Advanced Bank Infraestructures Security Assessment objectives
Companies belonging to the financial services and banking industry, as well as many other companies, have been being targeted by cybercriminals. Although this is not the only purpose, in most cases these criminal actors are looking for financial gain. The typology of attacks is varied, but phishing attacks, as well as malware designed for banking environments, are noteworthy. Customer information is, in this type of environment, a vital asset for offering services and a cyber-attack that could have an impact on it would cause very high associated costs.
In its portfolio of services for the financial and banking sector, Tarlogic performs the security audits required by the various regulations to which these companies are subject:
- SWIFT requires its users to carry out an independent assessment when attesting to compliance with the security practices necessary to defend against, detect and recover from attacks.
PSD2, in addition to fostering innovation and competition in the European payments market, also aims to improve transaction and data security. This directive poses new challenges since, by requiring the development of secure payment interfaces with third parties, it increases the attack surface as well as the technical security requirements.
With this type of audits, Tarlogic provides the financial and banking sector with all its know-how and previous experience to meet the high security standards required in such a critical sector.
Advanced Bank Infraestructures Security Assessment benefits
The benefits that our clients obtain through the execution of this type of audits are:
- Increase the security posture of information systems.
- Knowing the current state of the infrastructure and the points of improvement.
- Avoid penalties for non-compliance with applicable directives.
- Avoid high costs associated with security breaches.
Tarlogic provides its customers with the experience and qualified personnel to perform SWIFT user and PSD2 compliance audits to ensure the compliance of information systems with applicable standards. This type of audit tests the robustness and effectiveness of the security measures implemented by the entity while taking into account new threats and vulnerabilities.
Among the common security problems that are usually found in these environments are:
- Inconsistency in the analysis of vulnerabilities throughout the existing infrastructure, often leaving aside systems that may seem less relevant.
- Partial separation of critical systems that should be isolated from the rest of the network, leaving access to some types of applications that go unnoticed and may represent a risk.
- Systems that are not sufficiently secured, unnecessarily increasing the attack surface.
- Password policies that are not consistently applied to all systems but only to workstations and servers, leaving other systems aside.