• David Jones, Global Head of Payments and Banking at Irdeto


• 07.02.2017 12:45 pm
Bank

The Polish banks attack is yet another example of creative cybercriminals leveraging diverse technologies to seed and propagate an attack across multiple banks. As banking systems become more connected or share common access points (such as a regulatory body), it is important to recognize that standard network protocols are inadequate to prevent advanced cyberattacks. Web apps/APIs and javascript can be tampered with and their data intersected. This is due to the environment supported by modern browsers and the inherit lack of security in the open internet.

As a result, advanced security solutions should be considered for all apps/APIs that access and expose sensitive financial/private data. Solutions such as Cloakware for Payments and Banking by Irdeto deploys the industry’s most advanced software security (diversified whitebox cryptography) to protect sensitive APIs/apps and Javascript from attackers. Once the source is protected, each communication is validated through integrity verification in the cloud to ensure source code has not been changed, tampered with, or spoofed. This additional line of defense creates a chain of trust from the consumer browser to the private backend systems. Due to diversification of the cryptography, attackers are unable to weaponize attacks per user to impact a larger base. In the case of the Polish banks attack, enhanced app/API security working in parallel with robust network infrastructure policies could have prevented a breach – whose damage is still to be understood and quantified fully.