This post is just a quick “holy cow” on the lack of network segmentation we are discovering as a result of a recent incident. Fortunately, not our Clients, but as we continue to read through the aftermath, we are finding that some institutions were fully breached because their ATMs were not walled off.

Within the broader strategy of network security, segmentation is now reaching late majority adoption. This is castle/moat technology that we point back to in our Zero Trust rants, folks.

The risk mitigation more than covers the cost.

And network segmentation does not have to be complicated. It’s almost as simple as putting your public facing assets in a DMZ! There are some clear “low hanging fruit” approaches. Beyond your DMZ and your guest network, your ATMs should be put in their own segment. And you should also consider putting VoIP and IoT on their own segments, segregating servers with high or critical data, and considering ways to prevent lateral movement during a breach.

From an impact severity, likelihood of attack, customer visibility, availability risk mitigation, and just plain common-sense perspective, ATMs make a great place to start with network segmentation.