Due to the violation of security, several victims are losing money and sensitive personal data while organizations are suffering reputable damage and fines. The hackers are now reaching new and suspicious victims. 2017 was a cybercrime bumper, costing organizations 23 percent higher than in 2016. The consequences caught headlines nearly on a daily basis: there was an outcry of ransomware called WannaCry which spread globally, affecting public services and large, famous corporations. In July, a third-party supply company working with Verizon disclosed the data of up to 14 million U.S. customers.
In the financial sector, current security developments could lead to an overly optimistic picture, which in the future could lead to a spike in data breaches. Cyber attack and theft are the most likely events of natural disasters and extreme weather, with a more global impact than involuntary migration, food crises, and the spread of infectious diseases, according to the 2018 Global Risk Report of the World Economic Forum. The potential for massive damage and interruption from cyber attacks on the financial sector is obvious and IT security is crucial to business stability and plays a vital role.
It highlights, as an essential area of weakness, the high level of interconnections of networks that provide a basis for the functioning of the banking system, and the prevalence of so-called legacy systems in many institutions in its working paper “Cyber Risk for the financial sector: a quantitative evaluation framework.” Credit Moscow Bank, Russia’s seventh largest bank, has developed surveillance and fraud detection software with assets more than $30 billion.
Key technologies include next-generation firewalls that provide integrated network security platforms, such as Deep Packet Inspection (DPI) and Intrusion Prevention Systems (IPS) that include alternate security solutions for traffic filtering. Testing of Endpoint Detection & Response (EDR) technologies is carried out in several banks in Russia to adapt and learn as cyber attacks occur.
The problem is still about how organizations would deal with the 'social assault' problem. Personnel training are inevitably part of the solution, but it is easier to say than to do, to change cybersecurity behavior. The provision of training manuals for employees is by no means a guarantee of absorption and use of the information. Similarly, one-time training sessions have little effect because of the necessary concentration to consume the training, and cyber safety hygiene deteriorates inevitably throughout the year. It should be evident that the 'traditional' cybersecurity training is not enough, especially in the case of highly targeted financial institutions.