💵Financial Technology Unit 12 – Cybersecurity & Risk in Financial Services

Key Concepts in Cybersecurity

• Confidentiality ensures sensitive information is only accessible to authorized parties (encryption)
• Integrity maintains accuracy and consistency of data throughout its lifecycle
• Availability guarantees reliable access to systems and data when needed (redundancy, backups)
• Authentication verifies the identity of users or devices before granting access (multi-factor authentication)
  • Includes methods like passwords, biometrics, and security tokens
• Authorization determines the level of access granted to authenticated users based on their roles and permissions
• Non-repudiation prevents entities from denying their actions or transactions (digital signatures, audit trails)
• Risk management identifies, assesses, and mitigates potential cybersecurity risks to an organization's assets and operations
  • Involves implementing controls and countermeasures to reduce risk exposure

Common Cyber Threats in Finance

• Phishing attacks trick users into revealing sensitive information or installing malware through fraudulent emails or websites
  • Spear phishing targets specific individuals or organizations with tailored messages
• Malware includes viruses, worms, trojans, and ransomware that disrupt systems and steal data
• Distributed Denial of Service (DDoS) attacks overwhelm servers with traffic to make services unavailable
• Advanced Persistent Threats (APTs) are long-term, targeted attacks by sophisticated adversaries to gain unauthorized access
• Insider threats involve malicious or negligent actions by employees, contractors, or partners with access to systems
• Credential stuffing uses stolen login credentials to gain unauthorized access to accounts across multiple platforms
• Business Email Compromise (BEC) scams deceive employees into transferring funds or sensitive data to attackers posing as legitimate entities
  • Often involves impersonating executives or suppliers

Regulatory Landscape

• Gramm-Leach-Bliley Act (GLBA) requires financial institutions to protect customer information and disclose data sharing practices
• Payment Card Industry Data Security Standard (PCI DSS) sets requirements for organizations handling credit card transactions
  • Includes secure storage, transmission, and processing of cardholder data
• Sarbanes-Oxley Act (SOX) mandates internal controls and financial reporting requirements for public companies
• General Data Protection Regulation (GDPR) governs the collection, use, and protection of personal data for EU citizens
• California Consumer Privacy Act (CCPA) grants California residents rights over their personal information held by businesses
• New York Department of Financial Services (NYDFS) Cybersecurity Regulation imposes cybersecurity requirements on financial services companies operating in New York
• Federal Financial Institutions Examination Council (FFIEC) provides guidance on cybersecurity risk management for financial institutions
  • Includes the Cybersecurity Assessment Tool (CAT) for self-assessment

Risk Assessment Strategies

• Identify critical assets, systems, and data that need protection
• Conduct vulnerability scans and penetration tests to identify weaknesses in security controls
• Analyze threats and vulnerabilities to determine likelihood and impact of potential incidents
• Prioritize risks based on their severity and align mitigation efforts accordingly
• Implement controls and countermeasures to reduce risk exposure (firewalls, encryption, access controls)
• Develop and test incident response plans to minimize the impact of security breaches
• Continuously monitor systems and networks for suspicious activities and anomalies
  • Includes log analysis, intrusion detection, and security information and event management (SIEM)
• Regularly review and update risk assessments to adapt to changing threat landscapes and business needs

Security Technologies and Tools

• Firewalls control network traffic and enforce security policies at the perimeter
• Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) monitor for and respond to malicious activities
• Encryption protects data confidentiality during storage and transmission (SSL/TLS, AES)
• Virtual Private Networks (VPNs) secure remote access and data transmission over public networks
• Data Loss Prevention (DLP) solutions detect and prevent unauthorized data exfiltration
• Security Information and Event Management (SIEM) collects and analyzes log data from multiple sources for threat detection
• Identity and Access Management (IAM) systems manage user identities, authentication, and access rights
  • Includes single sign-on (SSO) and role-based access control (RBAC)
• Endpoint Detection and Response (EDR) tools monitor and respond to threats on individual devices (laptops, servers)

Incident Response and Recovery

• Develop an incident response plan that outlines roles, responsibilities, and procedures for handling security incidents
• Establish an incident response team with representatives from IT, security, legal, and communications
• Identify and contain the incident to prevent further damage or spread
• Investigate the incident to determine its scope, impact, and root cause
  • Collect and preserve evidence for forensic analysis and potential legal action
• Eradicate the threat and restore affected systems to a secure state
• Communicate with stakeholders, including customers, regulators, and law enforcement as appropriate
• Conduct post-incident reviews to identify lessons learned and improve future response efforts
• Test and update incident response plans regularly through simulations and tabletop exercises

Future Trends and Challenges

• Increased adoption of cloud computing and mobile technologies expands the attack surface for cyber threats
• Internet of Things (IoT) devices introduce new vulnerabilities and challenges for securing interconnected systems
• Artificial Intelligence (AI) and Machine Learning (ML) can enhance threat detection and response but also be used by attackers
• Quantum computing may render current encryption methods obsolete, requiring the development of post-quantum cryptography
• Skill shortages in cybersecurity professionals make it difficult for organizations to recruit and retain talent
• Evolving regulatory landscape requires organizations to stay up-to-date with compliance requirements across multiple jurisdictions
• Geopolitical tensions and nation-state actors pose significant risks to critical infrastructure and financial systems
  • Includes cyber espionage, sabotage, and financial warfare

Real-World Case Studies

• 2017 Equifax data breach exposed personal information of 147 million consumers due to unpatched vulnerabilities
  • Resulted in significant financial and reputational damage, including legal settlements and regulatory fines
• 2016 Bangladesh Bank heist exploited vulnerabilities in SWIFT network to steal $81 million
• 2014 JPMorgan Chase data breach compromised accounts of 76 million households and 7 million small businesses
• 2013 Target data breach affected 41 million customer payment card accounts and 60 million customer records
  • Caused by a third-party vendor's credentials being compromised
• 2017 WannaCry ransomware attack impacted over 200,000 computers across 150 countries, including financial institutions
• 2016 Dyn DDoS attack disrupted major websites and services, including PayPal and Visa, through compromised IoT devices
• 2015 Ukrainian power grid cyberattack caused blackouts for 225,000 customers, demonstrating the vulnerability of critical infrastructure
  • Attributed to Russian state-sponsored hackers