Jeff Multz, the director of North America midmarket sales at Dell SecureWorks, recently said that mistakes made by smaller banks make them more susceptible to cyberattacks.
“Small banks often tell me, ‘We’re too small to matter,’ ‘We don’t store valuable data,’ and ‘Our core provider provides security,’” Multz said in the January/February edition of “In Touch,” published by the Community Bankers Association of Kansas. “Because smaller banks have less money to secure their systems and often don’t monitor their networks 24/7, it’s easy for cyber thieves to get in and out of their networks’ sight unseen.”
Multz said some smaller banks that outsource to core providers “mistakenly believe” the provider actually ensures the bank’s security.
“Core providers only provide security for themselves, so if you have malware on your system, it won’t affect them,” Multz said. “Most bank/financial core providers don’t even mention the word ‘security’ in the business contract, and they don’t provide security for your corporate environment!”
Multz said that while there is no single solution to address all facets of network security, the “50/30/20” rule may be helpful, adding that security devices must be updated regularly so as not to disrupt business traffic.
“We find firewalls notify you about 50 percent of security events that occur on your network,” Multz said. “About 30 percent of notifications come from another security layer, the Intrusion Detection/Protection System… [and] about 20 percent of your security event notifications come from servers, routers and switches that securely direct or receive your traffic.”
Multz said all devices should be monitored 24/7 to ensure a quick response and to minimize damage.
“Remember: It is more cost-effective and easier to keep intruders out rather than to get them out,” Multz said. “Having intruders in a network is one small package no one wants to open.”