FINANCIAL SECTOR VULNERABILITIES IN THE MODERN WORLD 12
FinancialSector Vulnerabilities in the Modern World
FinancialSector Vulnerabilities in the Modern World
Theimportance of the financial sector in any modern day country cannotbe gainsaid as far as the health of the economy is concerned. It is acomponent of the overall economy that is fundamentally composed ofbrokers, banking institutions and money markets. It may also berecognized or defined as the interaction of markets and everythingthat is in there, within a particular regulatory framework, with theinteraction primarily involving lending and borrowing in both theshort-term and long-term. These functions are primarily accomplishedvia financial intermediaries such as banks, insurance companies,microfinance institutions and other financial institutions that offera connection between governments, firms and households in thetransfer of money from savers to borrowers for purpose of investmentand consumption.
Thefinancial sector plays a number of roles in this regard. First, itmobilizes savings through allowing individuals, companies and otherentities to save money, which may be accumulated and lent to otherfirms and individuals. In addition, the financial sector undertakesrisk management. This is particularly true of financialintermediaries that manage risk through lending to an immense numberof borrowers and covering the risk, as well as absorbing the defaultsor bad debts via interest that is earned from other loans. Further,the financial sector offers expert advice, with the financialintermediaries having the capacity to acquire information pertainingto competing investment opportunities and offering the information toindividuals thereby lowering the cost that they would have incurredin acquiring the same information. This also comes in handy inensuring that the capital from firms and individuals is efficientlyallocated and dispensed to the right and profitable projects (Reid,2004).Further, the financial sector monitors borrowers so as to determinethe creditworthiness particularly based on the manner in which theyrun their operations and their accounts. This information would beshared with other institutions so as to avert the possibility ofloaning to potential defaulters. Lastly, the financial sectorundertakes the facilitation of the exchange of services and goods, atask that is accomplished through the financial intermediariescapacity to lower the costs that would have been incurred in not onlyacquiring information but also undertaking the transactionsthemselves (Reid,2004).This is bound to trigger an increase in transactions in the long-termas it has the capacity to allow for efficiency, ease andtrustworthiness.
Giventhat financial institutions primarily deal with money and facilitatethe exchange and movement of money from one entity to another, it isnot surprising that they have been a target of criminal networks in alarge number of societies. Indeed, there have been numerous caseswhere financial institutions have fallen prey to criminals and lostsubstantial amounts of money, with little or no chance of recovery.As much as such cases are often catered for by insurance companies,they usually have the effect of triggering bad reputation anduntrustworthiness for financial institutions (Reid,2004).Indeed, it would be difficult for any individual or entity to trust afinancial institution with his or her money if it is yet to put upproper measures to avert the possibility of loss of money. In thepast, such security measures only involved having strong fences,doors and alarms, as well as a contingent of guards. However, thesituation has changed in the contemporary human society particularlyas a result of the introduction of technology in a large number offinancial institutions.
Ofcourse, the importance of information technology cannot be gainsaidas far as the efficiency of operations and profitability as aconsequence is concerned. Indeed, a large number of institutions havetaken into information technology with a view to streamlining theiroperations, enhancing the service provision, increasing the speed ofundertaking their activities, as well as reducing costs in both thelong-term and the short-term (Reid,2004).Not only do these technologies allow for enhanced productivity butalso enable clients to undertake their transactions from the comfortof their homes. While this is often seen as beneficial to thefinancial institutions and the customers, it also introduces a newform of risk particularly with regard to cyber security.
Cyberattacks underline any form of offensive maneuver that is undertakenby individuals or entire organizations targeting computer networks,computer systems and infrastructure, as well as the personal computerdevices through varied techniques of malicious acts that oftenemanate from anonymous sources. The entities either destroy, modifyor even steal information or even funds from the financialinstitutions through hacking their way into the vulnerable orsusceptible systems (Reid,2004).Cyber attacks may range from the installation of spyware on PCs toevery trying to damage entire sectors’ infrastructure.Unfortunately, the United States has seen an increase in theprevalence and sophisticated nature of the cyber attacks that areperpetrated against a large number of American financialinstitutions. Indeed, financial entities such as JPMorgan Chase,Wells Fargo among others have had their computer systems andinfrastructures compromised or breached in what may be seen as someof the most brazen and sophisticated attacks. Even more worrying isthe fact that the computer systems in these institutions have some ofthe world’s most advanced defense systems. The attacks flooded thewebsites of the banks with traffic, thereby making them unavailableto customers, as well as disrupting transactions for quite some time.Such attacks would, with no doubt, result in immense losses for thefinancial institutions, not only with regard to the amounts that areeventually siphoned off but also the lost hours of work andreputation.
Withregard to cyber attacks, there are a number of major concerns forfinancial institutions. One of the growing threats in thecontemporary world is, with no doubt, the distributed denial ofservice attacks, which are waged as a way of distracting so as toperpetrate fraud across the varied banking channels. In this case,the attackers target the online-banking site of a financialinstitution with the DDoS attack with the aim of distractingservices. Once the online banking site becomes unavailable,fraudsters would exploit the overburdened customer servicerepresentatives. As much as large scale DDoS against the largefinancial institutions often produce the most headlines, otherfinancial institutions such as credit unions, regional and communitybanks, third-party service providers, money transmitters and othershave experienced some form of breaches in the recent past. Theincrease in breadth and frequency of cyber attacks may be attributedto varied factors and players (Kizza,2006).First, unfriendly nation-states may breach systems so as to seenintellectual property or intelligence. Hacktivists, on the otherhand, aim at making political statements via disrupting the systemsand service provision in them. Lastly, cyber gangs, organized crimegroups alongside other criminals may breach systems of financialinstitutions for monetary gains such as stealing funds throughaccount takeovers or even ATM heists alongside other mechanisms. Thedecrease in the cost of technology has reduced or even eliminatedsome of the barriers to entry for cyber crime, thereby increasing theease and decreasing the costs that criminals of all types incur asthey seek new techniques for perpetrating cyber fraud. Indeed, anincreasing black market and demand for breached data only encourageswrongdoers.
Ina study undertaken by the New York State Department of FinancialServices in 2013 on cyber security with the aim of obtaininginformation pertaining to the efforts that have been undertaken toavert the possibility of cybercrime, ensure soundness and safety ofthe institutions, and protect clients in case of a breach showed thatsome are still below par (Menezes,2013).Indeed, given the dynamic nature of technology in the modern world,it is imperative that financial institutions persistently upgradetheir systems security so as to increase the defense and avert thepossibility for attacks from any entity.
Withregard to MIS systems, a wide range of financial institutions,regardless of their size, are dependent on external and internalresources so as to manage the IT systems. In the case of largefinancial institutions, 75 percent were noted to depend on acombination of outsourced vendor-provided and in-house IT systems(Menezes,2013).On the same note, 62 percent of medium and 70 percent of smallinstitutions had similar systems. Of particular note is the fact thatless than 12 percent of the financial institutions entirely depend onoutsourced IT environments.
Withregard to information security framework, about 90% of financialinstitutions have information security frameworks in areas thatinclude what is seen as the fundamental pillars for similar programsincluding information security audits, employee training and securityawareness education, risk management for cyber-risk including theidentification of key trends and risks, formal information securitypolicies, as well as incident monitoring and reporting (Menezes,2013).Of particular note is the fact that information security frameworksin large and medium institutions are well developed with 98 percentand 89 percent respectively having put in place all the five pillars(Kahate,2003).Large institutions, however, have a higher likelihood for havingadditional features incorporated in the information securityframeworks including comprehensive communications plan so as torespond to enquiries in case there is a breach.
Onthe same note, numerous security technologies that aim at enhancingsystems security and averting the possibility of cyber breach areimplemented by all institutions. Irrespective of the size, a largenumber of financial institutions report using some or even acombination of malware and spyware detection, anti-virus software,server-based access control, firewalls, intrusion prevention systems,encryption capabilities for data on transit, vulnerability scanningtools, server-based access control lists and antivirus software(Kahate,2003).Further, over 50 percent of all institutions incorporated data lossprevention tools, particularly the case for large institutions.
Responseto Threats of Cyber Attacks
Whetheror not these strategies are sufficient to avert the possibility ofattacks depends on time. As stated, technology is dynamic and thereexists a high possibility that the security systems that are in placetoday will be insufficient or inadequate to prevent attacks in thefuture. An enhanced access to systems as a result of widespreadcomputer interconnectivity comes with considerable vulnerabilities tothe computer systems of both the financial institutions and thenation at large, as well as the critical infrastructures andoperations that they prop (Reid,2004).As scholars acknowledge, the accessibility, convenience and speedthat is immensely beneficial must be properly controlled, otherwiseit would increase the number of cyber attacks where individuals andentities interfere with operations of financial institutions evenfrom remote locations for whatever reasons (Kahate,2003).Of course, there are numerous remedies that financial institutionsshould undertake so as to safeguard their securities.
First,they must have specific security standards. It is imperative thatthey secure resource in information systems so as to ensure that theyare adequately protected from threats. Securing information would notonly be achieved via the allocation of usernames and passwords ratherthere are varied factors that financial institutions have to consideras incorporated in varied privacy and date protection policies andregulations (Kizza,2006).The protection of financial institutions security systems would haveto incorporate both physical and virtual strategies.
Oncethe threats, risks and vulnerabilities of the financial institutionshave been identified, it is imperative that the entities incorporateappropriate controls and safeguards that would mitigate the differenttypes of threats. The importance of these measures is the fact thatthe protection measures of the banks form the frontline defense insecuring the crown jewels and information. Key among the protectionswould be human protection, which involves training the staff on cyberhygiene. Cyber hygiene underlines the steps that computer users musttake so as to maintain and protect the devises and systems (Dube&Gulati, 2005).A large number of organizations primarily concentrate on thetechnology component of cybersecurity while paying no cognizance tothe fact that the staff would also play a crucial role in theprotection of the financial institutions’ systems from cyberattacks. Nevertheless, safe cyber hygiene can never be the soleresponsibility of the IT department rather it is imperative thatimmense investment is made on training the employees, with the aim ofincentivizing, motivating and educating them on being vigilant and inconstant preparedness as far as cyber security is concerned (Dube&Gulati, 2005).
Inaddition, it is imperative that financial institutions develop andestablish security measures that can reliably authenticate theclients that are accessing financial services in their websites.According to the FFIEC (Federal Financial Institutions ExaminationsCouncil), the use of single factor authentication as the sole controlmechanism is insufficient for high-risk transactions that involveaccess to the personal information of consumers or even the transferof funds from one party to the other. Essentially, it is imperativethat financial institutions put in place multifactor authenticationand layered security alongside other controls that are reasonablycalculated to mitigate risks (Balladet al, 2011).Effective authentication systems are required for compliance with therequirements so as to safeguard the information of customers asstated in Gramm-Leach-Bliley Act. This would prevent terroristfinancing, money laundering, identity theft, as well as promote thelegal enforceability pertaining to electronic transactions andagreements.
Onthe same note, there are varied access controls that have to be inplace. Indeed, it is imperative that the financial institutionidentifies and separates its most crucial and sensitive informationassets from the less sensitive ones, as well as put in place multiplelayers of security so as to gain access to the critical informationassets (Lehtinenet al, 2006).In a large number of high-profile breaches that have occurred in therecent days, cyber attackers managed to gain access to sensitive datathat was stored in the same servers that had similar access levels asthe less important data. The separation of crown jewels from the lesssensitive assets mitigates against compromise for the data (Balladet al, 2011).In essence, it is imperative that the financial institutions put inplace some processes that would allow for the tracking, regulation,prevention, appropriate and secure access to the sensitiveinformation and other assets, while deciding the employees that needand are entitled to access the information assets. Controlling accessto the network resources would allow the financial institutions torestrict misconfigured and unhealthy network clients from gettinginto the system (Cronin,1998).
Onthe same note, it is imperative that financial institutions establishdata security protocols that will protect their data. Bankingregulators have come up with supervisory guidance and regulationsthat lay emphasis on the obligation or responsibility of financialinstitutions to safeguard consumer information. According to fair andAccurate Credit transactions Act (2003) and Gramm-Leach-Bliley Act,it is imperative that financial institutions maintain and developeffective information security programs that are customized to meetthe complexity of their operations. Further, they must require theservice providers that can access their customer information to putspecific appropriate steps so as to safeguard the confidentiality andsecurity of the information (Lehtinenet al, 2006).This requirement must be part of the contract between the financialinstitutions and the service providers. Some of the data securitytechniques that must be put in place may include data encryption,which comes in handy particularly in instances where sensitive datais being transferred from one location to another through computernetworks (Cronin,1998).In addition, financial institutions must ensure that in instanceswhere they offer their consumers a wireless network in the physicaloffices and branches that the public network is distinctive from theprivate networks of institutions and that every other staff-connecteddevice that has critical data is only connected to the privatenetwork (Antonakos&Mansfield, 2009).Ensure that the private network is secure and that theinternet-connected devices to the private network have the sufficientanti-malware protections.
These,however, should be complemented by detection capabilities. Cyberattackers often attempt to exploit the vulnerabilities that they cancome across, in which case the IT staff mist detect the intrusionsboth outside and inside the network. Essentially, the IT staff musthave a thorough comprehension of the components of the assetinventory, as well as the associated risks. Appropriate safeguardmust be in place to ensure that the bank assets are protected. Thedetection would have to incorporate some capability to monitor anydeviations from the normal operations (Antonakos&Mansfield, 2009).Varied sensors and controls that automatically limit or preventunauthorized access to computer information, systems and networks canbe used in this case, including intrusion detection systems,integrity monitoring tools, configuration management tools, networkbehavior anomaly detection tools, as well as Log analyzers orSecurity Information and Event Management. These would come in handyin safeguarding the integrity of the systems and ensuring that theapplications and operations undertaken in the system are appropriateand bear no threat to the bank’s computer systems or the consumerinformation.
Antonakos,J. L., & Mansfield, K. C. (2009). Computernetworking for LANs to WANs: Hardware, software and security.Clifton Park, N.Y: Cengage Delmar Learning.
Ballad,B., Ballad, T., & Banks, E. K. (2011). Accesscontrol, authentication, and public key infrastructure.Sudbury, MA: Jones & Bartlett Learning.
Cronin,M. J. (1998). Bankingand finance on the Internet.New York Toronto: J. Wiley.
Dube,D. P., & Gulati, V. P. (2005). Informationsystem audit and assurance.New Delhi: Tata McGraw-Hill Pub. Co.
Kahate,A. (2003). Cryptographyand network security.New Delhi: Tata McGraw-Hill Pub.
Kizza,J. M. (2006). Computernetwork security and cyber ethics.Jefferson, NC: McFarland.
Lehtinen,R., Gangemi, G. T., & Russell, D. (2006). Computersecurity basics.Beijing [u.a.: O`Reilly.
Menezes,B. (2013). Networksecurity and cryptography.Albany, N.Y: Delmar.
Reid,P. (2004). Biometricsfor network security.Upper Saddle River, N.J: Prentice Hall PTR.
Stallings,W. (1999). Cryptographyand network security: Principles and practice.Upper Saddler River, NJ: Prentice Hall.