Cybersecurity In Financial Systems Module 6 PDF

Summary

This document provides an overview of cybersecurity in financial systems. It details various aspects of cybersecurity including types, common threats, and technologies. The document also covers learning objectives and key cybersecurity technologies, with a focus on various types of cybersecurity and security considerations.

Full Transcript

CYBERSECURIT Y
IN FINANCIAL
SYSTEMS

MODULE 6
OVERVIEW
The increase in digital cyberattacks has rendered cybersecurity a
paramount concern for enterprises and individuals.
Cybercrimes can result in financial losses, operational disruptions,
data breaches, and diminished confidence for enterprises, whereas
individuals may encounter identity theft, financial fraud, and privacy
violations.
Implementing effective cybersecurity measures is extremely tough
today due to the prevalence of devices exceeding the human population
and the increasing ingenuity of attackers.
 An effective cybersecurity strategy encompasses numerous
levels of protection across the computers, networks, applications,
or data intended for safeguarding.
A unified threat management gateway system within an
organization can automate product integrations and expedite
essential security operations: detection, investigation, and
remediation.
Individuals, procedures, and technology must synergistically align
to establish a robust defense against cyberattacks.
LEARNING OBJECTIVES
Youshould be able to do the following by the
time you finish this module:
1. Define cybersecurity; and
2. Identifythe types, common threats and
technologies of cybersecurity.
CYBERSECURIT Y
Cybersecurity encompasses the technology, methods, and regulations
designed to prevent cyberattacks or alleviate their effects. Cybersecurity
seeks to safeguard computer systems, applications, devices, data, financial
assets, and individuals from ransomware, malware, phishing schemes, data
breaches, and other cyber threats.
Cybersecurity involves safeguarding systems, networks, and programs from
digital assaults. These cyberattacks typically target the acquisition,
alteration, or destruction of sensitive information; extortion of funds from
users via ransomware; or disruption of standard corporate operations.
 Cybersecurity comprises a series of processes, optimal practices, and
technological solutions designed to safeguard essential systems and
networks against digital assaults. With the proliferation of data and the
increasing number of individuals working and connecting remotely,
malicious entities have devised advanced techniques to infiltrate your
resources, misappropriate data, undermine your organization, or extort
funds. Annually, the frequency of attacks escalates, and adversaries
devise novel techniques to circumvent detection.
A robust cybersecurity program encompasses personnel, procedures,
and technological solutions that collectively mitigate the risk of
operational disruptions, financial loss, and reputational harm resulting
from an attack.
WHAT CONSTITUTE AN EFFECTIVE
CYBERSECURIT Y DEFENSE?

1. People;
2. Processes; and
3. Technology
PEOPLE
Users must comprehend and adhere to
fundamental data protection and privacy
security principles, such as selecting robust
passwords, exercising caution with email
attachments, and performing data backups.
PROCESSES
Organizations must establish a framework for addressing
both attempted and successful cyberattacks.
The esteemed NIST cybersecurity framework can provide
guidance. It elucidates the methods for identifying
assaults, safeguarding systems, detecting and responding
to threats, and recovering from successful breaches.
TECHNOLOGY
Technology is crucial for providing organizations and individuals with the
cybersecurity capabilities necessary to safeguard against cyberattacks.
Three (3) primary entities require protection:
1. Endpoint devices such as computers, smart devices, and routers;
2. Networks; and
3. The cloud.

Prevalent technologies employed to safeguard these entities encompass
next generation firewalls, Domain Name System (DNS) filtering, malware
protection, antivirus software, and email security solutions.
T YPES OF CYBERSECURIT Y
Comprehensive cybersecurity plans safeguard all layers of an organization’s IT
infrastructure from cyber threats and cybercrime.
Key domains in cybersecurity encompass:
1. AI security;
2. Critical infrastructure security;
3. Network security;
4. Endpoint security;
5. Application security;
6. Cloud security;
7. Information security; and
8. Mobile security.
AI SECURIT Y
AI security encompasses strategies and technologies designed to
prevent or alleviate cyber threats and assaults directed at AI
applications or systems, or those that exploit AI for illicit gains.
Generative AI provides threat actors with innovative attack routes to
exploit. Malicious actors can employ harmful prompts to control AI
applications, compromise data sources to distort AI results, and
deceive AI tools into disclosing confidential information. They have the
capability to utilize generative AI to produce dangerous malware and
phishing emails.
CRITICAL INFRASTRUCTURE SECURIT Y
Critical infrastructure security safeguards the computer systems,
applications, networks, data, and digital assets essential for
national security, economic stability, and public safety.
The National Institute of Standards and Technology (NSIT) in the
United States provides a cybersecurity framework to assist IT
providers and stakeholders in safeguarding critical infrastructure.
The Cybersecurity and Infrastructure Security Agency (CISA) of
the US Department of Homeland Security also offers guidelines.
NET WORK SECURIT Y
Network security aims to prevent illegal access
to networks and their resources. It also
guarantees that authorized users possess secure
and dependable access to the resources and
assets necessary for their tasks.
ENDPOINT SECURIT Y
Endpoint security involves safeguarding devices such as
workstations, servers, and other compatible devices from
dangerous threats and cyberattacks.
Endpoint security software allows organizations to safeguard
devices utilized by employees for work or servers located on
a network or in the cloud against cyber-attacks.
APPLICATION SECURIT Y
Application security safeguards against illegal access to and
utilization of applications and associated data. It also aids in
identifying and mitigating deficiencies or vulnerabilities in
application design.
Contemporary application development methodologies like
DevOps and DevSecOps include security and security testing
into the development process.
CLOUD SECURIT Y
Cloud security protects an organization’s cloud-based services and
assets, encompassing apps, data, virtual servers, and other
infrastructure.
Cloud security fundamentally conforms to the shared responsibility
approach. The cloud provider is accountable for protecting both the
services they offer and the infrastructure that supports them.
The customer is accountable for safeguarding their data, code, and
other assets stored or executed on the cloud.
INFORMATION SECURIT Y
Information security (InfoSec) safeguards an
organization’s critical information – digital files, data,
paper documents, and physical media – against unwanted
access, utilization, or modification.
Data security, the safeguarding of digital information,
constitutes an element of information security and is the
primary emphasis of most cybersecurity-related
information security procedures.
MOBILE SECURIT Y
Mobile security includes cybersecurity techniques and
procedures tailored for smartphones and other mobile devices,
such as mobile application management (MAM) and enterprise
mobility management (EMM).
Organizations are increasingly implementing unified endpoint
management (UEM) solutions to safeguard, configure, and
oversee all endpoint devices, including mobile devices, from a
singular console.
COMMON CYBERSECURIT Y THREATS
Some of the most common types of cyberthreats include:
1. Malware;
2. Ransomware;
3. Phishing;
4. Credential theft and abuse;
5. Insider threats;
6. AI attacks;
7. Cryptojacking; and
8. Distributed denial of service (DDoS)
MALWARE
An abbreviation for “malicious software,” refers to any software code
or computer program deliberately designed to damage a computer
system or its users.
Nearly all contemporary cyberattacks incorporate some form of
malware.
Cybercriminals develop and employ malware to illicitly access
computer systems and sensitive information, commandeer systems for
remote operation, disrupt or damage systems, or extort significant
sums of money by holding data or systems hostage.
RANSOMWARE
A category of software that encrypts a victim’s data equipment,
threatening to maintain the encryption – or worse – the victim pays a
ransom to the perpetrator.
The initial ransomware assaults needed a payment for the decryption
key necessary to access the victim’s data. Beginning in 2019, nearly all
ransomware attacks employed a double extortion strategy, which
included the threat of publicly disclosing victims’ data; certain triple
extortion attacks also incorporated the threat of a distributed denial-
of-service (DDoS) attack.
PHISHING
Phishing assaults encompass emails, text messages, or voice communications that deceive
individuals into installing malware, disclosing sensitive information, or transferring
payments to unintended recipients.
Many people recognize bulk phishing scams – mass distributed deceptive communications
that seem to originate from a reputable company, prompting victims to change their
passwords or re-enter credit card details. Advanced phishing schemes, including spear
phishing and business email compromise (BEC), specifically aim at individuals or groups to
illicitly acquire highly valuable information or substantial financial assets.
Phishing represents a singular form of social engineering, a category of “human hacking”
strategies and interactive assaults that employ psychological manipulation to coerce
individuals into making imprudent decisions.
CREDENTIAL THEF T AND ABUSE
The X-Force Threat Intelligence Index revealed that identity-based
attacks, which compromise genuine user accounts and exploit their
rights, constitute 30% of all attacks. Identity-based assaults constitute
the predominant entry point into business networks.
Hackers employ many tactics to get passwords and seize control of
accounts. Kerberoasting exploits exploit the Kerberos authentication
system, frequently utilized in Microsoft Active Directory, to capture
privileged service accounts. In 2023, the IBM X-Force team observed a
100% rise in Kerberoasting occurrences.
INSIDER THREATS
Insider threats arise from authorized users – employees,
contractors, business partners – who either deliberately or
inadvertently exploit their legitimate access or have their
accounts compromised by hackers.
Insider threats are sometimes more challenging to identify than
external threats due to their resemblance to permitted activities
and their elusiveness to antivirus software, firewalls, and other
security measures designed to prevent external attacks.
AI AT TACKS
Similar to how cybersecurity experts employ AI to enhance their defenses,
hackers utilize AI to execute sophisticated assaults.
In generative AI fraud, perpetrators utilize generative AI to create counterfeit
emails, applications, and various business documents to deceive individuals
into disclosing sensitive information or transferring funds.
Hackers are utilizing firms’ AI tools as vectors for attacks. In rapid injection
attacks, adversaries employ malicious inputs to exploit generative AI
systems, resulting in the disclosure of sensitive information, dissemination
of falsehood, or more severe consequences.
CRYP TOJACKING
Occurs when hackers penetrate an
endpoint device and covertly utilize its
computing power to mine
cryptocurrencies like Bitcoin, Ether, or
Monero.
DISTRIBUTED DENIAL OF SERVICE ( DDOS)
A DDoS attack seeks to incapacitate a server, website, or network
by inundating it with excessive traffic, typically originating from a
botnet – a network of compromised systems manipulated by a
cybercriminal using malware and remote control.
The worldwide incidence of DDoS attacks surged during the
COVID-19 epidemic. Attackers are increasingly merging DDoS
operations with ransomware attacks or threatening to execute
DDoS attacks unless the target pays a ransom.
CYBERSECURIT Y MY THS
Notwithstanding the increasing number of global cybersecurity
incidents and the knowledge acquired from addressing them, many
misunderstanding endure.
Among the riskiest are:
1. Strong passwords provide sufficient security;
2. The majority of cybersecurity threats are widely recognized;
3. All cyberattacks routs are mitigated;
4. My industry is secure; and
5. Cybercriminals do not target small enterprises.
STRONG PASSWORDS PROVIDE SUFFICIENT
SECURIT Y

Robust passwords significantly impact security; for
instance, a 12-character password requires 62 trillion
times more time to decipher than a 6-character
password. However, passwords can be readily obtained
through several means, including social engineering,
keylogging malware, purchasing on the dark web, or
compensating discontented insiders to procure them.
THE MAJORIT Y OF CYBERSECURIT Y THREATS
ARE WIDELY RECOGNIZED

The cyberthreat landscape is ever evolving. Annually,
thousands of new vulnerabilities are identified in both
legacy and contemporary programs and devices.
the potential for human error, particularly by careless
workers or contractors accidentally resulting in a data
breach, continues to rise.
ALL CYBERAT TACK ROUTES ARE MITIGATED

Cybercriminals continually discover novel attack
vectors. The emergence of AI technologies,
operational technology (OT), Internet of Things
(IoT) devices, and cloud settings presents hackers
with novel options for disruption.
MY INDUSTRY IS SECURE
Each industry possesses its own cybersecurity
vulnerabilities. Ransomware attacks are now targeting
a wider array of sectors, including local governments,
charitable organizations, and healthcare institutions.
There has been a rise in assaults on supply chains,
“.gov” websites, and key infrastructure
CYBERCRIMINALS DO NOT TARGET SMALL
ENTERPRISES

Indeed, they do. The Hiscox Cyber
Readiness Report revealed that nearly
half (41%) of small enterprises in the US
encountered a cyberattack in the previous
year.
KEY CYBERSECURIT Y TECHNOLOGIES
Although each organization’s cybersecurity strategy is distinctive,
many employ these technologies and strategies to mitigate
vulnerabilities, prevent attacks, and intercept ongoing threats:
1. Security awareness training;
2. Data security tools;
3. Identity and access management;
4. Threat detection and response; and
5. Disaster recovery.
SECURIT Y AWARENESS TRAINING
Security awareness training educates people on how apparent
behaviors – such as employing identical, simplistic passwords across
many accounts and excessive sharing on social media – heighten their
personal or organizational vulnerability to attacks.
When integrated with well-considered data security rules, security
awareness training can assist employees in safeguarding sensitive
personal and organizational information. It can also assist users in
identifying and evading phishing and malware assaults.
DATA SECURIT Y TOOLS
Data security instruments, including encryption
and data loss prevention (DLP) solutions, can
assist in halting ongoing security threats or
alleviating their impacts.
DLP solutions can identify and prevent data theft
attempts, whereas encryption renders stolen data
ineffective for hackers.
IDENTIT Y AND ACCESS MANAGEMENT
Identity and Access management (IAM) encompasses the tools and methodologies
that regulate user access to resources and the permissible actions associated with
those resources.
Identity and Access Management solutions can safeguard against account theft.
Multifactor authentication necessitates that users provide multiple credentials for
login, indicating that threat actors require more than merely a password to access
an account.
Similarly, adaptive authentication systems identify when users exhibit unsafe
behavior and impose supplementary authentication difficulties prior to granting
access. Adaptive authentication can mitigate the lateral mobility of intruders who
gain access to the system.
THREAT DETECTION AND RESPONSE
Attack Surface Management (ASM) is the ongoing identification,
evaluation, mitigation, and surveillance of cybersecurity
vulnerabilities and potential routes of attack constituting an
organization’s attack surface.
In contrast to other cyberdefense fields, ASM is executed solely
from the hacker’s viewpoint rather than that of the defender. It
finds targets and evaluates dangers depending on the opportunity
they offer to a malicious assailant.
DISASTER RECOVERY
Analytics and AI-driven solutions can facilitate the
identification and response to ongoing attacks. These
technologies may encompass security information and event
management (SIEM), security orchestration, automation, and
response (SOAR), and endpoint detection and response
(EDR). Organizations generally employ these technologies
inside a structured incident response plan.
BEST PRACTICES
1. Adopt a Zero Trust security strategy;
2. Conduct regular cybersecurity training;
3. Institute cybersecurity processes; and
4. Invest in comprehensive solutions.
ADOP T A ZERO TRUST SECURIT Y STRATEGY
As enterprises increasingly implement hybrid work models that allow
workers to work both in-office and remotely, an innovative security
framework is required to safeguard individuals, devices, applications, and
data regardless of their location.
A Zero Trust framework is predicated on the notion that access requests
cannot be inherently trusted, regardless of their origin within the network.
To reduce your risk, presume a breach has occurred and thoroughly
authenticate all access requests. Implement least privilege access to grant
individuals access solely to the resources essential for their tasks, excluding
any unnecessary permissions.
CONDUCT REGULAR CYBERSECURIT Y TRAINING
Cybersecurity is not solely the obligation of security experts. Currently,
individuals utilize work and personal gadgets interchangeably, with
numerous intrusions commencing through phishing emails aimed at
employees. Even substantial, well-funded corporations are succumbing to
social engineering schemes.
Addressing cybercriminals necessitates collective efforts to enhance online
safety. Instruct your personnel on securing their own devices and enable
them to identify and resist assaults through consistent training. Evaluate the
efficacy of your program using phishing simulations.
INSTITUTE CYBERSECURIT Y PROCESSES
To mitigate your vulnerability to cyberattacks, establish
protocols that facilitate prevention, detection, and
response to an attack.
Consistently update software and hardware to mitigate
vulnerabilities and furnish explicit instructions to your
team regarding the appropriate actions to undertake in
the event of an attack.
INVEST IN COMPREHENSIVE SOLUTIONS
Technological solutions that mitigate security concerns enhance
annually. Numerous cybersecurity solutions employ artificial
intelligence and automation to autonomously identify and mitigate
attacks without human involvement.
Additional technology aids in comprehending your surroundings
through analytics and insights. Obtain a full perspective of your
environment and address coverage deficiencies with integrated
cybersecurity solutions that collaborate with your ecosystem to
protect your identities, endpoints, applications, and cloud services.
CYBERSECURIT Y CONSIDERATIONS
1. Meet customer expectations and improve trust;
2. Embed cybersecurity and privacy for good;
3. Navigate blurring global boundaries;
4. Modernize supply chain security;
5. Unlock the potential of AI carefully;
6. Supercharge security with automation;
7. Make identity individual, not institutional; and
8. Align cybersecurity with organizational resilience.
 END OF
MODULE 6