Demystifying Global Cybersecurity Threats in Financial Services

The financial sector across the globe ensures sustainable growth in the economy by mobilizing investments, funds, and savings. This chapter attempts to comprehend the current state of cybersecurity within the financial services industry worldwide. The chapter explores the different aspects of global cyber-attacks in financial sectors to elucidate the salient problems, issues, threats, safeguards, and solutions. As technology is progressing, highly technology-savvy criminals are becoming a new threat in the cybercrime space. The entire industry needs an intense transformation to create innovative, state-of-the-art information, and an up-to-date architecture of cybersecurity that is capable of confronting the continuous tides of cyber-attacks and data breaches on an everyday basis. The use of security tools like proxy servers, firewalls, multi-layered email strategy, virus security software, and effective governance strategies are necessary to protect financial sectors from cyber threats and attacks.

Download Full-text

КІБЕРБЕЗПЕКА В ЦИФРОВОМУ НАВЧАЛЬНОМУ СЕРЕДОВИЩІ

Information Technologies and Learning Tools ◽

10.33407/itlt.v70i2.2876 ◽

2019 ◽

Vol 70 (2) ◽

pp. 313

Author(s):

Valeriy Yu. Bykov ◽

Oleksandr Yu. Burov ◽

Nina P. Dementievska

Keyword(s):

Cyber Security ◽

Weak Link ◽

Social Engineering ◽

Cyber Attacks ◽

Educational Process ◽

Cyber Threats ◽

Current State ◽

Psychological Tools ◽

Process Learning ◽

Cognitive Experience

The article discusses the problems of cyber-security of participants of the educational process, emphasizes the fact that these problems are not limited to the technical aspects of the protection of information resources, they must include in their entirety the following types of protection: legal, technical, informational, organizational and psychological. Among the psychological tools for securing cyber-security, it is proposed to distinguish cognitive ones, as the general population, and especially children and youth, increasingly become targets of cyber-attacks, first of all, their cognitive sphere, becoming the most vulnerable (weak) link in the network. In anthropocentric networks, which make up an ever-increasing share among common networks, the network itself acquires new properties, acting as an independent component (in addition to factors such as the network node, interface and links). Threats to participants in the educational process from the cyberspace should be regarded as passive and active, developing adequate means of protection and viability of the system "subject of educational process-learning-environment". The most significant among cyber-threats for the participants of the educational process are the social engineering methods, which knowledge and resistance can be the most effective for providing cyber-security. As part of the training of participants in the educational process on cyber-security, it is proposed to use "cyber vaccination", that is the formation of a conscious cognitive experience of staying under the influence of a cyber threat and counteracting it as a system of training activities that include, in addition to traditional methods, training of "cyber attacks", as well as the formation of knowledge and skills of resilience (recovery) in relation to cyber-threats. Further research is suggested to focus on the detailed development of types of threats to participants in the education process, as well as methods of counteraction. A special place should be a problem of resistance to cyber-threats, which can use the experience of training operators in emergent industries, including assessing the current state of the person and necessary adjustments in order to optimize its performance.

Download Full-text

Role of FS-ISAC in Countering Cyber Terrorism

Cyber Warfare and Cyber Terrorism ◽

10.4018/978-1-59140-991-5.ch011 ◽

2011 ◽

pp. 83-90

Author(s):

Manish Gupta ◽

H. R. Rao

Keyword(s):

Interest Groups ◽

Information Sharing ◽

Financial Services ◽

Cyber Attacks ◽

Cyber Terrorism ◽

Services Sector ◽

Financial Services Sector ◽

Current State ◽

Terrorist Groups

In recent times, reliance on interconnected computer systems to support critical operations and infrastructures and, at the same time, physical and cyber threats and potential attack consequences have increased. The been so great. Information sharing and coordination among organizations are central to producing comprehensive and practical approaches and solutions to combating threats. Financial services institutions present highly financially attractive targets. The financial services industry, confronts cyber and physical threats from a great variety of sources ranging from potentially catastrophic attacks launched by terrorist groups or other national interest groups to the more commonly experienced extremely targeted attacks perpetrated by hackers and other malicious entities such as insiders. In this chapter we outline structure, major components, and concepts involved in information sharing and analysis in the financial services sector. Then we discuss the relevance and importance of protecting financial services institutions’ infrastructure from cyber attacks vis-à-vis presentation of different issues and crucial aspects of current state of cyber terrorism. We also discuss role and structure of ISACs in counterterrorism; and constituents, functions, and details of FS-ISAC.

Download Full-text

Board Effectiveness: An Evaluation based on Corporate Governance Score

Think India ◽

10.26643/think-india.v18i1.7802 ◽

2015 ◽

Vol 18 (1) ◽

pp. 16-23

Author(s):

Hitesh Shukla ◽

Nailesh Limbasiya

Keyword(s):

Corporate Governance ◽

Good Governance ◽

Sustainable Growth ◽

Governance Mechanism ◽

Minority Shareholders ◽

Effective Governance ◽

Performance Orientation ◽

Corporate Governance Mechanism ◽

And Performance ◽

Ethical Governance

Growth, progress, and prosperity of any country depend highly on the corporate governance mechanism of that country. Good governance of a country helps it to sustainable growth and consistency in progress. The good governance should contribute towards the improvement in transparency, ethics, morality, and disclosure. The principles of good governance stand on honesty, trust, integrity, openness, and performance orientation. Our honorable Prime Minister Narendra bhai Modi had given the three E for good governance during his speech on Independence Day i.e. Effective Governance, Electronic Governance, and Ethical Governance. The fundamental concern of corporate governance mechanism is to ensure the protection of minority shareholders/owners of specific firms. Mechanism of a corporate governance specifies the relations among the shareholders, board of directors, and managers. The present paper is an attempt to evaluate the effectiveness of the board by calculating the corporate governance score. The mandatory and non-mandatory guidelines have been considered while assigning points to specific parameters of the corporate governance.

Download Full-text

The invisible hole of information on SMB's cybersecurity

Online Journal of Applied Knowledge Management ◽

10.36965/ojakm.2019.7(1)14-26 ◽

2019 ◽

Vol 7 (1) ◽

pp. 14-26

Author(s):

Ruti Gafni ◽

Tal Pavel

Keyword(s):

Mass Communication ◽

Cyber Attacks ◽

Communication Media ◽

Specific Information ◽

Exploratory Research ◽

Cyber Attack ◽

Public Attention ◽

Cyber Threats ◽

Accessible Information ◽

Types Of Information

Small and Medium Businesses (SMB) use Internet and computer-based tools in their daily processes, sometimes without being aware to the cyber threats, or without knowing how to be prepared in case of a cyber-attack, although they are a major target for cyber-attacks. Specific information about cybersecurity needed by SMBs, in order to cope with cyber threats, is not always available or easily accessible. In this study, a vast search of different types of information about SMBs’ cybersecurity was performed, in order to find whether a hole of accessible information exists in this area. This exploratory research covered general mass communication media channels, technological and professional cybersecurity websites, and academic journals, and found that indeed very few studies, articles and news items were published in this matter. Leveraging knowledge and awareness, diminishing the shame for reporting cyber-attacks, and increasing mass communication media interest and public attention, may be activities to cover this “invisible hole”.

Download Full-text

Cyber Attacks on Critical Infrastructure

Civil and Environmental Engineering ◽

10.4018/978-1-4666-9619-8.ch018 ◽

2016 ◽

pp. 448-465

Author(s):

Ana Kovacevic ◽

Dragana Nikolic

Keyword(s):

Control Systems ◽

Cyber Security ◽

Critical Infrastructure ◽

Cyber Attacks ◽

Cyber Attack ◽

Future Directions ◽

Infrastructure Systems ◽

Cyber Threats ◽

Scada Systems ◽

Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Download Full-text

Assessing Cyber-Worthiness of Complex System Capabilities using MBSE: A new rigorous engineering methodology

10.36227/techrxiv.14703033.v1 ◽

2021 ◽

Author(s):

Stuart Fowler ◽

Keith Joiner ◽

Elena Sitnikova

Keyword(s):

Complex System ◽

Complex Systems ◽

Systems Engineering ◽

Cyber Attacks ◽

Simulation Methods ◽

Assessment Methodology ◽

Cyber Attack ◽

Cyber Threats ◽

Attack Surface ◽

Model Based Systems Engineering

<div>Cyber-worthiness as it is termed in Australian Defence, or cyber-maturity more broadly, is a necessary feature of modern complex systems which are required to operate in a hostile cyber environment. To evaluate the cyber-worthiness of complex systems, an assessment methodology is required to examine a complex system’s or system-of-system’s vulnerability to and risk of cyber-attacks that can compromise such systems. This assessment methodology should address the cyber-attack surface and threat kill chains, including supply chains and supporting infrastructure. A cyber-worthiness capability assessment methodology has been developed based on model-based systems engineering concepts to analyse the cyber-worthiness of complex systems and present a risk assessment of various cyber threats to the complex system. This methodology incorporates modelling and simulation methods that provide organisations greater visibility and consistency across diverse systems, especially to drive cybersecurity controls, investment and operational decisions involving aggregated systems. In this paper, the developed methodology will be presented in detail and hypothesised outcomes will be discussed.</div>

Download Full-text

Cybersecurity Policy and Its Implementation in Indonesia

Journal of ASEAN Studies ◽

10.21512/jas.v4i1.967 ◽

2016 ◽

Vol 4 (1) ◽

pp. 61 ◽

Cited By ~ 1

Author(s):

Muhamad Rizal ◽

Yanyan Yani

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

The State ◽

Nation State ◽

Counter Measures ◽

Cyber Threats ◽

Unitary State ◽

The Republic ◽

The Government ◽

State Defense

The purpose of state defense is to protect and to save the integrity of the Unitary State of the Republic of Indonesia, the sovereignty of the state, as well as its security from all kinds of threats, whether they are military or non-military ones. One of the non-military threats that potentially threatens the sovereignty and security of the nation-state is the misuse of technology and information in cyberspace. The threat of irresponsible cyber attacks can be initiated by both state and non-state actors. The actors may be an individual, a group of people, a faction, an organization, or even a country. Therefore, the government needs to anticipate cyber threats by formulating cyber security strategies and determining comprehensive steps to defend against cyber attacks; its types and the scale of counter-measures, as well as devising the rules of law.

Download Full-text

Peculiarities of legal regulation of activities of the National Police of Ukraine in the field of ensuring information security in Ukraine

Law and Safety ◽

10.32631/pb.2020.4.04 ◽

2020 ◽

Vol 79 (4) ◽

pp. 32-38

Author(s):

І. Д. Казанчук ◽

В. П. Яценко

Keyword(s):

Information Security ◽

Legal Regulation ◽

Legal Analysis ◽

Legal Principles ◽

Cyber Threats ◽

Current State ◽

Effective System ◽

Definition Of ◽

Definition Of Information ◽

National Police

Based on the analysis of scientific concepts and legal principles the author has provided the definition of information security, provision of information security in Ukraine and has characterized its components. The current state of legal regulation of the organization and activity of cyberpolice units of the National Police of Ukraine has been analyzed. Particular attention has been paid to the legal analysis of the tasks, functions and structure of the Cyberpolice Department of the National Police of Ukraine. Special attention has been drawn to certain shortcomings of Ukrainian legislation in the field of ensuring information security by the police, its compliance with the norms and standards of international law. Taking into account the specifics of the tasks, the author has provided characteristics of the functions of cyberpolice units in the information sphere, which should be divided according to the purpose into: 1) basic (external), which are focused on law enforcement and preventive aspects; 2) auxiliary (intrasystem), which are focused on promoting the implementation of basic functions, the introduction of appropriate management mechanisms within the system. It has been stated that the modern system of ensuring information security and cybersecurity in Ukraine should be one effective system, consisting of such mandatory components as legal, educational and technical. It has been concluded that in order to improve the legal principles for the organization and activities of cyberpolice units of the National Police in the field of ensuring information security and counteracting cyber threats, first of all, it is necessary to optimize the organizational structure of cyberpolice, reasonably distribute the functions (powers) between cyberpolice units and other subjects combating cyber threats in Ukraine, to create appropriate conditions for reaching a qualitatively new level of interaction between them and coordination of their activities in the field of ensuring information security in modern conditions.

Download Full-text

Human Factors in Interactive Machine Learning: A Cybersecurity Case Study

Proceedings of the Human Factors and Ergonomics Society Annual Meeting ◽

10.1177/1071181321651206 ◽

2021 ◽

Vol 65 (1) ◽

pp. 1495-1499

Author(s):

Mark H. Chignell ◽

Mu-Huan Chung ◽

Yuhong Yang ◽

Greg Cento ◽

Abhay Raman

Keyword(s):

Machine Learning ◽

Human Factors ◽

Financial Services ◽

Explicit Knowledge ◽

Implicit Knowledge ◽

Cyber Attacks ◽

Transfer Data ◽

Interactive Machine Learning

Cybersecurity is emerging as a major issue for many organizations and countries. Machine learning has been used to recognize threats, but it is difficult to predict future threats based on past events, since malicious attackers are constantly finding ways to circumvent defences and the algorithms that they rely on. Interactive Machine learning (iML) has been developed as a way to combine human and algorithmic expertise in a variety of domains and we are currently applying it to cybersecurity. In this application of iML, implicit knowledge about human behaviour, and about the changing nature of threats, can supplement the explicit knowledge encoded in algorithms to create more effective defences against cyber-attacks. In this paper we present the example problem of data exfiltration where insiders, or outsiders masquerading as insiders, who copy and transfer data maliciously, against the interests of an organization. We will review human factors issues associated with the development of iML solutions for data exfiltration. We also present a case study involving development of an iML solution for a large financial services company. In this case study we review work carried out on developing visualization dashboards and discussing prospects for further iML integration. Our goal in writing this paper is to motivate future researchers to consider the role of the human more fully in ML, not only in the data exfiltration and cybersecurity domain but also in a range of other applications where human expertise is important and needs to combine with ML prediction to solve challenging problems.

Download Full-text