Analyzing the Cyber Security Phenomenon … Essay
Pages: 6 (2266 words) | Style: n/a | Sources: 6
Cyber-Security Causes and Effects
The finance industry has continued to receive more targeted and sophisticated attacks. Directing email phishing at customers has remained one of the most successful methods of targeting financial institutions, all through history. Nowadays, upcoming channels, like online and mobile banking, have continued to open new doors to cyber thieves. To minimize the efficiency of these attacks, banks have devised improved communication and educational tools for customers, and ways for quick intervention in the case of an attack. However, apart from creating harmful software created to hack online bank details, criminals have found ways to subvert the software and servers owned by prestigious financial institutions to make their phishing campaigns more effective; this technique is known as infrastructure hijacking (Pettersson, 2012).
The FBI has come out to say that these cybercriminals have devised new means of gaining access to the login details of banking employees by using phishing and spam emails, remote access Trojans and keystroke loggers. Attacks like these were witnessed in September 2012, when the Wells Fargo and Bank of America were among those affected (Fraud Alert, 2012). According to the Financial Services Information Sharing and Analysis Centre, the threat level has been raised from elevated to high, with reference to current reliable intelligence, with regards to the potentials for DDoS-distributed denial-of-service attacks (United States Financial Sector has increased its Cyber Threat Level from Elevated to High, 2012). This paper adopts an expository approach to give a description of cyber-attacks and compromising of data experienced in financial institutions.
Recent Historical Background of Cyber-Attacks on Financial Institutions
Cybercriminals carried out advanced offensive cyber-attacks on banks in 2014. One of the most notable cyber-attacks occurred in July 2014, and involved a massive regional banking network that was compromised by unidentified third party, which placed the accounts of over 72, 000 customers at huge risks of exposure. Investigations carried out showed that the unidentified third party could have accessed customer information, such as names, account numbers, addresses, personal identification numbers and account balances (Cordle, 2014). In a related cyber-attack, a couple of weeks later, a big national bank became a victim of one of the biggest cyber security infringements, involving an American bank, with more than 76 million household bank accounts and over 7 million small business bank accounts compromised. The cyber-attackers accessed the bank servers that played host to consumer account details. As a result of the technique employed for carrying out the cyber-attack, the attack was not detected for nearly 2 months before the bank uncovered the attack and made moves to shutdown access points of more than 90 servers. The bank collaborated with crime detectives and banking regulators, with the aim of uncovering the technique used in the attack, and made sure they addressed issues concerning the vulnerability of network systems (Glazer, 2014).
One unique type of cyber-attack that reduces the effectiveness of monitoring and maintaining adequate protocols for cyber security is that an attack can sometimes come from traditional methods that utilize a process or network system vulnerability that is not quite obvious or evident to an institution. This was the situation when a well-publicized mobile payment policy was revealed and cybercriminals adopted a technique employing identity theft, instead of hacking into the payment scheme, to utilize the sign-up process of the customer to authenticate credit cards to be used on the new payment scheme (Crossman, 2015). The cybercriminals utilized the customer's sign-up process found at the front end by accessing readily available customer details to authenticate a credit card to take part in the mobile payment scheme based on the fact that most of the banks would be encouraged to streamline the sign-up process for customer accounts, without asking for additional verification details to authenticate the credentials of the customer, i.e., to ensure that the process is as seamless as it can ever be. Consequently, despite a highly secure token security system enclosed in the mobile payment policy, cybercriminals used rudimentary means to hack into customers' bank account details towards the bank end of the entire validation process. As a result of this, the mobile bank payment provider and the banking institutions are carrying out a review of the procedures to make sure this issue does not come up ever again, which includes the likelihood of making use of PIN, the bank issues to customers to register every new card once (Paul Hastings, 2015).
Time Line on Cyber attacks
One of the foremost worms ever discovered to affect the cyber infrastructure of the world is The Morris worm-this worm spread to several computers mostly in the United States. The worm exploited the weaknesses found in the UNIX system Noun 1 and regularly replicated itself.
It slowed computers down to the point where they could no longer be used. Robert Tapan Morris created the worm-he claimed he was only attempting to discover how vast the internet was. He went down in history as the first person to be ever convicted under the United States Computer Abuse and Fraud Act. He is currently a professor at MIT.
NASA had no other option than to block all emails that had attachments before launching shuttles for the fear of being hacked.
Estonian government networks got regular harassment by a rebuff of service attacks perpetrated by unidentified foreign intruders, after the country's row with Russia, following the removal of a war monument. Some online government services got temporarily disrupted while there was a halt to online banking. These attacks were more or less like cyber riots, rather than crippling attacks, and the Estonians gave adequate responses, with some of the services relaunched within one hour or-at most -- a couple of days.
Unidentified foreign intruders hacked the unclassified email account of the United States Defense Secretary as a part of a broader series of attacks aimed at accessing and exploiting the networks at the Pentagon.
According to the Chinese Ministry of State Security, the foreign hackers, which according to them, 42% were from Taiwan, while 25% the United States, had been pilfering information from China's key areas. When CASIC-China Aerospace Science & Industry Corporation intranet network was surveyed in 2006, spywares were discovered in the computers used by some classified departments and business leaders.
The databases of the Democratic and Republican presidential campaigns were accessed and downloaded by unidentified foreign intruders.
Georgian computer networks were also hacked by unidentified foreign intruders within the period the country had hostilities with Russia. Graffiti was seen on the websites of Georgian government. Little or no services were disrupted, but the attacks, however, put the Georgian government under some political pressures and seemed to have been coordinated by the Russian military actions.
Israel's internet facility was attacked by hackers during the January 2009 military actions in Gaza Strip. These attackers had government owned websites as their major targets and were carried out on at least 5 million computers. Israeli officials had the belief that the attacks were orchestrated by a criminal group based in the erstwhile Soviet state, and sponsored by the Hezbollah or Hamas.
The Effects of Data Breaches on Insurance Costs or Sales
There are several added costs and benefits that institutions are expected to put into consideration in the current world of cyber vulnerabilities and risks. One of the costs being taken by institutions today includes cyber insurance policies that have the capacity of mitigating some of the liabilities and costs created by data breaches and cyber-attacks. Where these conventional insurance policies are not sufficient, special cyber insurance policies are now designed to cover identity theft, data breaches, business interruption, loss of data, crisis management, cyber extortion, and cyber-risks areas. Just like every other important cost decision, these institutions are expected to weigh the extent of additional insurance and ascertain whether there is justification for the cost, based on the added insurance security or not, particularly cyber insurance policy provisions (Paul Hastings, 2015). Such data breaches as a result of cyber-attacks can also result to the loss of important confidential financial or commercial information, relevant operational dysfunction, and the loss of sensitive internal files like R&D reports, technical papers, and other communications. While several people are undoubtedly affected by these cyber-attacks, they are not really dangerous to the businesses being attacked. As concluded by one article, the Home Depot hacking hardly made a dent. According to calculations, the net expenditure in relation to the breach being discussed are $28 million, which eventually stands for less than 0.01% of all Home Depot sales for the year 2014.
In a similar case, target had about $105 million in expenses related to cyber breaches, but this amount only represents about 0.1% of their total sales in 2014. Also, it must be noted that, the major metric utilized in this assessment is revenues and not just the right data like profit assessment.
According to Benjamin Dean, a Columbian University School of International and Public Affairs fellow, the stunning conclusion of an assessment proved that digging deep into the financial outputs… [END OF PREVIEW]
Cite This Paper:
APA FormatAnalyzing The Cyber Security Phenomenon. (2016, February 26). Retrieved March 23, 2017, from http://www.essaytown.com/subjects/paper/analyzing-cyber-security-phenomenon/9519771
MLA Format"Analyzing The Cyber Security Phenomenon." 26 February 2016. Web. 23 March 2017. <http://www.essaytown.com/subjects/paper/analyzing-cyber-security-phenomenon/9519771>.
Chicago Format"Analyzing The Cyber Security Phenomenon." Essaytown.com. February 26, 2016. Accessed March 23, 2017.