IT Security Sensitivity In The Financial Sector
IT Security’s importance is absolute, regardless of whether the corporate decision makers agree or not. It is the foundation where company’s survivability stands on. If a major failure occurs in the infrastructure or network that supports these IT services, it will be difficult to continue operations of any company worth its salt, and in an extreme case, the business itself may be brought to a standstill.
In addition, we are in the early days of IoT (Internet-of-Things) proliferation in the offices. In such an environment, many of the devices related to operations and services are always connected on the Internet and are exposed to external risks. One of the most exposed sectors that will negatively impact everyone if a successful infiltration cyber attack happens is the financial sector. Whether you are a student, a private sector employee, a public sector worker, an investor and banker, we are all dependent with our financial infrastructure: the banks, the lending institutions, stock brokerage companies, insurance firms they are all the foundation of our modern-day financial lives.
Unfortunately, many BCPs (Business Continuity Planning) in companies seem to be formulated on the assumption of large-scale natural disasters such as earthquakes and medical pandemics. Considering the magnitude of business impact, in addition to the current BCP that assumes large-scale natural disasters, there is also a need to formulate BCPs that assume major IT security issues that are likely to occur anytime of the day. Do we really want our financial systems getting into trouble, for the lack of IT-specific BCPs in-place?
When a company is targeted for cyber attack, the company’s brand and reputation are heavily damaged, some even went out of business, fully losing customer confidence with their products and services. We may lose the trust of society, the very fabric of our daily lives once the financial systems are subjected to disastrous levels of cyber attacks.
Here in this article we will focus on discussing DDoS attack, the targeted email attack, and the ransomware attacks against companies in general, financial firms in particular:
IT security issues carry the risk of compensation and social sanctions
There have been cases in which DDoS (Denial-of-Service) attacks were launched against a company providing an online service, and the service could not be provided for about six days after the server was shut down. Imagine it being your bank; no financial transactions are possible for such a length of time. Damage occurs every minute of downtime for lost productivity, lost investment opportunities, lost sales, and lost time to service bank customers.
In such a company, because the service is premised to be connected to the Internet, a temporary stop of service can lead to a decline in customer trust. Even more than a week of service outages can be fatal. It can be imagined that during the suspension period, there are quite a few customers who can not return as they are using other services. Depression to a victim company, fraudulent act example
In DDoS attacks, in addition to being forced to stop services, there are cases of panic that directly requests money, and while attackers start the DDoS attacks themselves. In some cases the fraudulent acts that require compensation for customers that may cost the financial firm a lot of money. This can even escalate to a point that the firm has to file bankruptcy as they can no longer monetarily recover.
Financial institutions forced to stop all ATMs
There is a possibility that a cyber attack originated a seemingly innocent-looking email and financial institutions and television stations were seriously damaged due to one of their employees opened the malicious attachment it contains. At financial institutions, ATMs installed at computers and sales offices were shut down at the same time, most common reason being a “security precaution.” Time and transaction opportunities lost from its customers can no longer be recovered, as it leaves a permanent mark of shame against the financial institution.
Ransom demand (due to Ransomware infections) are damaging
Globally speaking there have been case reports of intrusion into various networks caused by malware which encrypts the hard disk of a PC and the need for ransom in order to recover the encrypted files. At the same facility, the PCs infected are rendered unusable, with employees downgrading to the use of telephone, fax, and manual documentation procedures until all the computers involved are cleanly reformatted.
If only security measures are taken in advance against these cyber attacks, it may be thought that business impact may be reduced. It goes without saying that if thorough countermeasures are taken, the possibility of bouncing back from a huge controversy such as malware infection is possible, given enough time to recover.
Mass disinformation against a corporate target
We have all witness every day the harmful effects of fake news, and the people behind them causes terrible damage against their target entities. Financial services companies cannot possibly defend itself against all possible defamation acts of fake news makers. Given that financial entities are also public companies by nature, the stockholders’ confidence may slip, if the fake news claims “sounds correct.” Not all jurisdictions provide an anti fake news law, that is unfortunate. Hence, we can only watch this space hoping for a good development on this issue.
In addition to taking thorough defense measures, it is necessary to formulate and embody a business continuity plan that assumes “disasters” in the unlikely IT event of continual review. From the attack method and the damage case mentioned above, we at hackercombat.com think that it is possible to know how important it is to firmly build a BCP plan that can withstand even the most challenging IT security challenges. Continue reading our articles here at hackercombat.com to broaden your view of the cybersecurity world and all the IT challenges everyone faces everyday.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.