Reinforcing cash centers with cybersecurity

Cash centers, whether located at central banks or large commercial banks, play an integral role in the cash cycle. They serve as the hub for cash processing and distribution, ensuring that cash is available to individuals and businesses alike. Historically, these centers have been targeted for physical theft due to the large amounts of cash they hold – and physical security measures have reflected those risks. However, the rise of digitalization, increased automation, and the proliferation of remote work have opened the door to more advanced cyberthreats. As a result, it is critical that cash centers implement robust cybersecurity protocols to protect against evolving digital threats.

Cash centers at risk: an evolving threat landscape

Cyberattacks are becoming more sophisticated and malicious than ever – and large financial institutions are a prime target.¹ For central bank cash centers it’s a matter of when, not if, they are targeted by cyberthreats; however, only a few central banks believe that the financial sector is adequately prepared for such threats.²

When assessing the major risks of potential attacks at central bank cash centers – which are typically carried out by organized criminals, state actors, and “hacktivists” – three types stand out. The most common attack is phishing, which most internet users receive in their email boxes on a daily basis. However, unlike traditional phishing attempts, which trick a user to gain control of the user’s device, central banks are targeted by credential phishing. With this method, the hacker attempts to steal a user’s login data, giving the hacker access to all internal communication channels. They can then send phishing emails to the entire organization, disguised as an employee.

The next major threat is supply chain attacks. These occur when a threat actor infiltrates a legitimate software vendor’s network and uses malicious code to compromise the software before the vendor sends it to their customers. Although less common, these attacks can have huge and potentially systemic consequences. The final major threat is ransomware, a type of malware that attackers deploy on a victim’s computer network to encrypt the victim’s files and hold them for ransom. This threat has grown significantly in recent years and is mostly used by organized crime.

The potential consequences of a compromised cash center are vast and extend beyond just the theft of physical currency. While the halting of supply chains and production, compromising of stock data, or incorrect processing of counterfeit notes can all cause significant disruption on an operational level, the social impact cannot be underestimated. A major cyberattack could result in a loss of confidence in the financial system, causing monetary instability and economic disruption on a large scale, leaving lasting effects on the affected region or country.

Identifying digital vulnerabilities

In order for cash centers to improve their resilience to cyberattacks, it is important to understand which potential “weak spots” might be targeted by threat actors, especially when it comes to operational technology. The emergence of new ways of working has reduced costs and increased efficiency, but brought new challenges to the industry:
 

• IT/OT convergence: in many cases, operational machinery used in cash centers is not designed to cope with modern internet connectivity. However, due to the long operational lifespans of this machinery, it has become necessary to connect it to the internet – for example, for remote maintenance purposes. Given the critical nature of cash center machinery, it is no surprise that this makes the machinery a major target for cybercrime.
   
• The automation of cash processing: while the growing reliance on machines has increased efficiency and productivity and reduced the risk of human manipulation, it has led to a decrease in machine-human interaction and opened the door to potential digital threats. Automated systems are more vulnerable to malware infections due to outdated software or insufficient security measures, which can also lead to unauthorized access to sensitive data. Without adequate human supervision, it also becomes more difficult to anticipate and respond to attacks.
   
• Connected facilities: in recent years, it has become more common for the maintenance of cash processing systems to be carried out remotely. While this provides greater convenience and efficiency, it also exposes a system to digital threats outside its own security perimeter.
   
• Software-driven and digitalized operations: without software, many of the digitalized solutions wouldn’t be possible, but there would also be no cyber-risks. Handling so much data comes with the responsibility of storing it securely; it is critical that updates are run on schedule to avoid risks. Additionally, new communication channels and collaborations (e.g. data exchange) with other cash cycle stakeholders, such as commercial banks or cash-in-transit companies, must be secured.
   
• Cloud adoption: as cash centers adopt the use of cloud services to facilitate remote working, traditional security perimeters are no longer sufficient and it is becoming harder to apply the necessary security controls across the board. Employees working on unsecured Wi-Fi networks and using personal devices can expose networks to new vulnerabilities.³

How cash centers can protect themselves

There are plenty of ways central banks can safeguard against cyberattacks, such as installing state-of-the-art security software, running penetration tests, or ensuring employees are well-trained in cybersecurity matters. However, in order to be truly resilient to cyberthreats, cash centers must adopt comprehensive cybersecurity strategies to constantly identify and protect against new risks, detect when an attack is underway, and stay ahead of the curve with the latest threats. Cybersecurity can no longer be considered optional; it must be treated as a critical part of an organization’s security infrastructure. 

For projects like these, we work with an experienced consulting partner – like Germany’s leading cybersecurity company, secunet Security Networks AG, affiliated with the G+D Group – to carry out a security and risk assessment. This assessment will determine the maturity levels of existing security mechanisms before improvement recommendations are developed according to a defined set of security principles. These recommendations include measures such as encrypting data streams for secure communication, using AI-powered security information and event management (SIEM) for real-time analysis, and ensuring the reliability and availability of hardware and applications.

Building cyber-resilience: a case study

In late 2021 and early 2022, G+D and secunet collaborated with a central bank in Southeast Asia to conduct a cybersecurity self-assessment of the bank’s OT components, which were supplied by G+D, at one of the bank’s cash centers.

The project’s objective was to evaluate the cash center’s current security infrastructure and reinforce it with a bespoke cybersecurity concept, developed according to established security principles. We managed this using a proven five-step model:

The self-assessment project was a crucial step by the central bank toward enhancing its overall security infrastructure. By gaining a comprehensive understanding of its existing cybersecurity maturity levels and identifying areas for improvement, the bank was able to harden its defense against cyberthreats. Not only is the cash center now more resilient to threats, it is also better positioned to proactively identify and mitigate the risks these threats pose.

As digital risks become more sophisticated, and the consequences of their breaches more critical, central banks can no longer afford to neglect cybersecurity strategy. Indeed, the only way to build true cyber-resilience is by making cybersecurity an integral part of security infrastructure.

Published: 25/04/2023