FORTIFYING FINANCIAL NETWORKS: A COMPREHENSIVE GUIDE TO CYBERSECURITY STRATEGIES IN BANKING
Keywords:
Cybersecurity, Financial Networks, Threat Detection, Encryption, Regulatory ComplianceAbstract
Financial institutions are prime targets for cybercriminals due to their valuable data, potential for significant payouts, and the substantial impact attacks can have on the economy and daily life. This article examines the critical components for securing financial networks, addressing key aspects such as network security architecture, insider threat mitigation, secure remote access protocols, advanced threat detection systems, comprehensive employee training programs, regulatory compliance measures, and collaboration among industry stakeholders. By implementing these strategies, financial institutions can enhance their ability to protect their digital assets, sensitive data, and network infrastructure against increasingly sophisticated cyber attacks, ultimately contributing to the overall stability and security of the financial sector
References
Demi Ben-Ari (2024). The Bank of America 2024 Data Breach and Third-Party Risk. https://panorays.com/blog/boa-data-breach-2024/
J. Treanor, "JP Morgan Chase reveals massive data breach affecting 76m households," The Guardian, Oct. 2014. [Online]. Available: https://www.theguardian.com/business/2014/oct/03/jp-morgan-chase-reveals-massive-data-breach-affecting-76m-households
Romanosky, S., Ablon, L., Kuehn, A., & Jones, T. (2019). Content analysis of cyber insurance policies: How do carriers price cyber risk? Journal of Cybersecurity, 5(1), tyz002. https://academic.oup.com/cybersecurity/article/5/1/tyz002/5366419
Puja Mahendru (2023). The State of Ransomware in Financial Services 2023. Sophos News. https://news.sophos.com/en-us/2023/07/13/the-state-of-ransomware-in-financial-services-2023/
Chia-Hung Liao, Xue-Qin Guan, Jen-Hao Cheng, Shyan-Ming Yuan, "Blockchain-based identity management and access control framework for open banking ecosystem," Future Generation Computer Systems, vol. 129, pp. 16-27, Oct. 2022, https://doi.org/10.1016/j.future.2022.05.015.
Accenture, "Five steps to banking cyber resilience," Accenture Banking Blog, [Online]. Available: https://bankingblog.accenture.com/five-steps-banking-cyber-resilience
Elnagdy, S., Qiu, M., & Gai, K. (2016). Understanding taxonomy of cyber risks for cybersecurity insurance of financial industry in cloud computing. In 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud) (pp. 295-300). IEEE. https://doi.org/10.1109/CSCloud.2016.46
L. Edge, "Effective Information Security Policies for the Banking Industry," LightEdge, May 30, 2024. [Online]. Available: https://www.lightedge.com/blog/effective-information-security-policies-banking-industry/. [Accessed: Jun. 1, 2024].
Chang, V., & Ramachandran, M. (2016). Towards achieving data security with the cloud computing adoption framework. IEEE Transactions on Services Computing, 9(1), 138-151. https://doi.org/10.1109/TSC.2015.2491281
Guo, H., Cheng, H. K., & Kelley, K. (2016). Impact of network structure on malware propagation: A growth curve perspective. Journal of Management Information Systems, 33(1), 296-325. https://doi.org/10.1080/07421222.2016.1172440
Agrawal, N., & Tapaswi, S. (2019). Defense mechanisms against DDoS attacks in a cloud computing environment: State-of-the-art and research challenges. IEEE Communications Surveys & Tutorials, 21(4), 3769-3795. https://doi.org/10.1109/COMST.2019.2934468
"NIST Announces First Four Quantum-Resistant Cryptographic Algorithms," National Institute of Standards and Technology, Jul. 05, 2022. [Online]. Available: https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms. [Accessed: May 20, 2024].
Ahmadian, M. M., Shahriari, H. R., & Ghaffarian, S. M. (2015). Connection-monitor & connection-breaker: A novel approach for prevention and detection of high survivable ransomwares. In 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC) (pp. 79-84). IEEE. https://doi.org/10.1109/ISCISC.2015.7387902
Legg, P. A., Buckley, O., Goldsmith, M., & Creese, S. (2015). Automated insider threat detection system using user and role-based profile assessment. IEEE Systems Journal, 11(2), 503-512. https://doi.org/10.1109/JSYST.2015.2438442
Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N., & Robinson, S. (2017). Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. In Workshops at the Thirty-First AAAI Conference on Artificial Intelligence. https://arxiv.org/abs/1710.00811
Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., & Ochoa, M. (2019). Insight into insiders and it: A survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Computing Surveys (CSUR), 52(2), 1-40. https://doi.org/10.1145/3303771
[17] D. Lin, "Fighting Insider Threats with Data Science," LinkedIn Pulse, Oct. 23, 2018. [Online]. Available: https://www.linkedin.com/pulse/fighting-insider-threats-data-science-derek-lin. [Accessed: Jun. 1, 2024].
Warkentin, M., & Willison, R. (2009). Behavioral and policy issues in information systems security: the insider threat. European Journal of Information Systems, 18(2), 101-105. https://doi.org/10.1057/ejis.2009.12
Huth, C. L., Chadwick, D. W., Claycomb, W. R., & You, I. (2013). Guest editorial: A brief overview of data leakage and insider threats. Information Systems Frontiers, 15(1), 1-4. https://doi.org/10.1007/s10796-013-9419-8
R. Sivan and Z. A. Zukarnain, "Security and Privacy in Cloud-Based E-Health System," Symmetry, vol. 13, no. 5, p. 742, May 2021. [Online]. Available: https://www.mdpi.com/2073-8994/13/5/742. [Accessed: Jun. 1, 2024].
Claycomb, W. R., & Nicoll, A. (2012). Insider threats to cloud computing: Directions for new research challenges. In 2012 IEEE 36th Annual Computer Software and Applications Conference (pp. 387-394). IEEE. https://doi.org/10.1109/COMPSAC.2012.113
Bishop, M., Conboy, H. M., Phan, H., Simidchieva, B. I., Avrunin, G. S., Clarke, L. A., ... & Osterweil, L. J. (2014). Insider threat identification by process analysis. In 2014 IEEE Security and Privacy Workshops (pp. 251-264). IEEE. https://doi.org/10.1109/SPW.2014.40
Conteh, N. Y., & Schmick, P. J. (2016). Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks. International Journal of Advanced Computer Research, 6(23), 31-38. https://doi.org/10.19101/IJACR.2016.623006
Patel, A., Qassim, Q., & Wills, C. (2010). A survey of intrusion detection and prevention systems. Information Management & Computer Security, 18(4), 277-290. https://doi.org/10.1108/09685221011079199
Aljawarneh, S. A., Alawneh, A., & Jaradat, R. (2017). Cloud security engineering: Early stages of SDLC. Future Generation Computer Systems, 74, 385-392. https://doi.org/10.1016/j.future.2016.10.005
Rao, R. V., & Selvamani, K. (2015). Data security challenges and its solutions in cloud computing. Procedia Computer Science, 48, 204-209. https://doi.org/10.1016/j.procs.2015.04.171
Tøndel, I. A., Line, M. B., & Jaatun, M. G. (2014). Information security incident management: Current practice as reported in the literature. Computers & Security, 45, 42-57. https://doi.org/10.1016/j.cose.2014.05.003
Nadeem, A., & Javed, M. Y. (2005). A performance comparison of data encryption algorithms. In 2005 international Conference on information and communication technologies (pp. 84-89). IEEE. https://doi.org/10.1109/ICICT.2005.1598556
"NIST Announces First Four Quantum-Resistant Cryptographic Algorithms," National Institute of Standards and Technology, Jul. 05, 2022. [Online]. Available: https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms. [Accessed: May 20, 2024].
NIST, "Post-Quantum Cryptography," National Institute of Standards and Technology, 2022. [Online]. Available: https://csrc.nist.gov/projects/post-quantum-cryptography. [Accessed: May 20, 2024].
NIST, "CRYSTALS-Kyber," National Institute of Standards and Technology, 2022. [Online]. Available: https://csrc.nist.gov/projects/post-quantum-cryptography/selected-algorithms-2022. [Accessed: May 20, 2024].
Goddard, M. (2017). The EU General Data Protection Regulation (GDPR): European regulation that has a global impact. International Journal of Market Research, 59(6), 703-705. https://doi.org/10.2501/IJMR-2017-050
D. Waldron, "Derisking machine learning in banking," McKinsey & Company, Jun. 26, 2019. [Online]. Available: https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights/derisking-machine-learning-in-banking. [Accessed: Jun. 1, 2024].
C. Maple et al., "The AI Revolution: Opportunities and Challenges for the Finance Sector," arXiv preprint arXiv:2308.16538, 2023. [Online]. Available: https://arxiv.org/pdf/2308.16538.pdf. [Accessed: Jun. 1, 2024].
EY, "Banking risks from AI and machine learning," EY Board Matters, [Online]. Available: https://www.ey.com/en_us/board-matters/banking-risks-from-ai-and-machine-learning
Bank for International Settlements, "Cyber resilience: executive summary," Financial Stability Institute, [Online]. Available: https://www.bis.org/fsi/fsisummaries/cyber_resilience.htm
Aon, "Banks are turning to their talent to boost their cyber resilience," Aon insights, [Online]. Available: https://www.aon.com/en/insights/articles/banks-are-turning-to-their-talent-to-boost-their-cyber-resilience
Bank for International Settlements, "Cyber resilience: executive summary," Financial Stability Institute, [Online]. Available: https://www.bis.org/fsi/fsisummaries/cyber_resilience.htm
G. Capin, "Risks and challenges of AI in the financial sector," LinkedIn Pulse, Jun. 2021. [Online]. Available: https://www.linkedin.com/pulse/risks-challenges-ai-financial-sector-gayncapital
Conteh, N. Y., & Schmick, P. J. (2016). Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks. International Journal of Advanced Computer Research, 6(23), 31-38. https://doi.org/10.19101/IJACR.2016.623006
Bendovschi, A. (2015). Cyber-attacks – trends, patterns and security countermeasures. Procedia Economics and Finance, 28, 24-31. https://doi.org/10.1016/S2212-5671(15)01077-1
F. J. Novoa, "Context-Based and Adaptive Cybersecurity Risk Management Framework," Risks, vol. 11, no. 6, p. 101, Jun. 2023. [Online]. Available: https://www.mdpi.com/2227-9091/11/6/101/pdf. [Accessed: Jun. 1, 2024].
