physical security device management
As much as physical security devices can help financial institutions to stay safe, when they are not managed properly they can leave those institutions vulnerable to serious dangers. Worryingly, in today’s physical security environment, it’s extremely common for virtually all types of organizations to manage their physical security devices inadequately (or not to manage them at all).
The main physical security risk that can result from this situation is that one or more devices will stop working properly and the organization will only discover the problem after a security incident has already occurred. When financial institutions can’t count on their physical security devices to protect them from robberies and other crimes, they’re right to worry about the dangers they could face.
Downtime can occur for a variety of reasons, some of which can be prevented by maintaining devices consistently. When it does occur, the longer it takes an organization to detect it, the greater the risk.
Since most financial institutions (as well as other organizations) aren’t able to monitor their devices’ health and performance around the clock, they face a very real danger that their devices could be offline for a long time before they even become aware of the problem. And if a financial institution does suffer a security incident while its cameras are down, the lack of available footage could make the institution more legally vulnerable in case it is sued over the incident.
The cybersecurity ramifications of the status quo
No less worrying than the physical security consequences of the status quo, inadequately managed physical security devices can also be vulnerable to hacking by cybercriminals. And that’s a serious risk, especially in light of the growing threat of cybercrime facing financial institutions. Notably, IBM’s Cost of a Data Breach Report 2023 found that the financial sector has the most expensive data breaches of any industry besides healthcare, with an average cost of $5.90 million per breach occurring anywhere in the world.
Recent years have seen an explosion in ransomware targeting the financial sector, and data breaches can also give cybercriminals a chance to use bank account or credit card details to steal money. Given the reputational damage that can result from a data breach, affected financial institutions also face the risk that customers will feel safer investing their money (and their sensitive information) elsewhere. And given the various laws governing privacy, security, and other issues within the financial sector in the U.S., the legal fallout from a data breach can be serious.
Considering these risks, it should come as no surprise that JPMorgan Chase Chairman and CEO Jamie Dimon has written that the danger of cyberattacks “may very well be the biggest threat to the U.S. financial system.”
To defend themselves in this environment, it’s crucial for financial institutions to harden their physical security devices and consistently maintain them properly. Some of the most important steps include:
- Rotating passwords regularly.
- Upgrading firmware as needed.
- Managing certificates.
- Replacing outdated devices, since those past their end of life or end of service can be easy targets for hackers.
- Monitoring devices for anomalies indicating that they might have been compromised or could be at particular risk of being targeted by cybercriminals.
As important as these steps are, the numbers show that it’s common for organizations to rely on physical security devices that have not been hardened and maintained properly. We’ve found that 57% of organizations’ physical security devices are running outdated firmware, while 46% are past their end of life and 11% are past their end of service.
The importance of automation
Given the importance of both physical security and cybersecurity within the financial sector, financial institutions need to manage their physical security devices more consistently.
The problem is that the steps involved in managing those devices are typically time-consuming and cumbersome. And given today’s status quo, managing all of them properly is often too massive of a task to be feasible for financial institutions. Not only does it involve hardening devices and maintaining them consistently, but it also often requires expensive truck rolls and on-site work to address unexpected technical issues.
Facing these challenges, automation offers financial institutions a reliable, efficient, and cost-effective way to manage their physical security devices. By comprehensively automating the management of their physical security devices, they can steer clear of both physical and cyber threats – and of all of the financial, legal, and reputational harm that can follow.
And because automation can save significant work time, it also offers them major cost savings. For instance, gaining the ability to restart devices remotely can eliminate the need for 70% of truck rolls.
By tapping into the power of automation, financial institutions can minimize the security threats they face, help maintain customer trust, and focus on growing their customers’ investments.