Finding #16

Description *

Priority (1-4) Category 1 Category 2

Formatted Text *

ATMs Not Segmented

Severity Level: Priority 2
Category: Security / Infrastructure

Description:
ATMs lack network segmentation, allowing potential external attacks to pivot to the internal network if compromised.

Impact:

Risk of data exfiltration or ransomware via ATM breaches as attackers could gain access to the internal network.
Non-compliance with network security standards.
Increased audit findings from poor segmentation.

FFIEC Reference:

FFIEC IT Examination Handbook (November 2016):

"Network segmentation reduces attack surface." (p. 37)
"Critical systems like ATMs require isolation." (p. 39)

Recommendations:

Segment ATMs: Place ATMs in an isolated VLAN.
Restrict Access: Limit ATM network to essential functions.
Audit Segmentation: Verify compliance with network standards.

<h2 style="margin: 0in; font-size: 14pt; font-family: Arial, sans-serif; color: rgb(89, 89, 89); letter-spacing: 0.25pt;">ATMs Not Segmented<o:p></o:p></h2>Severity Level: Priority 2 Category: Security / Infrastructure Description: ATMs lack network segmentation, allowing potential external attacks to pivot to the internal network if compromised. Impact:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Risk of data exfiltration or ransomware via ATM breaches as attackers could gain access to the internal network.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Non-compliance with network security standards.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Increased audit findings from poor segmentation. <o:p></o:p></li></ul>FFIEC Reference:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">FFIEC IT Examination Handbook (November 2016):<o:p></o:p></li><ul type="circle" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">"Network segmentation reduces attack surface." (p. 37)<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">"Critical systems like ATMs require isolation." (p. 39) <o:p></o:p></li></ul></ul>Recommendations:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Segment ATMs: Place ATMs in an isolated VLAN.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Restrict Access: Limit ATM network to essential functions.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Audit Segmentation: Verify compliance with network standards.<o:p></o:p></li></ul>

Back to list