Cyber attacks in the banking sector
and sample solutions to remedy them.
- Introduction.
Banks being financial institutions that accepts deposits from the public
has become a major target for joint hacker attacks because of the large
sums of money involved. One such example took place February 2016
to the Bangladesh central bank where $100 million was stolen.
The World Economic Forum regards the threats to cybersecurity as one of
the top five global risks confronting nations of the world today.
Cybersecurity is now regarded as one of our nation’s top concerns. The
cost for establishing Cyber Security infrastructure is also staggering but
thanks to the emergence of insurance plans, the burden cost is
reduced. This also goes to show how serious the issue of Cyber Security
really is.
Currently some of the biggest threats to banks include cross-site
scripting(XSS),SQL injections and ransom wares, (I shall discuss them
below) Various counter measures have already been put in place e.g
Two factor authentication where the bank send a temporary code to the customers cell phone before allowing them to log in, this means that the hacker needs to needs to have access to both the computer and cell phone of the user.
Despite the effectiveness of this method, several banks don’t use this
method. Listed below are some of the importance of using 2FA (two
factor authentication):
(a). Customer satisfaction — 2FA allows the customers to have peace
of mind that their money is safe and secure under the watch of
their guardian angels.(banks)
(b). Liability issues — Banks that lose customer data face serious
liability cases and in some instances large lawsuits that could lead
to some to the grilling of the individuals holding managerial
positions.
(c). Cost effective — Banks that choose the right 2FA provider reduce
their worry of user protection and safety.
- Alerts — With 2FA activated a security code will be sent to you
warning that your account has been breached.
Other ways of attack include :
- Cross-site scripting or XSS for short.
XSS has been used to attack large applications from Facebook and
Google to various online money transaction platforms like Paypal.
A hacker who has successfully exploited an XSS attack can gain the
ability to do whatever the user can do and see such as viewing
sensitive details like passwords, account to posts. Prevention can be
through the following:
The user need to be careful where they input sensitive data.- Banks should sanitize the data received to ensure it does no harm
to the user.
The final mode of attack can be:
SQL injections — where malicious code is inserted into a database,
prevention can be by:
- Establishing firewalls to protect the database.
- Use trusted database protection services (one of the most prominent
being IBM Guardiam)
*Conclusion*
Banks in Kenya have over the past decade realized the importance of
security in the cyber space and have taken reasonable steps to solve
this, one among them being outsourcing banking services. Although this
may seem as a good idea, it gravely reflects on how Kenya’s Cyber
security infrastructure is still too weak.
Abbreviations
XSS — Cross-site scripting.
SQL — Structured Query Language.
IBM — International business machines.
2FA — Two factor authentication.
E.g — Example given.
