What is cyber security and why is it so important? The Cybersecurity & Infrastructure Security Agency website defines cyber security as “the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information” (Agency 2021). There are many consequences of having poor cyber security management. Doug Coleman states in his article “Consequences of poor cybersecurity management and how to avoid becoming a statistic” that some of these risks are: data loss, productivity loss due to downtime, noncompliance fines, ransomware extortion, reputational damage, and lawsuits.
According to the Massachusetts government website, there are many threats within cyber security. Some of these threats include, but are not limited to, malware, ransomware, distributed denial of service (DDoS) attack, spam, scams, phishing, social engineering, insider threat, crytojacking, state-sponsored attacks, and even IoT Attacks (Know the Types of Cyber Threats n.d.). These threats can affect anyone and everyone, including banks, if the individual or organization is not careful.
What is malware? Malware, in short, is malicious software. The Cisco website defines malware as “any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems” (Cisco n.d.). A few examples include viruses, ransomware, adware, spyware, trojan horses, viruses, and worms. The Tech Target website defines ransomware as “a type of malware that locks and encrypts a victim’s data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment” (Shea and Irei n.d.). Why should you be concerned about malware? According to the UC Santa Cruz website, malware can “provide hackers access to your computer,” “monitor your computer activity, web habits, and even your keystrokes and transmit this information without your knowledge,” “lead to identity theft,” and “delete files, format disks, lock you out of your computer, or affect your computer’s general performance” (Avoid Malware Attacks n.d.).
What is distributed denial of service (DDoS) Attack? The Fortinet website states that a distributed denial of service (DDoS) is “a cybercrime in which the attacker floods a server with internet traffic to prevent users from accessing connected online services and sites” (What is DDoS Attack? n.d.). The Cybersecurity & Infrastructure Security Agency states that denial-of-service “occurs when legitimate users are unable to access information, devices, or other network resources due to the actions of a malicious cyber threat actor.” Some services that can be affected are “email, websites, online accounts (e.g., banking), or other services that rely on the affect computer or network.” What is some common denial-of-service attacks? A couple of examples, according to the Cybersecurity & Infrastructure Security Agency website, are Smurf attacks and SYN flood (Understanding Denial-of-Service Attacks n.d.).
According to the Merriam-Webster Diction, spam is “unsolicited usually commercial messages (such as emails, text messages, or Internet postings) sent to a large number of recipients or posted in a larger number of places” (Merriam-Webster Dictionary n.d.). Scam, on the other hand is defined as “a dishonest plan for making money or getting an advantage, especially one that involves tricking people” (Cambridge Dictionary n.d.).
Phishing is defined as “a technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person” (NIST n.d.). Social engineering, on the other hand, is defined as a “the tactic of manipulation, influencing, or deceiving a victim in order to gain control over a computer system, or to steal personal and financial information. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information” (Social Engineering n.d.). Insider threats are defined as “cybersecurity threats that originate with authorized users — employees, contractors, business partners — who intentionally or accidentally misuse their legitimate access, or have their accounts hijacked by cybercriminals” (What are Insider Threats? n.d.).
Cryptojacking is defined as “a threat that embeds itself within a computer or mobile device and then uses it resources to mine cryptocurrency” (Cryptojacking n.d.). State-sponsored attacks, on the other hand, is “carried out by cyber criminals directly linked to a nation-state” and their goals include “identify and exploit national infrastructure vulnerabilities,” “gather intelligence,” and “exploit systems and people for money” (State-Sponsored Attacks and What They Mean for Your Business n.d.). And finally, IoT attacks which is “a cyberattack that targets Internet of Things systems, which include physical devices, vehicles, buildings, and other objects embedded with software the enables them to collect or exchange data” (What are IoT Attacks? n.d.).
Why should banks care about cyber security?
Without proper cyber security management banks and their customers are at risks of cyber-attacks. “With cybercriminals pursuing financial gain, data breaches have become more frequent and sophisticated, underscoring vulnerabilities in the banking sector,” according to the Fortinet article “The Evolution of Cybersecurity in Banking” (The Evolution of Cybersecurity in Banking n.d.). The article also points out that the financial sector is vulnerable to cyberthreats and data breaches. The article goes on to state that “the financial sector is a favorite target for attacks seeking financial gain, trade secrets, or service disruptions that bring publicity to social or political causes” (The Evolution of Cybersecurity in Banking n.d.).
The article also acknowledges “key cybersecurity imperative for banking” including visibility, automation and operation efficiency, flexibility, and compliance reporting. With visibility comes having “clear oversight of all network activities” and “is crucial to prevent data breaches and manage cybersecurity risks.” Automation and operational efficiency involve “integrated solutions that can automate tasks, reducing the need for manual configuration and constant monitoring.” With flexibility, “their security solutions, including policy as code practices, must be adaptable, ensuring that security policies align seamlessly with infrastructure changes.” Compliance reporting involves security teams striking “a balance between adhering to these regulations and proactively defending against cyberthreats” and “utilizing policy as code can also aid in ensuring compliance by codifying and automating policy checks” (The Evolution of Cybersecurity in Banking n.d.).
Fortinet website lists a few secure networking solutions for financial organizations. This list includes visibility, advanced protection, intelligent integration, automation, and simplified compliance. Visibility is “comprehensive oversight across the entire digital attack surface,” advanced protection is “defense mechanisms against threats that are growing in volume and sophistication,” intelligent integration is “seamless integration within a smart IT architecture,” automation is “leveraging technology to address the shortage of skilled human talent,” and finally simplified compliance is “streamlined processes to ensure adherence to data privacy regulations” (The Evolution of Cybersecurity in Banking n.d.).
Agency, Cybersecurity & Infrastructure Security. 2021. What is Cybersecurity? February 1. Accessed February 5, 2024. https://www.cisa.gov/news-events/news/what-cybersecurity.
n.d. Avoid Malware Attacks. Accessed February 5, 2024. https://its.ucsc.edu/security/antivirus.html#:~:text=Computer%20viruses%20and%20other%20malware,Lead%20to%20identity%20theft.
n.d. Cambridge Dictionary. Accessed February 5, 2024. https://dictionary.cambridge.org/us/dictionary/english/scam.
Cisco. n.d. What is Malware? Accessed February 5, 2024. https://www.cisco.com/site/us/en/learn/topics/security/what-is-malware.html.
n.d. Cryptojacking. Accessed February 5, 2024. https://www.fortinet.com/resources/cyberglossary/cryptojacking.
n.d. Know the Types of Cyber Threats. Accessed February 5, 2024. https://www.mass.gov/info-details/know-the-types-of-cyber-threats.
n.d. Merriam-Webster Dictionary. Accessed February 5, 2024. https://www.merriam-webster.com/dictionary/spam#:~:text=%CB%88spam,spam.
n.d. NIST. Accessed February 5, 2024. https://csrc.nist.gov/glossary/term/phishing#:~:text=A%20technique%20for%20attempting%20to,legitimate%20business%20or%20reputable%20person.
Shea, Sharon, and Alissa Irei. n.d. What is Ransomware? How it Works and How to Remove it? Accessed February 5, 2024. https://www.techtarget.com/searchsecurity/definition/ransomware.
n.d. Social Engineering. Accessed February 5, 2024. https://www.cmu.edu/iso/aware/dont-take-the-bait/social-engineering.html#:~:text=Social%20engineering%20is%20the%20tactic,or%20giving%20away%20sensitive%20information.
n.d. State-Sponsored Attacks and What They Mean for Your Business. Accessed February 5, 2024. https://securanceconsulting.com/state-sponsored-attacks-and-what-they-mean-for-your-business/#:~:text=State%2Dsponsored%20attacks%20(SSA),systems%20and%20people%20for%20money.
n.d. The Evolution of Cybersecurity in Banking. Accessed February 6, 2024. https://www.fortinet.com/blog/industry-trends/cybersecurity-in-banking.
n.d. Understanding Denial-of-Service Attacks. Accessed February 5, 2024. https://www.cisa.gov/news-events/news/understanding-denial-service-attacks.
n.d. What are Insider Threats? Accessed February 5, 2024. https://www.ibm.com/topics/insider-threats.
n.d. What are IoT Attacks? Accessed February 5, 2024. https://nordvpn.com/blog/iot-attacks/#:~:text=An%20IoT%20attack%20is%20a,to%20collect%20or%20exchange%20data.
n.d. What is DDoS Attack? Accessed February 5, 2024. https://www.fortinet.com/resources/cyberglossary/ddos-attack#:~:text=DDoS%20Attack%20Meaning,connected%20online%20services%20and%20sites.
Click Here For The Original Source.
————————————————————————————-