Participants Manual Cybersecurity Access Bank 2023 PDF

ACCESS BANK PLC SCHOOL OF BANKING EXCELLENCE CYBERSECURITY © 2021 PARTICIPANT’S MANUAL Page | 1 Contents LEARNING OUTCOMES......................................................................................................................................... 4 COURSE OUTLINE................................................................................................................................................. 5 MODULE 1............................................................................................................................................................ 6 What Is Cybersecurity?....................................................................................................................................... 7 Biggest Moments in Recent Cybersecurity History 2020......................................................................................... 7 Key Concepts in Cybersecurity............................................................................................................................. 7 CYBERSECURITY GENERATIONAL LANDSCAPE................................................................................................... 8 ENCRYPTION AND DECRYPTION....................................................................................................................... 8 FIFTH GENERATION CYBER ATTACKS................................................................................................................ 10 Characteristics of Fifth Generation Cyber Attacks............................................................................................ 10 IMPORTANCE OF CYBERSECURITY.................................................................................................................... 10 MODULE 2.......................................................................................................................................................... 11 PASSWORD MANAGEMENT............................................................................................................................. 12 PASSWORD MANAGEMENT BEST PRACTICES................................................................................................... 12 AUTHENTICATION........................................................................................................................................... 13 MULTI-FACTOR AUTHENTICATION..................................................................................................................... 13 BENEFITS OF MULTI-FACTOR AUTHENTICATION................................................................................................ 13 MODULE 3.......................................................................................................................................................... 15 RED FLAGS TO LOOK OUT FOR IN PHISING ATTACKS....................................................................................... 15 EMAIL SECURITY TIPS....................................................................................................................................... 16 MODULE 4.......................................................................................................................................................... 17 INTRODUCTION.............................................................................................................................................. 17 FIREWALLS...................................................................................................................................................... 17 Page | 2 ANTIVIRUS SOFTWARE................................................................................................................................... 18 Use of Firewalls................................................................................................................................................ 19 Importance of Firewalls..................................................................................................................................... 20 OTHER IMPORTANT CYBERSECURITY TOOLS................................................................................................... 21 MODULE SUMMARY........................................................................................................................................ 22 MODULE 5.......................................................................................................................................................... 23 PRINCIPLES OF CYBERSECURITY...................................................................................................................... 23 Principles of Cybersecurity................................................................................................................................. 24 MODULE 6.......................................................................................................................................................... 27 CYBER THREATS IN FINANCIAL SERVICES.......................................................................................................... 27 INTRODUCTION.............................................................................................................................................. 27 ETHICAL PRINCIPLES SPECIFIC TO SAFEGUARDING DATA CONFIDENTIALITY AND PRIVACY............................ 28 Data De-Identification....................................................................................................................................... 29 Ethical Data Sharing and Collaboration............................................................................................................. 29 AVOIDING CONFLICT OF INTEREST................................................................................................................. 31 Ethical hacking and penetration testing............................................................................................................... 31 Ethical hacking and penetration testing............................................................................................................... 32 WHISTLEBLOWER PROTECTION...................................................................................................................... 33 Page | 3 LEARNING OUTCOMES  Have an understanding of the importance of cybersecurity to Access Bank  Identify cybersecurity threats in the work and personal environment  Have an understanding of preventive measures to guard against security vulnerabilities  Understand how to apply cybersecurity principles in the work environment Page | 4 COURSE OUTLINE Page | 5 MODULE 1 MODULE 1 Understanding the fundamentals of Cybersecurity Page | 6 What Is Cybersecurity? Biggest Moments in Recent Cybersecurity History 2020 Video Which of the examples was the most dangerous? Which was the costliest in dollars terms? Which had the greatest impact on reputation? What do these examples tell us about cybercrime? What conclusions can we draw? Key Concepts in Cybersecurity Page | 7 Confidentiality, Integrity, and Availability (CIA Triad) Confidentiality: Protecting data from unauthorized access  Encryption  Access controls Integrity: Ensuring data is accurate and unaltered  Data hashing  Digital signatures Availability: Ensuring data and services are accessible  Redundancy  Disaster recovery planning CYBERSECURITY GENERATIONAL LANDSCAPE The Evolving Landscape of Cybersecurity 1st Generation (Traditional): Perimeter defenses (firewalls) 2nd Generation (Signature-Based): Antivirus and signature-based detection 3rd Generation (Behavioral Analysis): Anomaly detection and behavior- based analysis 4th Generation (AI and Machine Learning): Machine learning to identify threats 5th Generation (Zero Trust): Trusting nothing and verifying everything ENCRYPTION AND DECRYPTION Encryption: Converting data into unreadable format  Types: Symmetric and Asymmetric  Use cases: Secure communication, data at rest Page | 8 Decryption: Reverting encrypted data to its original form  Requires keys: Private (symmetric) or public-private (asymmetric)  Importance: Protecting data during transmission and storage RECENT CYBER SECURITY TRENDS AND INNOVATIONS Transport Layer Security Multi Factor Authentication Transport Layer Security encrypts data Multi factor Authentication ensures that users have to transferred between systems present two or more pieces of credentials Credentials can be Through encryption, TLS prevents hackers something you know (e.g. Ppassword, patterns & PIN) having access to such data. something you have (e.g., Soft or hard token) something you are (e.g., your fingerprint. Page | 9 FIFTH GENERATION CYBER ATTACKS  Cybersecurity has evolved from mere standalone attacks to large scale multi-vector attacks.  Fifth-generation attacks are characterized by the use of advanced attack tools that can target multiple entry points at once. Characteristics of Fifth Generation Cyber Attacks They are large-scale attacks. They target multiple points of entry at once (multi- vector attacks) Advanced “weapons-grade” hacking tools are used by attackers They are harder to defend against. They move very fast and can infect a large number of organizations and entities in few hours. IMPORTANCE OF CYBERSECURITY Cybersecurity protects all categories of data from theft and damage Cybersecurity enables organization defend itself against data breach campaigns High reputation and monetary cost arising from data breach Page | 10 The absence of cybersecurity can ruin customers relationship and lead to legal suits MODULE 2 MODULE 2 PASSWORD MANAGEMENT AND AUTHENTICATION Page | 11 PASSWORD MANAGEMENT Password management refers to the set of practices and tools that individuals and organizations use to create, store, and manage their passwords for various online accounts and services. It comprises of Password Creation Password Storage Password Retrieval Password Rotation Policy Enforcement PASSWORD MANAGEMENT BEST PRACTICES Strong Passwords Password Uniqueness Avoid Common Words Page | 12 Regular Updates Password Managers Two-Step Verification Security Questions Monitoring Phishing Awareness AUTHENTICATION Authentication is the process of verifying the identity of a person, system, or service. It ensures that the entity requesting access is who or what it claims to be. It is categorized is into: Something you know Something you have Something you are The combination of these methods to provide an additional layer of security,known as Multi- Factor Authentication (MFA). MULTI-FACTOR AUTHENTICATION MFA adds an extra layer of security by requiring two or more verification methods— a combination of something you know (password), something you have (a phone or a security token), or something you are (fingerprint, facial recognition). Some types of MFA are: SMS Verification Authenticator Apps Hardware Tokens Biometric Verification BENEFITS OF MULTI-FACTOR AUTHENTICATION Page | 13 Enhanced Security Reduced Risk of Phishing. Data Integrity Ease of Use Regulatory Compliance Identity Assurance Cost effective MODULE 3 Page | 14 MODULE 3 EMAIL AND SOCIAL ENGINEERING PHISHING ATTACKS Phishing is a type of cyberattack where an attacker sends a fraudulent ("spoofed") message designed to trick a victim into revealing sensitive information to the attacker. RED FLAGS TO LOOK OUT FOR IN PHISING ATTACKS Page | 15 Spelling and grammar errors in emails Urgent or threatening language Unfamiliar sender email address URLs that don’t match the supposed sender EMAIL SECURITY TIPS Use Strong Passwords: The first line of Défense for your email is a strong, unique password. Two-Factor Authentication: Enable two- factor authentication for added security. Encryption: Use email encryption for sensitive communication. Avoid Public Wi-Fi: Never access your email on an unsecured public Wi-Fi network. Attachment Safety: Don’t open attachments from unknown or untrusted sources. Log Out: Always log out from your email account when using public or shared computers. MODULE 4 Page | 16 MODULE 4 TYPES OF CYBERSECURITY TOOLS INTRODUCTION CYBERSECURITY TOOLS In this module, we will delve into the essential cybersecurity tools that are crucial for safeguarding your organization's digital assets. These tools are fundamental in protecting against cyber threats and maintaining the confidentiality, integrity, and availability of your data. FIREWALLS Page | 17 A firewall is like a digital barrier that stands guard between your internal network and the vast, potentially dangerous world of the internet. There are two main types of firewalls: Packet-filtering firewalls: Packet-filtering firewalls examine the headers of network packets to determine whether to allow or block them. Application-level firewalls: Application-level firewalls ex amine the content of network packets to determine whether to allow or block them. ANTIVIRUS SOFTWARE Antivirus software is designed to detect, prevent, and remove malicious software (malware) from your computer systems. It plays a critical role in cybersecurity by providing the following benefits: Malware Detection: Antivirus software scans files and processes in real-time, searching for known malware signatures and behaviors. Preventive Measures: It helps prevent malware infections by blocking suspicious files and websites. Regular Scanning: Antivirus programs perform regular system scans to identify and eliminate hidden threats. Updates: Regular updates are crucial to keep the antivirus software's database of known threats up-to-date. Page | 18 Firewalls Firewall is a barrier Types of firewalls A firewall is a digital barrier that protects The two main types are packet-filtering and internal networks from the internet. application-level firewalls. Firewalls examine network traffic and block unauthorized access and cyberattacks. Use of Firewalls Page | 19 Firewalls are an important tool for protecting networks from various threats by filtering traffic. Importance of Firewalls Access Control Firewalls filter incoming and outgoing network traffic, allowing only authorized traffic to pass through. Threat Detection Modern firewalls use intrusion detection to spot and block suspicious activities. Application Security Firewalls provide security at the application level against threats like malware. Firewalls are an essential security tool that control access, detect threats, and secure applications. Software Updates Page | 20 Installing the latest software updates is crucial for security and functionality. Risk Mitigation Regular Audits Patching known vulnerabilities Conduct regular audits to identify reduces the risk of cyberattacks systems and applications that exploiting those weaknesses require patches Testing Timely Deployment Before deploying patches, it's Promptly apply patches to address essential to test them in a controlled critical security vulnerabilities, environment to ensure they won't especially for high-risk systems disrupt critical operations Patch administration is crucial for maintaining a secure and functional digital environment. OTHER IMPORTANT CYBERSECURITY TOOLS Page | 21 Intrusion detection system (IDS) Monitors network traffic and system activities for malicious activity Intrusion prevention system (IPS) Blocks malicious network traffic and activities in real-time Data loss prevention (DLP) system Prevents sensitive data from leaving the network perimeter Security awareness training Educates employees on cybersecurity best practices Incident response plan Provides a framework for responding to security incidents MODULE SUMMARY In conclusion, these cybersecurity tools are vital components of any organization's cybersecurity strategy. Understanding their usage and importance is essential for safeguarding your digital assets and maintaining a secure computing environment. Remember that cybersecurity is an ongoing process, and staying vigilant is key to staying one step ahead of cyber threats. MODULE 5 Page | 22 MODULE 5 PRINCIPLES OF CYBERSECURITY PRINCIPLES OF CYBERSECURITY Page | 23 Cyber security principles provide strategic guidance on how organizations can protect their systems and data from cyber threats. The principles ensure employees are informed of the various ways they can contribute in ensuring the organization is safe from cyberattacks. Principles of Cybersecurity Confidentiality Confidentiality involves the efforts of an organization to make sure data is kept secret or private. No unauthorized sharing of data Least privilege – only HR staff should have access to personal info. Integrity Integrity involves making sure your data is trustworthy and free from tampering. The integrity of your data is maintained only if the data is authentic, accurate, and reliable. Hashing, encryption, digital certificates, or digital signatures Availability This means that systems, networks, and applications must be functioning as they should and when they should. Disaster Recovery Plan Redundant Networks, Servers and Applications Compliance Having Cybersecurity policies isn't enough Complying to these policies could be the difference between a failed and successful cyberattack Simplicity Page | 24 Development of digital systems is key to growth and profitability However, simplicity of these systems will reduce attack surface area and the risk of misconfigurations Consistency Security policies must be applied to all devices Never assume that default security capabilities are enough Separation of Duties More than one person is required to complete a process This is a fundamental fraud prevention principle Fail Secure Whenever a system fails or goes down, a backup protection plan should safeguard the system System downtimes or failures should not create vulnerabilities No Trust without Evidence Evidence must be used to measure trustworthiness All evidences required by a process or system must be provided and validated Least Privilege Basis Individuals should have only the minimum privileges necessary to perform a task This prevents system misuse and fraud Security as Overarching Design Integrate security measures from the beginning of system or software development This ensures that security is not an afterthought but an inherent part of the design and development process Vendor Security Assess and monitor the security practices of third- party vendors and service providers who have access to your systems or data. Ensure they adhere to security standards. Incident Security Timely response is crucial to mitigating the impact of cyberattacks Develop a well-defined incident response plan that outlines how to detect, respond to, and recover from security incidents. Secure by Default Page | 25 Systems must be as secure as possible by default Security features must be built into devices without the need of add-ons YOU ARE A TARGET! MODULE 6 Page | 26 MODULE 6 ETHICAL CONSIDERATION IN CYBERSECURITY CYBER THREATS IN FINANCIAL SERVICES INTRODUCTION Page | 27 Ethical considerations in cybersecurity are of utmost importance, especially in the banking industry, where trust and responsible handling of sensitive information are critical. Ethical practices guide cybersecurity professionals’ organizations in making morally sound decisions and actions regarding information security, Ethical principles specific to safeguarding data confidentiality and privacy In the banking industry, maintaining data confidentiality and privacy protection is not only a legal requirement but also a moral obligation. Ethical considerations guide how banks handle sensitive customer data, ensuring responsible practices that respect individuals' rights and privacy. ETHICAL PRINCIPLES SPECIFIC TO SAFEGUARDING DATA CONFIDENTIALITY AND Page | 28 PRIVACY Data De-Identification Protect the identity of individuals by de- identifying or anonymizing data when possible. Banks should de-identify data to prevent the exposure of personal information while still allowing for legitimate business analysis. Ethical Data Sharing and Collaboration Collaborate responsibly with third parties and share data ethically. Banks should ensure that data- sharing agreements with partners and vendors uphold the same ethical standards for data confidentiality and privacy. Ethical principles specific to safeguarding data confidentiality and privacy Data Ethics Training Provide data ethics training to employees and foster a culture of ethical data handling. Banks should invest in training and awareness programs to educate employees about data ethics, privacy, and confidentiality. Transparency and Accountability in Data Confidentiality and Privacy Protection Transparency and accountability are ethical principles that hold great significance in ensuring data confidentiality and privacy protection in the banking sector. These principles promote trust between banks and their customers while ensuring that banks take responsibility for safeguarding sensitive information. Transparency: Transparency refers to the clear and open communication of an organization's data handling practices and policies. In the context of banking and data confidentiality, transparency involves providing customers with a comprehensive understanding of how their data is collected, used, and protected. Page | 29 Accountability: Accountability involves taking responsibility for the security and privacy of customer data. When data breaches or privacy violations occur, banks are ethically obligated to respond promptly, take corrective actions, and mitigate harm to affected individuals. Honesty and Integrity: Honesty and integrity are fundamental ethical principles that guide the behaviour of individuals and organizations, including those in the banking sector. These principles underscore the importance of truthfulness, sincerity and ethical conduct in all banking activity. Page | 30 AVOIDING CONFLICT OF INTEREST Avoiding conflicts of interest is a crucial ethical principle in the banking industry. It requires individuals and organizations to act in the best interests of customers and stakeholders, without compromising their duties due to personal gain or conflicting interests. 1. Fair Lending Practices Banks should avoid conflicts of interest when granting loans, ensuring that lending decisions are based on creditworthiness and not personal relationships or interests. 2. Investment Advisory Services Banks offering investment advice must prioritize the financial well-being of clients over the potential for commissions or fees generated by recommending specific investments. 3. Third-Party Relationships When engaging with third-party vendors, banks should select partners based on their ability to provide quality services rather than personal connections or incentives Ethical hacking and penetration testing Ethical hacking and penetration testing are essential practices in the banking sector to identify and rectify vulnerabilities in digital systems applications, and networks. Responsible disclosure is an ethical framework that guides how security researchers, including ethical hackers and penetration testers, report and handle vulnerabilities they discover. Purpose Scope Methods Authorizatio n Page | 31 Ethical hacking and penetration testing Responsible disclosure is an ethical practice that guides how security researchers report discovered vulnerabilities to the affected organizations, allowing them time to address and fix the issues. Page | 32 WHISTLEBLOWER PROTECTION Whistleblower protection is a crucial ethical and legal framework in the banking industry that safeguards employees and individuals who report unethical or illegal activities within the organization. This protection encourages individuals to come forward with information about wrongdoing without fear of retaliation. Importance Of Whistleblowing in Banking Fraud and Misconduct Detection: Whistleblowers often play a crucial role in uncovering financial misconduct, fraud, and unethical practices within banks. Their reports can lead to the prevention or early detection of issues that could harm the bank's reputation and financial stability. Regulatory Compliance: Many banking regulations require institutions to establish whistleblower protection programs to ensure compliance. Failure to do so can result in regulatory penalties. Ethical Banking Culture: Whistleblower protection fosters an ethical banking culture by encouraging employees to act as ethical guardians and report wrongdoing, thereby promoting trust and integrity within the organization. Page | 33 THANK YOU Page | 34

Participants Manual Cybersecurity Access Bank 2023 PDF

Document Details

Tags

Related

Summary

Full Transcript