Search
Advertisement

Business

Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Resilient IT / Network and Infrastructure

Windows Protection for Midsize Banks

By Tom Schmidt

For many midsize banking institutions, Windows plays a major role in keeping their business running and their employees productive. But these same institutions often fail to recognize the vulnerabilities in Windows-based systems that place them at risk. Each day, they face such challenges as backing up and recovering mission-critical data in the event of hardware failure or human error, protecting users from viruses and other "malware," and keeping their customer information and other intellectual property from falling into the wrong hands.

For Tier 2, 3, and 4 banks, which typically do not enjoy the level of IT resources available to Tier 1 institutions' operations, a critical business priority must be to act now to ensure the security and availability of their data, systems, and applications.

This article explores the challenges that Windows-centric midsize banks face today and the steps they can take to mitigate risks to data, systems, and applications without added cost or complexity.

More sophisticated attacks
The latest Internet Security Threat Report, covering the first six months of 2006, provides a sobering snapshot of the threat environment in which midsize banks find themselves today. Consider:

  • Desktop attacks on the rise As vendors and enterprises have adapted to the changing threat environment by implementing best security practices and defense in-depth strategies, attackers have begun to adopt new techniques. This has resulted in more targeted malicious code and targeted attacks aimed at client-side applications, such as Web browsers, email clients, and other applications.
  • Evasive tactics on the rise During this reporting period, nearly 20% of all distinct malicious code samples detected had not been seen before, indicating that attackers are more actively attempting to evade detection by signature-based antivirus and intrusion detection/prevention systems.
  • Financial gain drives malicious activity Financial gain remains the motivation behind many of the threats during the reporting period. For example, bot networks are used not only to spread malicious code, but to send spam or phishing messages, download adware and spyware, attack an organization, and harvest confidential information. More than 4.6 million distinct, active bot network computers were detected and researchers observed an average of 57,717 active bot network computers per day during this period.
  • Financial services sector a top target Financial services was the second most frequently targeted sector in the first half of 2006. Attackers are increasingly motivated to conduct online criminal activities by financial gain. Attacks targeted against the financial services industry will continue to rise as attackers become more profit-driven.
  • IE under attack Microsoft Internet Explorer was the most frequently targeted Web browser, accounting for 47% of all Web browser attacks.

So much for today's threat landscape. But there are other issues that should cause concern for Windows-based organizations. These business realities call for stringent policies and procedures as well:

  • Exponential increase in data volumes Data volumes continue to grow at 40% to 60% each year, making it more and more difficult for administrators to back up mission-critical data in acceptable time frames (or within available backup windows). In addition, the need for instant, on-demand data recovery is becoming increasingly vital for business operations. With downtime costs reaching thousands of dollars per hour, an outage could be catastrophic to a midsize company.
  • Growing need for mobile computing For today's midsize banks, a mobile workforce is a given. The proliferation of laptops and other mobile devices has certainly been a boon for workforce productivity. But according to a recent global survey of 240 company executives by the Economist Intelligence Unit, only 9% of companies have incorporated security measures designed to include mobile device access. In many cases, these devices are not properly protected against theft. Also, a growing mobile workforce places extra strain on IT administrators, who need to manage, configure, and deploy operating systems and applications to various mobile users.
  • Microsoft Exchange downtime Exchange downtime critically impacts the flow of business. Microsoft Exchange is often the mission-critical application running in Windows-based organizations today. In a recent META Group survey, over 80% of the respondents said email is more important than phone communication in the workplace.
  • Looking ahead to Vista Given that the various versions of Windows are deployed on an estimated 90% of desktop systems around the world, a concerted effort by attackers to discover and exploit shortcomings in the upcoming Windows Vista operating system is to be expected. Researchers speculate that "the new features and changes to Windows Vista's code base, in conjunction with increased scrutiny from security researchers and malicious code authors, will result in previously unseen attacks. Organizations considering a move to Windows Vista will need to plan their migration carefully."

A blueprint for protection
Given these challenges to the Windows environment, what can midsize banks do to ensure the security and availability of their data, systems, and applications? The first thing they can do is to take a critical look at their infrastructures. Technologies and infrastructures evolve over time, and many IT departments find that their solutions -- often a patchwork of products from a variety of vendors -- no longer work together effectively to protect their Windows environment.

The need for such a critical look is underscored by the findings of a September 2006 CIO Insight security survey, in which "vulnerabilities in Windows software" emerged as the No. 1 concern of participating CIOs.

More than ever, therefore, today's bankers require Windows-based protection solutions that are easy to acquire, deploy, and manage, bringing them enterprise-class performance without the cost and complexity associated with enterprise solutions.

Conclusion
Today's Tier 2, 3, and 4 banks face unprecedented challenges when it comes to protecting their Windows environment, whether it's responding to known and unknown threats, accommodating exponential data growth, managing Microsoft Exchange downtime, or meeting sophisticated compliance requirements.

Fortunately, solutions are available that can help them effectively and affordably meet those challenges. These solutions make it easier to accommodate changing business requirements and help ensure that non-public customer and institution information -- as well as the desktops, laptops, and servers that make it accessible -- are always secure and available.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Network and Infrastructure
Analytics and ROI
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

More than 80% of survey respondents said email is more important than phone communication in the workplace.

-- META Group
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Risks of Wireless Email
Playtime: 8 min 23 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.

© MMVIII, CBS Corporation. All Rights Reserved.