IJISC
  • Indexed in

  • Latest News

    July 1, 2024
    Volume 13, Issue 1 of the International Journal of Information Security and Cybercrime was published
    December 27, 2023
    Volume 12, Issue 2 of the International Journal of Information Security and Cybercrime was published
    June 28, 2023
    Volume 12, Issue 1 of the International Journal of Information Security and Cybercrime was published
  • --- More News ---
  • Popular Articles

  • Cyber Security in Banking Sector


    Author(s): BEST, Michael; KRUMOV, Lachezar; BACIVAROV, Ioan

    Quick view | Full article | Citations | Views: 1,190


    Author(s) keywords: , , , , ,


    Reference keywords: , ,


    Abstract:

    Because banks are very often target of a cyber-attack, they have also good security controls in place. This paper analysis modern threats to banks and proposes an approach to detect and visualize the risk of data leakage. In the first part of this paper, a comparative analysis of the most common threats to the banking sector is made, based on both bank reports and cyber security companies. The authors came to the conclusion that at the bottom line, insider knowledge is necessary, which is the result of data leakage. This paper comparatively analysis modern threats to banks and shows an approach to detect and visualize the risk of data leakage. In the second part of the paper, a model - based on network graph - that can enumerate the risk of data leakage is proposed. Graphing a network of an organization with the connections of data flow between assets and actors can identify insecure connections that may lead to data leakage. As is demonstrated in this paper, financial institutions are important targets of cyber attacks. Consequently, the financial sector must invest heavily in cybersecurity and find the best ways to counter cyber attacks and cyber bank robbery attempts.



    References:

    [1]. New York Times, 2016, https://www.nytimes.com/2016/05/01/business/dealbook/hackers-81-million-sneak-attack-on-world-banking.html.

    [2]. Reuters, 2016, https://www.reuters.com/article/us-cyber-heist-philippines/bangladesh-bank-officials-computer-was-hacked-to-carry-out-81-million-heist-diplomat-idUSKCN0YA0CH.

    [3]. BAE Systems Research Blog, 2016, http://baesystemsai.blogspot.de/2016/04/two-bytes-to-951m.html.

    [4]. Bankinfosecurity 2016, https://www.bankinfosecurity.com/bangladesh-bank-heist-probe-finds-negligent-insiders-a-9586.

    [5]. Intel Security, Data exfiltration study: Actors, tactics, and detection, 2015.

    [6]. Avast, 2017, https://blog.avast.com/mobile-banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase-and-citibank-customers.

    [7]. T. Cormen, C. Leiserson, and R. Rivest, Introduction to Algorithms, Cambridge, MIT Press.

    [8]. M.Alexander, Methods for Understanding and Reducing Social Engineering Attacks, 2016, https://www.sans.org/reading-room/whitepapers/engineering/methods-understanding-reducing-social-engineering-attacks-36972

    [9]. Symantec Corporation, Financial Threats Review, 2017, https://www.symantec. com/content/dam/symantec/docs/security-center/white-papers/istr-financial-threats-review-2017-en.pdf.

    [10]. M. Best, A Graph Driven Approach to Data Leakage Prevention, 2017.

    [11]. W. Stallings, and L. Brown, Computer Security - Principles and Practice. 3. s.l, Pearson, 2015, 9781292066172.

    [12]. Lehtinen & Lonvick, The SSH-Protocol, https://tools.ietf.org/html/rfc4250.

    [13]. Rescorla: HTTP over TLS, https://tools.ietf.org/html/rfc2818.

    [14]. Information Sciences Institute, University of Southern California, TCP, https://tools.ietf.org/html/rfc793.

    [15]. OWASP, OWASP Risk Rating Methodology. [Online] [Cited: 07 14, 2017], https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology.

    [16]. E. Snowden [Cited: 03 25, 2018], https://www.nytimes.com/2014/01/02/opinion/edward-snowden-whistle-blower.html.

    [17]. C. Manning [Cited: 03.25, 2018] New York Magazine, http://nymag.com/news/features/bradley-manning-2011-7/.

    [18]. I. Bacivarov, A Regional Strategy for Cybersecurity, International Journal of Information Security and Cybercrime, Volume 4 (2015), Issue 1, pp. 5-8, ISSN: 2285-9225.



    Additional Information

    Article Title: Cyber Security in Banking Sector
    Author(s): BEST, Michael; KRUMOV, Lachezar; BACIVAROV, Ioan
    Date of Publication: 2019-12-27
    Publication: International Journal of Information Security and Cybercrime
    ISSN: 2285-9225 e-ISSN: 2286-0096
    Digital Object Identifier: 10.19107/IJISC.2019.02.04
    Issue: Volume 8, Issue 2, Year 2019
    Section: Studies and Analysis of Cybercrime Phenomenon
    Page Range: 39-52 (14 pages)



    Copyright ©2012-2024
    The International Journal of Information Security and Cybercrime (IJISC)

    All rights reserved
    The International Journal of Information Security and Cybercrime is a trademark of the Romanian Association for Information Security Assurance (RAISA).
    No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.