Common Information Security Threats - Ethical and Legal 1

Information Security Threats to Banking Industries

Trevor Wilkens

CMGT-400

February 20, 2016

Professor: Crosby
Common Information Security Threats - Ethical and Legal 2

Banking industries are constantly getting attacked in multiple ways on a daily basis. The three

main threats that face the banking industry are; Organized crime targeting financial institutions,

Assault on Authentication, Malware. With technology steady improving, banks somewhat has to

start adapting to the technology. The potential risks involved if any of these threats are ever used

on the banking industry's computer systems, could be wide spread. Banks could lose all

information on all transactions that have happened, they could also lose customers personal

information, and money could be rerouted to a different bank or person, wide spread identity

theft would be a major issue. There are so many things that could happen if a banks information

systems were ever breeched that most banks cringe at the thought of this ever happening. In most

cases the only thing that has happened are small cases of identity theft. Other potential threats

would be the complete shutdown of all electronic information, the banks could be breeched to

the point of a complete information systems shut down. In most cases the banks have a backup

system in place in the event of these types of security breaches as well as natural disasters.

During a security breech within the banking system everyone who does business with that bank

and other banks who do business with that bank could all be effected if the breech went far

enough before being discovered. The security teams within the banking system must always be

constantly checking for attempts or attacks on their systems. Below is a list and description of

the most common types of attacks on the banking or financial industry. Organized Crime

targeting Financial Institutions

Cyber-crimes from criminal organizations has risen over the past few years many of these have
Common Information Security Threats - Ethical and Legal 3

been located overseas and most of them have been based in Eastern Europe that hire and direct

hackers on what they want done. The statement has been made that the battle lines between

cyber-attacks by organized crime reaches far wider than just an institution's firewalls. One such

organized cybercrime unit is the Russian Business Network they are one of the more well-known

criminal organizations delving into the global networks of the financial institutions. Assault on

Authentication, these types of attacks are occurring by using the online banking sites. One such

threat is the man-in-the-browser attack this defeats the one-time-password authentication from a

dedicated token (such as the popular RSA Secure ID). The next type of attack is the call

forwarding that tops phone-based authentication as well as transaction verification using SMS or

Voice calls. The MITB attacks have already started targeting two-factor authentication that is

used to protect U.S. commercial online banking accounts. Malware

Malware is leading in the infection methods because it is a drive-by-download (meaning it takes

over a legitimate websites; routing visitors to an infection server). These attacks have doubled if

not tripled within the last 2 to 3 years. The reason these attacks have increased is the use of social

networks and being spread by these social networks. The banking industry has multiple teams of

information security specialists that work each day to minimize the attacks and to close all spots

of vulnerability that they can. The best way is to inform and teach all banking personnel what the

potential threats are and those include the corrupt banking insider. The next best thing that can be

done to prevent these attacks is the security teams monitor and watch the banking logs and check

out all suspicious activity no matter how small it may seem. The next thing is to make sure all

security software is kept up to date and that the system is being scanned daily and weekly.
 Common Information Security Threats - Ethical and Legal 4

References

banking information security. (2016). Retrieved from http://www.bankinginfosecurity.com/