Sample Research Paper on Bank and Finance Critical Infrastructure

Bank and Finance Critical Infrastructure

Greatest Security Risk

Critical Data Manipulation and Erasure

Among the greatest security risks facing Bank and Finance Critical Infrastructure (BFCI) includes the manipulation of data or erasing of critical information. Such activities result in high risk because they weaken the availability, integrity and privacy of the data. Cyber criminals particularly can substantially threaten the reputations and finances of financial institutions and businesses. Considering the abundance of the potential profits and victims, the criminals will progressively continue targeting such entities. However, various government entities including the FBI have been on the forefront in managing such threats through proactive and innovative strategies.  In addition, the entities have been committed in ensuring the use of internet is safe, especially for the financial institutions and their clients. Moreover, the degree of complexity of malicious incidents has dramatically been increasing over the years and will continue growing. Indeed, as financial institutions and businesses continue adopting internet-based commercial systems, the chances for cyber crime both at consumer and retail levels will continue rising as well (Stagnetto-Sarmiento, 2010).

Criminals have exhibited their abilities in exploiting the online market and financial systems interfacing with the internet including ‘Automated Clearing House’ systems (ACH systems), market trade and card payments. In such cases, crimes are easily committed through exploiting system users instead of systems themselves, typically by compromising account credentials of a legitimate user. The most common outcomes of exploits done on financial institutions and payment processors include counterfeiting of the stored value cards and fraudulent monetary transfers. The resulting losses fall upon financial institutions while the consumers suffer inconveniences of replacing cards and changing accounts that are linked to the compromised information (Stagnetto-Sarmiento, 2010).

Theft of identify and data is another key risk facing the BFCI. For example, this is common in ATM skimming whereby a criminal attaches a skimmer either on the inside or outside an ATM to pick up card numbers as well as personal identification number codes (PIN). Such a criminal can opt to sell the stolen data through the internet or produce fake cards that will help in withdrawing cash from compromised accounts. Trends indicate that technology devices used by skimmers in conducting such activities has been improving day after day. Further, the technology is being used in stealing debit and credit card data from consumers. Point of sale terminals (POS), used mostly for day to day sale operations have similarly been key targets for criminals involved in credit-card frauds resulting in massive debit and credit card compromises. The US, for example in March 2008 experienced a case where 3men received charges for hacking a number of smart cash registers for one of the US restaurant chains. The criminals used ‘sniffer’ programs in stealing payment data during the process of transferring data from POS terminals of the outlet to their corporate office. Consequently, the stolen data led to losses of about $600000 (Snow, 2011).

The third greatest risk facing BFCI include the denial of the service attacks. Brokerage and securities firms are common targets for unauthorized stock trading and market manipulation schemes. For example, in 2010, financial regulators and law enforcement agencies discovered a trend whereby criminals initiated illegal financial transactions from the compromised brokerage accounts or victim bank. The transactions went along with ‘Telephone Denial of Service’ attack (TDoS) whereby the legitimate phone lines of the victims were filled with telephone calls similar to spam to prevent brokerage firms and banks from reaching a specified victim to verify the transactions were legitimate(Snow, 2011, p.1). For example, a victim in Florida in December 2009 filed a case about the disappearance of $399,000 from his online brokerage account, following simultaneous TDoS attacks. The online withdrawals occurred in four phases, and the amount withdrawn was progressively increasing from one phase to another. The ‘Distributed Denial of Service’ attacks (DDoS) and TDoS demonstrate a desire by criminals to concentrate their attention on high-profile targets of financial sector. Such forms of malicious incidents illustrate the targeting of vital financial infrastructure by criminals plus the challenges of establishing intent and consequences. The criminals are more interested with acquiring valuable insider information than disrupting the markets.

Key Assets of the Critical Infrastructure

Data is among the major assets of the bank and finance infrastructure. Data comprises of the financial records contained within financial institutions’ computers and hardcopies. Most of the critical infrastructure’s assets comprise of business records, which exist inform of intangible computer records and fragile paper documents. Hardware and Software are similarly very crucial assets of critical infrastructure in the banking and financial sector. Financial institutions and banks require reliable, cost-effective and secure IT systems, which integrate their key banking applications while also allowing the protection of the institution’s and clients’ information (Stagnetto-Sarmiento, 2010). Hardware is the banks and financial institutions’ assets like computers, including desktops and laptops, among others. Such infrastructure assets allow for more convenient operations and access of confidential data in offices, headquarters as well as the remote branches. On the other hand, software includes all financial institutions’ operating systems that facilitate daily operations. The major banking software helps in recording and managing transactions conducted by customers in their various accounts. In this case, customers can conduct their transactions from any branch of the institution. In addition, software assets help in connecting banks’ databases to other channels like internet banking, SMS-based banking and ATMs. The financial sector seldom holds the ownership of the external systems of communications that they rely on in their daily operations. Consequently, that lack of ownership restricts the ability of the sector in directly safeguarding their vital critical communications. For this reason, the protection of banking and financial computer software and hardware may require external support (Stagnetto-Sarmiento, 2010).

Other fundamental assets of the critical infrastructure in this sector include the communication networks. Networks are essential in enabling the financial sector change their data into useful information like the security prices, sale of financial assets’ bank account balances, purchase orders as well as contractual duties including loans. Financial networks are increasingly dependent on the accessibility of telecommunication infrastructure. Although criminals may not have the ability to target the major processing centers supporting crucial financial markets, they could target telecommunication networks as a way of directly influencing the functionality of major financial players. According to Stagnetto-Sarmiento (2010), networks play a crucial role in financial firms and banks specializing in high frequency trading because it facilitates high level of time efficiency in data processing as well as transmission, which consequently affects profits. Therefore, to access such networks, most firms buy space and relocate near the main processing center of key exchanges. Such close proximity of networks increases a shared reliance on the telecommunication infrastructures that could be essential during instances of infrastructural disruptions.

Key Vulnerabilities in the Critical Infrastructure

Vulnerabilities refer to a system’s features, application and installation that can lead to degradation, loss or incapacitation to perform the designated function due to exposure to a particular hazard. In the financial and banking sector, various vulnerabilities have been identified. The major vulnerabilities, however, are linked to communication networks, corporate servers, software, hardware and operating systems as well as mobile devices. Communication networks in financial institutions are vulnerable to destruction, thereby interfering with the communication process within the financial institutions. Eun-suk et al (2013) stated that the networks can be attacked by groups or individuals with malicious intent including terrorism, foreign intelligence or crime. The sector’s ability for economic disruptions and monetary gains increases its vulnerabilities. For instance, telecommunication infrastructure destruction can disrupt telephone connections that can create bottlenecks in financial transactions processing thereby resulting in short-term but severe liquidity dislocation for financial institutions. Therefore, this implies that cyber or physical disruptions can interfere with the progress of financial operations (Carlyle et al, 2011).

Corporate servers similarly suffer vulnerabilities linked to denial of service attacks, fraud, theft, hacking, vandalism as well as malware including viruses, Trojan horses, spyware and worms. Businesses that are dependent on the web-based transactions are vulnerable and will continue being vulnerable to DoS attacks. The attack scripts are increasingly common and are the simplest and most effective attacks over the Web. The corporate srvers do not necessarily suffer damages but access paths to the corporate site are simply filled with incoming packes that are not legitimate customer orders. Intermediary sites are compromised creating more channels for the DDoS attacks (Tront & Marchany, 2012). Hackers can start fraudulent orders from the system of a victim without the e-commerce corporate server detecting that the order was illegitimate or fake. Corporate servers also experience fraudulent activities, theft of essential data as well as vandalism. Criminals manipulate security systems of the server like the ones established in safeguarding electronic transfer of funds. The greatest frauds involve alteration or interception of the electronic data messages delivered from financial institutions computers.

Further, corporate servers can be attacked by hackers, who illegally access an institution’s computer system by identifying security protection loopholes of their computer systems and websites. Hackers threaten the safety of computer systems, steal important data and damage the organization’s systems (Eun-suk et al, 2013). In addition, hackers can deliberately deface, disrupt or destroy the corporate website or information system. Malware are programs that harm the computer user including the computer virus, trojan horses, worms plus spyware. The programs obtain the computer-based data without authorization. Computer virus operates as programming codes that replicate themselves through initiating copying to a different program. Worms are virus that do not interfere with computer files, but thrives in an active memory, and duplicate without human intervention. Trojan horse is a program within which malicious program or harmful codes reside. Although trojan is not necessarily a virus, it provides a channel for introduction of other malicious codes to a financial institution’s computer system (Tront & Marchany, 2012).

Critical infrastructure like the operating systems, software and hardware are vulnerable to data alteration, failure, data theft or replication of data. ATMs are vulnerable to failure due to technical failure or data theft by criminals. Criminals can skim and access customers’ card numbers and pin and sell the stolen information or produce fake cards to facilitate money withdrawals from the affected accounts. The banks’ operating systems are also vulnerable especially when it involves insider access. Individuals that can directly access major processing centers can steal the institution’s intellectual property (IP), confidential data or insider information that can probably damage the organization’s reputation (Snow, 2011). Moreover, such an individual can take advantage of the data to influence stock prices or provide a competitive advantage to other organizations. Further, production, packaging and the distribution of fake hardware or software employed by critical financial networks or financial institutions by criminals can lead to compromised proprietary data, total system failure or system disruption. Technical and physical access of the financial institutions can be done through compromising trusted suppliers of computers, technical and security equipment, hardware and software.

Portable devices are vulnerable to theft in that third parties could use them in accessing an organization’s networks. According to Eun-suk et al (2013), the vulnerability level especially increases because mobile devices have become common applications in commerce, individual and government networks thereby increasing their being targeted by criminals. Moreover, the widespread mobile banking offers more opportunities for crimes. Cyber criminals successfully have demonstrated ‘man-in-the-middle’ attacks towards mobile phones using malware. Criminals install the technology on the phone using a link attached to a malicious text-message then the users are instructed to key-in all their mobile information (Carlyle et al, 2011). Considering that sometimes financial institutions use text messages in verifying online transactions started by a legal use, the infected phone forwards the critical messages to criminals thereby thwarting the institution’s/bank’s two-factor authentication. Criminals are similarly capitalizing on the application of Twitter iPhone through sending malicious tweets containing links to a certain website with a different banking Trojan. After installing, Trojan disables notifications from the Windows Security Center and Windows Task Manager in efforts of avoiding detection. Consequently, when a user performs a credit-card purchase or logs into his/her online banking account, the personally identifiable information (PII) gets into the criminals’ hands through an encrypted file (Snow, 2011).

Key Risks in the Critical Infrastructure

Assessing risks has been a long-term practice in the sector of banking and finance. The sector’s regulators meet frequently with financial institutions to establish whether new assets are essential for the sector to operate. As a result, this demands for a special focus on the possible vulnerabilities. The sector evaluates impacts based on how a specific risk can influence its ability to operate in an effective and orderly way. Moreover, such risks can affect the public’s confidence concerning the entire financial system. In this case, the major risks affecting the critical infrastructure comprise of technical risks, third party intrusion, major bulk emails and virus. Technical risks involve where the financial institutions’ operating systems suffer defects, or banks’ system failure. Such risks can negatively affect the daily banks’ operations (Eun-suk et al, 2013). Technological failures may comprise of ATM heists and hacking among others. Failure of IT systems has affected the operations of various banks. In 2012, for example, the ‘Royal Bank-Scotland’ (RBS) customers spent many days unable to reach their bank accounts following a botched systems upgrade that led to many challenges. Moreover, the increasing application of the automated high frequency systems of trading might increase technical risks further. This is primarily because of the market pressure to reduce the response period, thereby tempting banks to implement new software that had no proper safeguard and testing (Carlyle et al, 2011).

Third party’s intrusion is also a major risk within the financial sector. Deeper intrusions into the banking networks and other payments’ constituents have demanded for higher risk mitigation measures in this sector. Moreover, Eun-suk et al (2013) observed that greater concerns are rising especially concerning cyber-criminals (3rd party) transiting from disruptive attacks into attacks that cause corruption or destruction. Such threats require increased awareness and the right resources in identifying and mitigating the emerging risks. Cyber threats have emerged as the greatest operational risks facing financial institutions today and they have become sophisticated day after day. The development of mobile banking seems to have heightened third party intrusion risks.

Other key risks facing the financial sector relates to bulk emails and major virus. A virus can attack computers being used by financial institutions thereby interfering with the institution’s data or destroying the vital information completely in a way that it cannot be retrieved. Such viruses can enter the computers via e-mail messages such that after the e-mail is opened, the virus reproduces itself through accessing the address lists stored within the computer and spreading the virus to other users. According to Snow (2011), criminals can also use diverse viruses to interfere with the financial institution’s data, either to destroy it or access it from another source. Other criminals design a virus that can assist in stealing internet passwords. The virus can further modify the operating system files plus certain picture and sound files within the infected computers.

Hoax emails (phishing) are similarly common in financial institutions whereby hackers seek a customer’s details through sending emails claimed to originate from financial institutions or banks. Such emails are normally sent in bulk, requesting the recipient to avail confidential information including password, pin, customer number or username offering a link that leads to a fake website (Snow, 2011). Consequently, this enables thieves to obtain details to facilitate future fraudulent activities. Such fraudulent activities can degrade network performance by inundating the e-mail server and some web pages. Other viruses can have major effects on the program and data files of specific computer networks. The viruses, therefore, can interfere with the service delivery in financial institutions by impairing vital banking services.

Key Countermeasures in Critical Infrastructure

Physical security measures are among the key countermeasures that can be used in protecting critical infrastructure. Such measures enforce deterrence, thus denying third parties the opportunity to intrude. This also helps in delaying their activities as the authorities’ respond. The measures include ‘active network defense’ or the ‘intrusion-prevention system’. Such physical measures may involve simply turning off the connection to the internet or login out the user following sufficient suspicions through the help of an intrusion detection system. Similarly, it can involve other ways of restricting damage like denying the user specific resources, delaying them or downgrading their priority (Rowe, 2012).

Preventive efforts are also effective countermeasures for critical infrastructure. Banks and financial institutions can develop sophisticated software or control measures including intrusion detection system. The system can be helpful in discovering threats in advance. Other preventive measures may comprise of firewalls, surveillance apparatus and access control systems (Rowe, 2012). A financial institution can use computer firewall, which is a cyber-spaced system whose design aims at preventing unauthorized access especially by external users to the institution’s computers or primary server. Similarly, the institutions can establish a stand-back policy for infrastructural hazards that enable a computer user to stay away until the issue is mitigated. Web pages can be a tempting target among knowledgeable hackers that can use this channel in accessing confidential data.

Institutions, therefore, can prevent this by placing the web pages on the independent servers that provide no link into the main server. Logging helps in recording a computer network or system events, thereby producing massive amounts of data to help in setting up intrusion-detection systems (IDSs) to record and check events that may indicate an attack. Moreover, this may also help in alerting administrators regarding serious cases of intrusion. The IDs can be host-based (on individual computers) or network-based (on networks) and can serve as essential defensive tools against diverse attacks like Trojan horses. Signature checking can also be done using worm checkers and standalone virus such as the Norton Anti-Virus, which examines files within a computer system. Complex or new attacks can be done using computer forensics that inspects computer storage following an attack to establish how it was done plus the degree of damage (Rowe, 2012).

Installing backups is also an essential countermeasure because it undermines disruptions that can be triggered by intrusion while also reducing the possible losses. Such countermeasures can similarly protect vital processes during disasters and ensure the continuity of business. Considering that most attacks destroy programs and data, producing copies or backups of the digital information is critical to help in recovering from attacks. Backups should be stored away from the system currently in use. For instance, optical-disk storage is recommended for backups since it cannot be easily damaged like the magnetic media. A backup can comprise of a whole duplicate of a computer system that can help sustain a continuous operation following an attack (Rowe, 2012).

Lessons Learned

One lesson in this analysis is how to identify informational infrastructure within an organization. Therefore, this knowledge is essential in helping to determine an institution’s critical infrastructure assets including data, hardware, networks as well as software in application. The second lesson involves how to elucidate or explain infrastructure vulnerabilities to various threats and risks. Through this assessment, various critical infrastructure threats have been assessed. For instance, computer hardware is susceptible to risks of technical failure. Another lesson relates to the various strategies of protecting informational infrastructure through physical and protective measures. The measures ensure continuous business operations without disruptions and prevent loss or compromise of sensitive data.

Recommendations

  1. Financial institutions should employ an integrated approach in handling informational infrastructure threats. This will be an effective strategy in supporting security efforts on the critical infrastructure. Moreover, an integrated approach will fully assess the possible consequences of operational disruptions advanced by cyber threats and incidents. The approach will be effective in facilitating proper decisions to strengthen infrastructure resilience and security, as well as recovery and response efforts during incidents.
  2. Financial institutions should consider failures in non-technical functions such as the human actors’ mistakes, organizational and managerial failures. Most technological systems’ incidents have been largely associated with operator error. The majority of incidents result from a diverse blend of multiple factors that result from failing to consider human factors. Errors and failures generate from sophisticated operational processes, non-responsive managerial systems, poor response systems, ineffective training and non-adaptive organizational designs. For this reason, considering human factors including the organizational and managerial failures is crucial in ensuring an all-inclusive way of managing threats.

 

 

 

References

Carlyle, M., Wood, K., & Brown, G. (2011). Analyzing the Vulnerability of Critical             Infrastructure to Attack and Planning Defenses. Technological Management Journals,         3(1):1-23.

Eun-suk, C., Robles, R., & Min-kyu, C. (2013). Common Threats and Vulnerabilities of Critical        Infrastructures. International Journal of Control and Automation, 1(4):17-22.

Rowe, N. (2012). Cyber-Attacks. Retrieved from http://faculty.nps.edu/ncrowe/edg_attacks.htm

Snow, G. (2011). The Cyber Threat to the Financial Sector. Retrieved from             http://www.fbi.gov/news/testimony/cyber-security-threats-to-the-financial-sector

Stagnetto-Sarmiento, C. (2010). Critical Infrastructures and Cyber Terrorism. Infrastructure Technologies, Management and Policy, 1(1):1-20.

Tront, J., & Marchany, R. (2012). E-Commerce Security Issues. International Conference on             System Sciences Journal, 1(1):1-9.