The finance industry is also known to be exposed to adversity. Financial service organization are seen to be struggling due to unprecedented competition, recessions, restricting new regulations, lackluster stock prices and frequent cyber-attacks. In fact, the challenges recently experienced are seen to impact the entire industry (Betz, 2017). Initially, IT security purpose was the policy of access control through a robust anti-virus platform and firewall. Recently, significant banks are coming up with strategies intended to pioneer proprietary and cutting-edge cybersecurity software. They are now forming a close relationship between the top cybersecurity companies and banking IT security.
There are various cybersecurity challenges that the financial sector is facing. Firstly, the emerging technology challenges. A recent attack is that of distributed denial of service attacks that came from botnet which is made up of smart devices found on the internet of things. The perpetrator responsible for the attack then released the code in a DDOS assault at the Krebs on security website availing it to anyone who wants to use it. Mirai is a code designed to attack devices that are internet connected and protected by usernames or passwords (Choo, 2011). It is now a readily available code therefore many with the intent of hacking it can easily access. Hacker is now able to access IoT devices and sensors that are unsecured making organizations vulnerable to DDoS attacks. Such a challenge is now witnessed in the finance industry because it makes them victims due to giving their clients access to their money which is critical. A website being downed could affect customers’ transactions which would anger them.
Delegate your assignment to our experts and they will do the rest.
Secondly, is nefarious insider challenges which are mainly attacks from insider threats. 2017 is seen to be characterized by the nefarious insider challenge in most financial institutions (Betz, 2017). It is primarily done in the dark web where the perpetrators approach an insider to sell their login credentials or to sell intellectual property. The insider attack does not necessarily have to be an unhappy employee; it could be someone influenced by an outside party where they will pay the employee handsomely. It is seen that most retail banks tend to use tellers hence exposing them to such threats. According to a recent study done by scheduling-software company FMSI, it is difficult to find and retain reliable part-time tellers by most banks hence they tend to achieve undesirable results.
Tellers tend not to be happy with their jobs claiming that they are underpaid, stand throughout the day attending to persistent customers and face the risk of armed robbery. They also complain about how skilled they have to be with training becoming digital more than previously. Such a person is the appropriate target for organizations that need an informant for an attack (Power, 2002). Organizations tend to approach such people by offering them thousands of dollars to gain passwords or critical security information that could be compelling. Therefore, financial organizations are required to bolster and build insider threat detection programs currently or come across a new wave of attacks.
The third challenge is the upcoming regulations. Currently, there various regulations that are being put up by governments on how banks conduct their business. An example is given of the United States where the there is a labor department financial-advice rule that was implemented in April 2017 (Betz, 2017). It shows how customers are required to interact with their customers and wealth management advisors. The regulation is placed to create transparency between those that are saving for retirement and financial planners. Such a regulation will significantly affect financial companies for it will change how they conduct their business as an organization back-end. It will introduce current risks to organizations that lack proper communication with their current and future customers. Therefore, financial institutions in the United States together with wealth management advisors will be obligated to come up with one IT infrastructures that would lead to silos of new information.
In the EU, there is the adoption of a recent cybersecurity regulation known as the General Data Protection Regulation (GDPR) which addresses exportation of personal data outside EU which would be implemented as of early 2018 (Betz, 2017). It would influence the operation of international banks. According to Financier Worldwide, financial institutions and service providers in the financial industry tend to process a significant amount of personal information daily. The data is mainly sensitive and confidential. It means that there will be high risks and probability of attention on the sector by authorities that supervise giving a right to audit and attract administrative fines. GDPR is seen to allow administrative penalties that accumulate to a maximum of twenty million euros or a 4% of the annual turnover of the company globally. Such a fine is a high-risk bank will have to avoid or face bankruptcy or run on losses.
Reasons as to why financial services firms such as banks are targets are due to the money. According to a study done in the United States mobile giant Verizon, cyber-crimes that are financially motivated mostly account for 75% of security breaches in the country. Another factor is the ease by hackers to access the firms’ networks in the financial sector with many companies being vulnerable to security breaches. There has been the show of patience by cybercriminals in their approach to breaching in the recent years (Power, 2002). They will observe a company for weeks, months or years to gather information on the areas they are vulnerable in the systems. An example is Tesco Bank that was hacked by cyber criminals who referred to the organization as a ‘money machine’. The bank had been warned on several occasions before the attack on their lack of IT security yet they did not heed.
There are occasions where financial institutions lack awareness of the risks the firm faces in regards to cybersecurity, therefore, may not see the urgency of allocating budget to put up IT security. Due to the current rapid rise of cyber-attacks, it is recommended that firms come up with budgets to cater for IT security (Lewis, 2005). The method used by cybercriminals tend to be frequently evolving for they are now taking their time to observe firms while monitoring their weaknesses. It is common among financial firms to give access to their systems through passwords only, and this is considered unacceptable in the current IT security standards.
Another platform commonly used is the social engineering tactic which is considered as the most effective in breaching organizations. Initially, a fraudster would ring up staff members while pretending to be an IT technician giving them access to employee login details. Currently, they no longer use such methods because the tricks have been used too many times and employees are now defensive with such tricks (Lewis, 2005). Cyber-attacks mainly target employees while hackers are aware of the weaknesses employees have and therefore they can be the entry point. Currently, firms are training their employees to stay mindful of such tricks.
Some solutions are suggested to avoid cybersecurity issues. The challenges discussed above are faced in the financial sectors mainly with the common factor being transparency. They require that the security operation centres, IT security and leader have access to an openness of real-time data in regards to the network status and insider threats levels. As discussed there has been a significant increase in the number of cybersecurity concerns in the financial sector (Choo, 2011). However, in most cases, there are already security systems placed to avoid a majority of cyber-attacks. Technology is only but a tool in cybersecurity, it is high time that organizations focus on the persons using the IT systems placed. Firstly is to ensure all employees are well trained on how to use and monitor the IT infrastructures used at their place of duty. The organization is then expected to assess and understand all threats posed to their assets and primarily by the staff. Such will enhance preparedness in case of an intended attack. A recommendation is made to the implantation of ISO 27001 standard that is recognized in managing IT security in a firm (Choo, 2011). A company is also advised to have a register of all assets that it possesses, evaluate the risks facing each and determine controls to be used and mitigate them. The main problem is that most firms and banks do not understand the critical importance of cybersecurity and the influence it can have on the future of the organization. Its effect is not necessarily financially but also reputation wise where customers will lose their faith in the firm.
References
Betz, D. J. (2017). Cyberspace and the State: Towards a Strategy for Cyber-power . Routledge.
Choo, K. K. R. (2011). The cyber threat landscape: Challenges and future research directions. Computers & Security , 30 (8), 719-731.
Lewis, J. A. (2005). Aux armes, citoyens: Cyber security and regulation in the United States. Telecommunications Policy , 29 (11), 821-830.
Power, R. (2002). 2002 CSI/FBI computer crime and security survey . Computer Security Institute.