Financial Institutions and Cybersecurity

Cybersecurity for Mistral Bank

Mistral Bank is one of the global financial services company headquartered in the United States where it is the third-largest bank holding firm and fourth-largest in assets held by deposit and market capitalization respectively. Since its inception, the company has experienced tremendous growth and profitability to an extent that it currently serves customers in over 40 countries and has significant relationships with U.S. Fortune 500 and Fortune Global 500 companies. The other factor that has contributed to the growth of Mistral Bank is mergers and acquisitions such as the acquisition of a major regional bank 6 years ago. However, the successful operations of this financial institution is threatened by cybersecurity threats, which have become common in the modern business environment. As a result, this financial institution faces the need to create a comprehensive cybersecurity plan to support its business mission by addressing cybersecurity threats. This paper focuses on discussing cybersecurity technology issues/threats in the banking and financial services sector as part of developing a cybersecurity profile to support the business mission of Mistral Bank.

Cybersecurity Technologies Used to Attack Banks and Financial Institutions

Banks and financial institutions have undertaken several measures to enhance their cybersecurity efforts in recent past given the proliferation of cybersecurity threats and issues. However, these efforts to bolster cybersecurity have not completely eliminated these threats and issues. This is primarily because criminals use different classes of cybersecurity technologies to attack banks and financial institutions. One of the major classes of cybersecurity technologies used to attack banks and financial services is computer networks. According to Snow (2011), cyber criminals are increasingly targeting computer networks of large payment processors. Through this process, the cyber criminals compromise the personal information of millions of people, which they utilize for the criminal activities. For example, in November 2008, hackers breached a company's computer system and compromised the personal information of more than 1.5 million customers, which they utilize to create fake debit cards. In the financial services sector, cyber criminals target computer networks since they store personal identifiable and financial information of millions of customers. In 2010, financial regulators and police agencies discovered that cyber criminals targeted computer networks through which they compromised bank or brokerage accounts and introduced unauthorized financial transactions.

The second class of cyber attack technologies used to attack banks and financial institutions is the distributed denial of service (DDoS) attacks (Soto, 2016). DDoS attacks are initiated from smart devices, which release a code that can be utilized to spam some activities of a company. DDoS attacks are used by cyber criminals on high-profile financial sector companies to search for and attack devices that are safeguarded using default usernames and passwords. During this process, cyber criminals disrupt customer services provided by a bank or financial institution. The third cyber attack technology used to attack banks and financial institutions is insider attack. Cyber criminals attempt to reach out to insiders in these companies through attacks from the dark web. This process sometimes involves attempting to buy login credentials from insiders in the bank or financial institution. Fourth, cyber criminals use phishing scams to attack the personal computers of banks and financial institutions' customers. These phishing scams include viruses, fake pop-up windows, and fake emails that purport to be from the bank or financial institution trying to lure customers into providing their personal information (Price Waterhouse Coopers, 2014). Apart from luring customers into providing their personal information, phishing scams are also utilized to steal the personal information of customers of banks and financial institutions.

Cybersecurity Technologies Used in the Banking/Financial Services Sector

Companies in the banking and financial services sector have become increasingly aware of the compounding challenges relating to threats from cybercrime. Cybercrime has become a major risk factor to the successful operations of banks and financial institutions because they rely on legacy technology systems that are expensive to maintain (Snow, 2011). In light of the increased awareness of the threat of cybercrime, organizations in this industry utilize several technologies to enhance their cybersecurity. One of the cybersecurity technologies utilized in this center is authentication, which is customized for every customer. Authentication is utilized as the basis with which the bank monitors the behavior and attributes of the customer as well as the key for accessing the institution's infrastructure and data. As a result, this cybersecurity technology is utilized to provide greater protection to the institution's data.

Secondly, the center utilizes real-time analytics as a cybersecurity technology to enhance the protection of its data and customer information. Real-time analytics is carried out on the structured and unstructured datasets to help in real-time analysis of cybercrime threats. The other cybersecurity technology utilized in the center is preventative controls that range from firewalls to intrusion prevention. These preventative controls are implemented to help control access to the institution's critical infrastructure and data. These controls are installed on the institution's computer networks and infrastructure. They are geared towards preventing unauthorized access to the institution's systems as well as preventing cyber attacks like phishing scams and any other attacks carried out to compromise data.

Cybersecurity Vulnerabilities in the Banking/Financial Services Sector

Despite the numerous cybersecurity measures undertaken by companies in the banking and financial services sector, the industry is still characterized by some critical cybersecurity vulnerabilities that threaten the effective operations of these businesses. One of these critical cybersecurity vulnerabilities in the banking/financial services sector is network security issues. Network security issues emanate from the fact that organizations in this sector utilize legacy systems that are not only expensive to maintain but also provide numerous challenges to cybersecurity. Additionally, these issues are enhanced by the need for these institutions to ensure their networks are reviewed, secured, and updated, which is a complex and tedious process for banks or other financial institutions.

The second cybersecurity vulnerability is the increased technological change, which contributes to the need for a new level of vigilance in dealing with cyber attacks. Given that banks and financial institutions handle and need to protect financial assets and client data, the high speed of technological change generates numerous challenges and increases cybersecurity vulnerabilities. The third vulnerability is the ever-growing sophisticated nature of cyber threats due to rapid technological changes. Cyber criminals are increasingly taking advantage of rapid technological changes to develop sophisticated means of carrying out their activities. For instance, rapid technological change enables cyber criminals to initiate DDoS attacks using smart devices like mobile phones (Soto, 2016). The other cybersecurity vulnerability in this sector is the lack of a sophisticated threat intelligence system, which makes it difficult for banks and financial institutions to develop real-time alert database (KPMG, 2016). The lack of such a system makes it difficult for these organizations to detect and prevent an eminent cyber attack. Additionally, banking and financial institutions face vulnerabilities relating to the increased use of internet banking and mobile banking services. While internet and mobile banking offers numerous advantages to clients, they are associated with numerous cybersecurity risks because of the likelihood of attacks from cyber criminals.