This document discusses cybersecurity challenges facing the banking industry. It outlines key trends driving security risks like increased mobility, cloud services, and sophisticated targeted attacks. Banks are highly targeted due to the potential for monetary rewards. The document also examines specific attack types like phishing, malware, and SWIFT network exploits. Compliance with standards like PCI DSS and PSD2 introduces new challenges but also provides mitigation of risks.
This document discusses cyber security in the era of networking. It covers several topics including types of cyber attacks like denial of service attacks and spoofing; threats like criminals, spies, and terrorists; vulnerabilities from insiders and supply chains; risks existing everywhere networked systems are used; and approaches to cyber crisis planning, mobile security, threat intelligence, next generation firewalls, access controls, surveillance, security awareness, and conclusions. Research areas discussed include scalable trustworthy systems, malware combating, and privacy-aware security.
The document discusses various cybersecurity threats facing internet banking, including a significant rise in stolen credit card information, password thefts, and malware infections. It describes common hacking techniques like password cracking, denial of service attacks, botnets, and social engineering. The document also outlines defenses such as intrusion detection systems, firewalls, honeypots, encryption, and a public key infrastructure to help secure systems from cyber attacks.
This document discusses cyber security and cyber crimes related to banking. It defines cyber security as the protection of internet-connected systems, including hardware, software and data, from cyber attacks. It then discusses examples of major cyber security threats to the banking sector like unencrypted data, unprotected third party services, and an constantly changing threat landscape. The document also defines different types of cyber crimes like hacking, phishing, and ransomware and explains how hackers managed to steal over Rs. 94 crore from an attack on Pune-based Cosmos Bank's server in 2018.
Winning the war on cybercrime keys to holistic fraud prevention CMR WORLD TECH
The document discusses keys to developing a holistic fraud prevention platform for financial institutions. It describes how cybercriminals are evolving attacks to target customer, employee, and criminal devices. A successful platform needs extensive coverage across attack vectors, near real-time intelligence to track emerging threats, adaptable controls that can respond quickly to changing tactics, and transparent protection that does not disrupt customers. The IBM Security platform addresses these keys through technologies that can detect malware, correlate device and account data to identify fraudulent access attempts, and rapidly update protections without involving bank resources.
This document summarizes the key points from a cybersecurity workshop presented by E. Andrew Keeney. The workshop covered the value of electronically stored data, common cybersecurity threats like hackers and rogue employees, best practices for prevention and response, and insurance options. Major data breaches are occurring almost weekly, costing companies hundreds of thousands of dollars on average. While many organizations remain complacent about cybersecurity, the consequences of a breach include loss of goodwill, reputation damage, and regulatory fines. The workshop emphasized employee training, strong access controls, encryption, insurance, and having an incident response plan to mitigate risks.
With the new interconnected age comes new risks for cyber attacks and other fraudulent activity. Do you know what you need to keep your end users protected? Digital Insight discusses security and compliance in the interconnected age.
This document discusses cyber security in the era of networking. It covers several topics including types of cyber attacks like denial of service attacks and spoofing; threats like criminals, spies, and terrorists; vulnerabilities from insiders and supply chains; risks existing everywhere networked systems are used; and approaches to cyber crisis planning, mobile security, threat intelligence, next generation firewalls, access controls, surveillance, security awareness, and conclusions. Research areas discussed include scalable trustworthy systems, malware combating, and privacy-aware security.
The document discusses various cybersecurity threats facing internet banking, including a significant rise in stolen credit card information, password thefts, and malware infections. It describes common hacking techniques like password cracking, denial of service attacks, botnets, and social engineering. The document also outlines defenses such as intrusion detection systems, firewalls, honeypots, encryption, and a public key infrastructure to help secure systems from cyber attacks.
This document discusses cyber security and cyber crimes related to banking. It defines cyber security as the protection of internet-connected systems, including hardware, software and data, from cyber attacks. It then discusses examples of major cyber security threats to the banking sector like unencrypted data, unprotected third party services, and an constantly changing threat landscape. The document also defines different types of cyber crimes like hacking, phishing, and ransomware and explains how hackers managed to steal over Rs. 94 crore from an attack on Pune-based Cosmos Bank's server in 2018.
Winning the war on cybercrime keys to holistic fraud prevention CMR WORLD TECH
The document discusses keys to developing a holistic fraud prevention platform for financial institutions. It describes how cybercriminals are evolving attacks to target customer, employee, and criminal devices. A successful platform needs extensive coverage across attack vectors, near real-time intelligence to track emerging threats, adaptable controls that can respond quickly to changing tactics, and transparent protection that does not disrupt customers. The IBM Security platform addresses these keys through technologies that can detect malware, correlate device and account data to identify fraudulent access attempts, and rapidly update protections without involving bank resources.
This document summarizes the key points from a cybersecurity workshop presented by E. Andrew Keeney. The workshop covered the value of electronically stored data, common cybersecurity threats like hackers and rogue employees, best practices for prevention and response, and insurance options. Major data breaches are occurring almost weekly, costing companies hundreds of thousands of dollars on average. While many organizations remain complacent about cybersecurity, the consequences of a breach include loss of goodwill, reputation damage, and regulatory fines. The workshop emphasized employee training, strong access controls, encryption, insurance, and having an incident response plan to mitigate risks.
With the new interconnected age comes new risks for cyber attacks and other fraudulent activity. Do you know what you need to keep your end users protected? Digital Insight discusses security and compliance in the interconnected age.
This document discusses security issues related to e-commerce, including brute force credit card attacks. It provides examples of real attacks, such as one where hackers processed over 140,000 fake credit card charges through an online merchant. The document outlines the basic security issues in e-commerce like confidentiality, integrity, and authentication. It also describes different types of threats and attacks, both technical (e.g. viruses, worms) and non-technical (e.g. social engineering). Additionally, it covers security risk management, technologies like encryption and firewalls, and managerial issues related to e-commerce security.
This document summarizes a presentation on cybersecurity risks and management practices. It outlines the evolution of cyber threats from less advanced in the past to more sophisticated today. Significant risks to businesses are identified as data theft, malware that destroys systems, denial of service attacks, and reputational attacks. Case studies show how even large companies can be vulnerable to attacks through a single weak point. The document then covers different types of security threats like hacking, phishing, man-in-the-middle attacks, and botnets. It emphasizes the need for senior management leadership on cybersecurity and outlines best practices for managing risks and measuring return on investment in security.
The document discusses cyber crime in South Africa, including an overview of phishing and SIM swap fraud. It notes that South Africa has the third highest number of cyber crime victims globally and is the second most targeted country for phishing attacks. The document outlines investigative methodology for phishing cases and provides a case study of a fictional company, Izigebengu Enterprises, that uses phishing and SIM swap fraud in its operations. It emphasizes the need for law enforcement cooperation across agencies to effectively investigate cyber crimes.
The document discusses application-specific and database intrusion detection systems. It describes how existing intrusion detection focuses on network and host-based attacks but not attacks at the application or database level. It then covers the limitations of host-based and network intrusion detection systems and why application-specific intrusion detection systems (AppIDS) and database intrusion detection systems (DIDS) are needed. As an example, it outlines a proposed credit card fraud detection system that uses a hybrid approach of anomaly and misuse detection integrated using Dempster-Shafer theory and Bayesian learning to improve detection accuracy.
This document summarizes security issues and threats facing e-businesses. It discusses how computerization and networking have increased security risks by exposing private networks to public threats. Technical attacks like hacking, malware, and denial of service as well as non-technical social engineering pose major risks. The document recommends tools like passwords, firewalls, and encryption to protect data and transactions. Regular security audits and testing are also advised to evaluate vulnerabilities and safeguard e-commerce over the long run as threats continue evolving.
Cyber crime encompasses a wide range of criminal acts involving computers and the internet. This document discusses several forms of cyber crime such as data diddling, trojan horses, salami shaving, super zapping, and trapdoors. Cyber crimes are classified into categories like fraud and financial crimes, cyber terrorism, cyber-extortion, obscene/offensive content, and harassment. Specific examples provided include identity theft, hacking, altering stored data, internet scams, computer-based attacks to intimidate governments, and threatening attacks to demand ransom payments.
This document discusses threats to databases in e-commerce. It introduces security issues in relational databases and mechanisms for enforcing multiple security levels. It discusses types of security threats like loss of integrity, availability, and confidentiality of data. Specific threats to e-commerce databases are unauthorized access and alteration of user data or product information. The document proposes countermeasures like access control, inference control, flow control, encryption, and backups to protect databases from these threats.
1) Tourism is an important part of Germany's economy and culture, with over 240 million nights spent in German hotels in 2011, a 5.4% increase from 2010.
2) Hotels hold significant customer information such as payment details, personal information, travel plans, which makes them a prime target for hackers seeking financial data.
3) To protect customer information, hotels must comply with PCI security standards which require practices like firewalls, encryption, access control, and regular security testing. Proper network segmentation and access restrictions are also important to reduce risk of credit card fraud and data breaches.
This document discusses information security in management information systems. It defines information security and explains how classified information is typically stored and protected using high-level security networks, technology, and encryption. It also examines factors that influence information security systems, such as service agreements, operational requirements, and staff qualifications. Risk management in information technology is also covered, looking at risks like intellectual property protection, data leakage, and compliance. The document then analyzes a case study on security issues found at the FBI, such as unsecured networks, outdated plans and training. It also discusses wireless security threats and solutions for protecting wireless networks and devices. Finally, it addresses the roles and responsibilities of management in information security systems.
Cybercrime involves any criminal activity that uses a computer, networked device, or network. Some cybercrimes are carried out for profit, others aim to damage or disable devices, and some spread malware or illegal materials. Common cybercrimes include hacking, identity theft, scams, computer viruses, and ransomware. Cybercrime can have public health and national security impacts, so combating it is a priority for law enforcement agencies like the FBI and DHS. Cybercriminals operate wherever there is opportunity, from individual cyberbullies to state-sponsored hackers in countries like China.
The document discusses e-commerce security challenges and developments over the past decade due to widespread computerization and growing networking. It covers network and internet security issues like confidentiality, authentication, integrity, and key management. It describes security threats like unauthorized access, data theft, and denial of service attacks. It also discusses encryption techniques like symmetric and asymmetric encryption, and cryptography concepts like public and private keys, digital signatures, and digital certificates.
The E-commerce environment allows companies such as Amazon, EBay, PayPal, financial institutions, and other e-commerce companies alike to allocate services to the consumer over the Internet resulting in the luxury of consumers not visiting a physical store. However, with that luxury also welcomes the risk of threats such as hackers and their various attacks on e-commerce sites and its consumers. To mitigate such risks, adequate security tools are implemented by companies to protect consumers from being victims of identity theft. However, some of the security tools implemented can have limitations in regards to protecting the required assets. In addition, companies offering e-commerce services should invest in additional security controls to implement into their network infrastructure to ensure a safe online environment for their consumers.
This document discusses cyber risks and cyber liability insurance. It summarizes that many major companies have experienced data breaches in recent years. It outlines common cyber risks like computer intrusions, loss of physical devices, and social media issues. It recommends basic loss control techniques and identifies what cyber liability insurance can cover, such as first and third party losses from network security breaches, privacy breaches, and internet media liability. Coverage limits start at $100,000 with premiums as low as $250.
The document discusses security issues and threats related to e-commerce. It describes common security practices for organizations of different sizes and summarizes key learning objectives around e-commerce security. Specific topics covered include brute force credit card attacks, security requirements, types of threats and attacks (e.g. denial of service, malware), common mistakes in managing security risks, and methods for securing e-commerce communications and networks.
This document discusses securing information systems and covers several topics related to information security. It introduces learning objectives about privacy issues, threats to information security, defense mechanisms, auditing, and disaster recovery. Several types of threats are described, such as human errors, natural disasters, technical failures, malware, hacking, and computer crimes like identity theft and phishing. Defense techniques include privacy policies, access controls, and security management practices.
Leading Practices in Information Security & PrivacyDonny Shimamoto
Many not-for-profits are operating in an environment in which there is a tremendous amount of electronic documents, communications, and confidential data sits on computers and networks that are connected to the Internet. Privacy and security threats are also increasing, putting Internet communications and computer data at risk at an alarming rate. At the same time, laws and regulations with significant penalties have been passed or are being passed by states, the Federal government, and industry groups (e.g. PCI DSS) increasing the consequences of data breaches and privacy violations.
Whether you’re an executive director, program manager, or IT manager, this non-technical presentation will help you learn about the threats, requirements, and leading practices related to information security you need to help protect your donors and constituents.
Presentation by Luc de Graeve at the Gordon institute of business science in 2001.
This presentation is about security in e-commerce and is aimed at making people aware of what hackers do, how they do it and the financial implications of their actions. The presentation begins with a few examples of defaced websites and ends with a discussion on risk and assessment.
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...Alan McSweeney
- The document discusses implementing a real-time fraud detection solution for online banking that analyzes transactions as they occur to identify potentially fraudulent activity.
- It proposes a system that collects data from transactions and user profiles, analyzes them for anomalies, makes decisions about transactions, and responds by flagging suspicious transactions or notifying incident handlers.
- Key components include rules engines to classify transactions based on multiple factors, complex event processing to handle high transaction volumes, and integrating the system with existing banking processes and authentication methods.
The document discusses Webroot's anti-fraud solutions for financial services. It notes that over 50% of online attacks target financial services users and that traditional security cannot keep up with modern threats. Webroot collects threat intelligence from billions of sources to detect malware as soon as it tries to infect users and protect all other users. It offers lightweight antivirus software, advanced online fraud prevention for PCs and mobile devices, and a mobile security SDK to embed security in mobile banking apps in order to protect banks, employees, and customers from fraud and attacks across digital channels.
Cyber crime threatens financial institutions in several ways. Hackers can access personal or sensitive information by breaking into computers. Cyber stalking and identity theft are also problems. Malicious software can steal data or damage systems. Mobile and online banking are growing targets as they handle more transactions electronically. To address cyber crime, financial institutions must implement security features, share threat information, and work with law enforcement internationally since cyber crimes often cross borders. Comprehensive strategies include prevention, investigation, prosecution, and cooperation between public and private sectors.
The document discusses cyber terrorism and cyber security. It defines cyber terrorism as using computing resources to harm people, places, or systems through intimidation or coercion, especially via the internet, for political or religious goals. It notes that cyber terrorists have lower risks of capture than traditional terrorists. The document outlines different types of cyber attacks and criminals like crackers and script kiddies. It discusses motivations for cyber attacks and provides recommendations for improving network, server, desktop, and physical security to prevent cyber terrorism.
This document discusses security issues related to e-commerce, including brute force credit card attacks. It provides examples of real attacks, such as one where hackers processed over 140,000 fake credit card charges through an online merchant. The document outlines the basic security issues in e-commerce like confidentiality, integrity, and authentication. It also describes different types of threats and attacks, both technical (e.g. viruses, worms) and non-technical (e.g. social engineering). Additionally, it covers security risk management, technologies like encryption and firewalls, and managerial issues related to e-commerce security.
This document summarizes a presentation on cybersecurity risks and management practices. It outlines the evolution of cyber threats from less advanced in the past to more sophisticated today. Significant risks to businesses are identified as data theft, malware that destroys systems, denial of service attacks, and reputational attacks. Case studies show how even large companies can be vulnerable to attacks through a single weak point. The document then covers different types of security threats like hacking, phishing, man-in-the-middle attacks, and botnets. It emphasizes the need for senior management leadership on cybersecurity and outlines best practices for managing risks and measuring return on investment in security.
The document discusses cyber crime in South Africa, including an overview of phishing and SIM swap fraud. It notes that South Africa has the third highest number of cyber crime victims globally and is the second most targeted country for phishing attacks. The document outlines investigative methodology for phishing cases and provides a case study of a fictional company, Izigebengu Enterprises, that uses phishing and SIM swap fraud in its operations. It emphasizes the need for law enforcement cooperation across agencies to effectively investigate cyber crimes.
The document discusses application-specific and database intrusion detection systems. It describes how existing intrusion detection focuses on network and host-based attacks but not attacks at the application or database level. It then covers the limitations of host-based and network intrusion detection systems and why application-specific intrusion detection systems (AppIDS) and database intrusion detection systems (DIDS) are needed. As an example, it outlines a proposed credit card fraud detection system that uses a hybrid approach of anomaly and misuse detection integrated using Dempster-Shafer theory and Bayesian learning to improve detection accuracy.
This document summarizes security issues and threats facing e-businesses. It discusses how computerization and networking have increased security risks by exposing private networks to public threats. Technical attacks like hacking, malware, and denial of service as well as non-technical social engineering pose major risks. The document recommends tools like passwords, firewalls, and encryption to protect data and transactions. Regular security audits and testing are also advised to evaluate vulnerabilities and safeguard e-commerce over the long run as threats continue evolving.
Cyber crime encompasses a wide range of criminal acts involving computers and the internet. This document discusses several forms of cyber crime such as data diddling, trojan horses, salami shaving, super zapping, and trapdoors. Cyber crimes are classified into categories like fraud and financial crimes, cyber terrorism, cyber-extortion, obscene/offensive content, and harassment. Specific examples provided include identity theft, hacking, altering stored data, internet scams, computer-based attacks to intimidate governments, and threatening attacks to demand ransom payments.
This document discusses threats to databases in e-commerce. It introduces security issues in relational databases and mechanisms for enforcing multiple security levels. It discusses types of security threats like loss of integrity, availability, and confidentiality of data. Specific threats to e-commerce databases are unauthorized access and alteration of user data or product information. The document proposes countermeasures like access control, inference control, flow control, encryption, and backups to protect databases from these threats.
1) Tourism is an important part of Germany's economy and culture, with over 240 million nights spent in German hotels in 2011, a 5.4% increase from 2010.
2) Hotels hold significant customer information such as payment details, personal information, travel plans, which makes them a prime target for hackers seeking financial data.
3) To protect customer information, hotels must comply with PCI security standards which require practices like firewalls, encryption, access control, and regular security testing. Proper network segmentation and access restrictions are also important to reduce risk of credit card fraud and data breaches.
This document discusses information security in management information systems. It defines information security and explains how classified information is typically stored and protected using high-level security networks, technology, and encryption. It also examines factors that influence information security systems, such as service agreements, operational requirements, and staff qualifications. Risk management in information technology is also covered, looking at risks like intellectual property protection, data leakage, and compliance. The document then analyzes a case study on security issues found at the FBI, such as unsecured networks, outdated plans and training. It also discusses wireless security threats and solutions for protecting wireless networks and devices. Finally, it addresses the roles and responsibilities of management in information security systems.
Cybercrime involves any criminal activity that uses a computer, networked device, or network. Some cybercrimes are carried out for profit, others aim to damage or disable devices, and some spread malware or illegal materials. Common cybercrimes include hacking, identity theft, scams, computer viruses, and ransomware. Cybercrime can have public health and national security impacts, so combating it is a priority for law enforcement agencies like the FBI and DHS. Cybercriminals operate wherever there is opportunity, from individual cyberbullies to state-sponsored hackers in countries like China.
The document discusses e-commerce security challenges and developments over the past decade due to widespread computerization and growing networking. It covers network and internet security issues like confidentiality, authentication, integrity, and key management. It describes security threats like unauthorized access, data theft, and denial of service attacks. It also discusses encryption techniques like symmetric and asymmetric encryption, and cryptography concepts like public and private keys, digital signatures, and digital certificates.
The E-commerce environment allows companies such as Amazon, EBay, PayPal, financial institutions, and other e-commerce companies alike to allocate services to the consumer over the Internet resulting in the luxury of consumers not visiting a physical store. However, with that luxury also welcomes the risk of threats such as hackers and their various attacks on e-commerce sites and its consumers. To mitigate such risks, adequate security tools are implemented by companies to protect consumers from being victims of identity theft. However, some of the security tools implemented can have limitations in regards to protecting the required assets. In addition, companies offering e-commerce services should invest in additional security controls to implement into their network infrastructure to ensure a safe online environment for their consumers.
This document discusses cyber risks and cyber liability insurance. It summarizes that many major companies have experienced data breaches in recent years. It outlines common cyber risks like computer intrusions, loss of physical devices, and social media issues. It recommends basic loss control techniques and identifies what cyber liability insurance can cover, such as first and third party losses from network security breaches, privacy breaches, and internet media liability. Coverage limits start at $100,000 with premiums as low as $250.
The document discusses security issues and threats related to e-commerce. It describes common security practices for organizations of different sizes and summarizes key learning objectives around e-commerce security. Specific topics covered include brute force credit card attacks, security requirements, types of threats and attacks (e.g. denial of service, malware), common mistakes in managing security risks, and methods for securing e-commerce communications and networks.
This document discusses securing information systems and covers several topics related to information security. It introduces learning objectives about privacy issues, threats to information security, defense mechanisms, auditing, and disaster recovery. Several types of threats are described, such as human errors, natural disasters, technical failures, malware, hacking, and computer crimes like identity theft and phishing. Defense techniques include privacy policies, access controls, and security management practices.
Leading Practices in Information Security & PrivacyDonny Shimamoto
Many not-for-profits are operating in an environment in which there is a tremendous amount of electronic documents, communications, and confidential data sits on computers and networks that are connected to the Internet. Privacy and security threats are also increasing, putting Internet communications and computer data at risk at an alarming rate. At the same time, laws and regulations with significant penalties have been passed or are being passed by states, the Federal government, and industry groups (e.g. PCI DSS) increasing the consequences of data breaches and privacy violations.
Whether you’re an executive director, program manager, or IT manager, this non-technical presentation will help you learn about the threats, requirements, and leading practices related to information security you need to help protect your donors and constituents.
Presentation by Luc de Graeve at the Gordon institute of business science in 2001.
This presentation is about security in e-commerce and is aimed at making people aware of what hackers do, how they do it and the financial implications of their actions. The presentation begins with a few examples of defaced websites and ends with a discussion on risk and assessment.
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...Alan McSweeney
- The document discusses implementing a real-time fraud detection solution for online banking that analyzes transactions as they occur to identify potentially fraudulent activity.
- It proposes a system that collects data from transactions and user profiles, analyzes them for anomalies, makes decisions about transactions, and responds by flagging suspicious transactions or notifying incident handlers.
- Key components include rules engines to classify transactions based on multiple factors, complex event processing to handle high transaction volumes, and integrating the system with existing banking processes and authentication methods.
The document discusses Webroot's anti-fraud solutions for financial services. It notes that over 50% of online attacks target financial services users and that traditional security cannot keep up with modern threats. Webroot collects threat intelligence from billions of sources to detect malware as soon as it tries to infect users and protect all other users. It offers lightweight antivirus software, advanced online fraud prevention for PCs and mobile devices, and a mobile security SDK to embed security in mobile banking apps in order to protect banks, employees, and customers from fraud and attacks across digital channels.
Cyber crime threatens financial institutions in several ways. Hackers can access personal or sensitive information by breaking into computers. Cyber stalking and identity theft are also problems. Malicious software can steal data or damage systems. Mobile and online banking are growing targets as they handle more transactions electronically. To address cyber crime, financial institutions must implement security features, share threat information, and work with law enforcement internationally since cyber crimes often cross borders. Comprehensive strategies include prevention, investigation, prosecution, and cooperation between public and private sectors.
The document discusses cyber terrorism and cyber security. It defines cyber terrorism as using computing resources to harm people, places, or systems through intimidation or coercion, especially via the internet, for political or religious goals. It notes that cyber terrorists have lower risks of capture than traditional terrorists. The document outlines different types of cyber attacks and criminals like crackers and script kiddies. It discusses motivations for cyber attacks and provides recommendations for improving network, server, desktop, and physical security to prevent cyber terrorism.
This document discusses the various risks associated with e-commerce, including information risks, technology risks, and business risks. It outlines specific risks like false or malicious websites, privacy and cookie issues, fraud, information theft, customer disputes, sabotage or defacement of websites, denial of service attacks, and the need for business recovery plans in the event of natural disasters or other interruptions. Cookies are described as small pieces of information stored on a user's computer that allow websites to operate more efficiently and track users.
This document discusses securing mobile banking. It begins by outlining the growth of mobile technology and consumer adoption of mobile devices and apps. It then discusses the threats posed by mobile malware, insecure devices, and user exploitation. The document advocates for a layered security model for mobile banking that includes multi-factor authentication, transaction authorization, behavioral monitoring, and secure development practices. It emphasizes the need for financial institutions to get ahead of threats and secure the mobile channel as consumer usage increases.
The document discusses the need to develop a cyber security center. It notes that cyber crimes are increasing, with identity theft, computer sabotage, and credit card fraud among the most common. The document provides statistics showing high percentages of reported intrusions, financial losses from breaches, and organizations detecting security breaches. It outlines target audiences for cyber security including individual users, devices, and different types of networks. The document also discusses national cyber security strategy and regional needs, mentioning how a cyber security center could provide forensic training, litigation support, and help financial institutions and healthcare organizations with security requirements.
The document discusses threats to e-commerce, including security threats to electronic payment systems, e-cash, and credit/debit card fraud. It describes how hackers can steal personal and financial information through methods like data packet sniffing, IP spoofing, malware, and failing to patch software vulnerabilities. Fraud occurs because it is easy for hackers to obtain data on the black market and crimes are often not prosecuted due to the difficulty in detection and crossing international borders. Common fraud types are financial fraud like credit card and refund scams, phishing, spamming, and infecting systems with malware.
This document discusses cyber attacks on the SWIFT global financial messaging network. It begins by providing background on SWIFT and explaining that cyber attacks on the network are a growing concern. It then describes different types of SWIFT attacks, including unauthorized fund transfers, data theft, malware infections, and others. Notable past attacks are discussed, such as the 2016 Bangladesh Bank heist where $81 million was stolen. The document stresses that coordinated prevention and response strategies are needed across borders to safeguard systems from these sophisticated cyber threats.
The document discusses fraud risks in e-banking and provides recommendations to address them. It summarizes the evolution of e-banking in India, benefits and vulnerabilities. Examples of major data breaches globally and in India are provided. Common e-banking fraud types like phishing, malware attacks etc. are described along with their characteristics. The document recommends controls that can be implemented by banks and users to enhance security of e-banking transactions and detect frauds.
e-banking refers to financial services delivered over the internet or wireless networks to customers. The document discusses customers' expectations of e-banking which include convenience, pricing, intuitive experience, access anytime and safe data security. It also discusses businesses' security expectations which are to align with goals, assist with compliance and defend against threats. Some challenges mentioned are that security is not always a core function, there are many changes with minimal downtime and a demanding business environment where trust is key.
Cyberattacks are malicious actions taken by individuals, groups, or organizations against computer systems, networks, and digital devices with the intent to damage, steal or manipulate data, or disrupt normal operations. These attacks can target anyone, from individuals to governments and large corporations, and can cause severe damage to both personal and professional lives.
This document discusses cybercrime, including what it is, why we should be aware of it, and how to protect ourselves. It defines cybercrime as illegal activities involving computers and networks, such as hacking, viruses, and identity theft. The document outlines different types of cybercrimes and their impacts, describing how financial losses from data breaches are rising. It also discusses Indian laws related to cybercrime and provides tips for security measures like using strong, unique passwords and updating software. The document concludes by emphasizing the importance of awareness in protecting oneself from cybercrime.
This document provides an overview of cyber security threats facing businesses in the 21st century. It discusses the scale of cyber crime, changing threats from insiders, hacktivists, organized crime and nation-states. It also covers common forms of malware, how malware infects systems and steals credentials, and tips for businesses to prevent account takeover and avoid being victims of cyber attacks.
Here you learn about the Cyber Security - Terminologies and its basics and cbyer security threats as well. Slides covering digital knowledge of internet.After going through the slides you will become aware of cyber security basics.
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
Slides from the 2014 GRC Conference Presented by:
Jeff Spivey, CRISC, CPP
Vice President of Strategy, RiskIQ, Inc.
President, Security Risk Management, Inc
Adair Barton, CPA, CISA
Vice President of Internal Audit
Dycom Industries, Inc.
and
David A. Less, CISA, CISM
CIO & SVP
Sunteck, Inc.
This document summarizes cyber security risks in internet banking and measures to address them. It discusses how cyber crimes have increased with the rise of online banking and shares statistics on credit card theft and password theft. It then outlines various types of attacks targeting clients and servers used in internet banking. The document also categorizes actors involved in banking fraud and reviews security measures adopted by banks like attack detection, secure client platforms, transaction signing, and security tokens. It discusses protocols like SSL, one-time passwords, and EMV's Chip Authentication Program for more secure online transactions and authentication.
The document discusses emerging threats to digital payments and outlines steps businesses can take to protect themselves. It notes that cyber attacks are a major security risk and new payment methods are fueling more attacks. The problems section details how criminals exploit new technologies, learning resources, and expanded access points. It asks questions around detecting and responding to attacks. The solutions section recommends training, vulnerability scanning, network segmentation, access control, monitoring, and intelligence sharing to help close security gaps against sophisticated attackers.
This document discusses cyber liability insurance. It begins by defining cyber risk as any risk of financial loss, disruption, or damage to an organization's reputation from a failure of its information technology systems. It then discusses the types of damages that can occur, including non-physical damages like data corruption or theft and physical damages like system manipulation. It notes that all companies have cyber risk. It discusses how industries like energy are particularly exposed to risks like power grid hacking. The document outlines common insurable cyber risks, underwriting considerations for pricing cyber policies, and ways organizations can manage their cyber risks.
This document summarizes the key points from a cybersecurity workshop presented by E. Andrew Keeney. The workshop covered the value of electronically stored data, common cybersecurity threats like hackers and rogue employees, best practices for prevention and response, and insurance options. Major data breaches are occurring almost weekly, costing companies hundreds of thousands of dollars on average. While many organizations remain complacent about cybersecurity, the consequences of a breach include loss of goodwill, reputation damage, and regulatory fines. The workshop emphasized employee training, strong access controls, encryption, insurance, and having an incident response plan to mitigate risks.
The document provides an agenda for maturing an information security (IS) program using the NIST Cybersecurity Framework and FFIEC Cybersecurity Maturity Assessment. It discusses reasons to mature cybersecurity posture such as data breaches and their impact on the economy. It then outlines the NIST Cybersecurity Framework including its functions, categories, and subcategories. It also describes the FFIEC Maturity Assessment Tool and its domains for evaluating an organization's cybersecurity maturity. The document shares details about how one organization used these frameworks to improve their cybersecurity program over time from an initial assessment to continuous improvement.
The document discusses security challenges posed by increased use of mobile and wireless devices, including risks of malware, hacking, and data theft. It covers types of mobile devices and attacks like viruses, smishing, and vishing. It also provides recommendations for securing mobile devices like using passwords, encryption, and anti-theft tracking software.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
2. Consumerization
• Mobile devices
• Social media
• Cloud services
• Nonstandard
• Security as a
Service
Continual Regulatory and
Compliance Pressures
• SOX, PCI, EU Privacy
• ISO 27001
• Other regulations
Emerging Trends
• Decrease in time to
exploit
• Targeted attacks
• Advanced persistent
threats (APTs)
Key Trends and Drivers of Security
4. Why banks are different
• Banks are custodians of monetary assets and sensitive
information for companies and individuals in other industries,
meaning the effects of cybercrime in the FS sector can have
signifficant consequences outside organizational borders
• A successful cyberattack on Bank’s IS can lead to an
immediate monetary reward for attacker
• In the “Deloitte 2015 Banking Outlook”, Deloitte states that
the financial services sector faces the greatest economic risk
related to cybersecurity.
• Finance Hit by 300 % More Attacks Than Other Industries 1.
• In comparison with other industries, the finance industry has
a superior level of protection against malware and the
running of unauthorized software on endpoints.
• However, the most dangerous threats are from well
resourced, sophisticated attackers who will research and craft
a specific, targeted attack against a financial institution in
anticipation of rich rewards if successful.
5. Business causes of potential
problems
• Whether it is external data feeds, customer and staff devices or cloud
services, banks find themselves having to adapt to relying on systems
that are outside their control (Target data breach)
• Changing business requirements, speed to market pressures, business
innovation requirements and budget cuts making the challenge for
managing cyber risk is significant.
• PSD2 - requires banks to set up an API on top of their current account
infrastructure, which enables third-parties to access users’ bank account
information, where permitted
• Cloud – more and more bank related services are cloud based
• Outsourcing risk -Service providers often deal with multiple IT
systems and inconsistent organizational processes, which
present integration challenges.
• Certain functions (including finance) still tend to perceive cybersecurity
as more of an IT issue(rather than a significant business risk).
6. Threat Implications and Impact on Business
Immediate
Implications
• Loss of data
• Corruption or
destruction of data
• Unauthorized access
• Account takeovers
• Compromised
systems and
applications
• Unavailability of
services
Long term impact
• Reputational loss
• Financial loss/fraud
• Regulatory
compliance incidents
and penalties
• Client loss
7. Examples of cyber attacks on
banks
• Tesco Bank halted online banking after 40,000 current accounts were
compromised and half of them were hit by fraudulent transactions by hackers
over one weekend. A total of £2.5m was stolen from 9,000 accounts.
• Cyber crooks have remotely infected ATMs with malware in Armenia, Bulgaria,
Estonia, Georgia, Belarus, Kyrgyzstan, Moldova, Spain, Poland, the Netherlands,
• Cyber criminals using some form of Zeus malware, during 2014, were attacking
online banking users in Croatia. It is suspected they have stolen a total of 1.8
million Kn.
• The Central Bank of Bangladesh was hacked by a sophisticated team of hackers
who infiltrated the bank’s network, installed credential-stealing malware, and
were able to obtain log-in credentials to the SWIFT. This allowed the hackers to
steal over $80 million dollars.
• Lloyds Banking Group suffered 48-hour online attack this month as
cybercriminals attempted to block access to 20m UK accounts. The denial of
service attack ran for two days from Wednesday 11 January to Friday 13 January
2o17
• Hackers recently infiltrated the systems of three government-owned banks —
two headquartered in Mumbai and one in Kolkata — to create fake trade
documents that may have been used to raise finance abroad or facilitate dealings
in banned items. 1
8. Cyberattacks on Financial
instutions
in BiH and region
• ATM Skimming
• Compromising computers clients use for e-
banking
• Spear phishing
• Web sites hacking
9. Threat landscape
for retail banks
• Knowledge required to launch very
sophisticated attacks is decreasing
over time making these threats
more severe each day
• Recent attacks show increased
knowledge and understanding of the
technology, infrastructure and
systems of their victims
• Bad Actors are going after
customers, suppliers, and third-
parties in addition to direct attacks
• Intelligence, external and internal as
well as shared knowledge across the
industry and governments will be
the most effective counter strategies
10. The Society for Worldwide Interbank Financial
Telecommunications network (SWIFT)
• Country - Receiver
Messaging Infrastructure
Debtor
Sender Bank
Payment
System
Correspondent – Sender
Correspondent Banking Fee
Payment
System
Correspondent – Receiver
Correspondent Banking Fee
Creditor
Receiver
Bank
• Correspondent Banking
Country - Sender
11. SWIFT Attacks
• The Central Bank of
Bangladesh was hacked by a
sophisticated team of hackers
who infiltrated the bank’s
network, installed credential-
stealing malware, and were able
to obtain log-in credentials to
SWIFT network. This allowed the
hackers to steal over $80 million
dollars.
• Details surrounding the hack
have been emerging every week
and SWIFT maintains that their
systems have not been
compromised.
• There have been a number of
new security incidents involving
banks that have the same pattern
of attack as the Bangladesh
12.
13. Credit Cards and ATM fraud
• First-party fraud, which occurs when a fraudster
purports to be a legitimate cardholder or a legitimate
cardholder intentionally decides not to pay off a credit
card balance, leaving the card issuer with the debt.
• CNP fraud, which involves the unauthorized use of a
credit or debit card number, the security code printed
on the card ,to purchase products or services in a
setting in which the customer and the merchant are
not interacting face-to-face,
• Counterfeit fraud, which occurs when a fake card is
created using compromised details obtained from the
magnetic stripe or electronic chip in a legitimate card.
• Lost and stolen card fraud, which includes cards that
are reported as lost or stolen by the original
cardholder.
• Mail and non-receipt fraud, which involves
intercepting legitimate cards while they are in transit
from the issuer to the cardholder.
14. New attack landscape
• Targeting a specific product - Hackers identified prepaid debit
cards from Visa and MasterCard as their primary targets
because such cards are preloaded with money instead of being
linked to specific accounts, thus minimizing early detection.
• Identifying the weakest link - The global financial system is
only as strong as its weakest link. Attack on processing centers.
• Raising the scope- Instead of using the stolen data, the
hackers raised the scope of the attack by increasing or
removing the withdrawal limits on the prepaid cards
• Executing the plan through global coordination- Account
information was sent by the hackers to local crews in about 20
countries around the world.
• The heist -In December, local crews used five account numbers
to make 4,500 transactions worth $5 million.
• Laundering the money Local crews used the money to
purchase luxury items, in an effort to launder the money.
• Attacking an internal bank's network and critical information
systems- Hacks of banks' centralized systems had made groups
of machines issue cash simultaneously, a process known as
"touchless jackpotting"
15. E-banking attacks
Phishing Attacks
Trojan Attacks
Vishing
Keyloggers
Pharming
DNS Spoofing
Network Interception
MITM attack
Web Application Attacks
Attacking Server
DDoS
16. M-banking attack vector
• We have seen
• Classic threats migrate to
mobile: Phishing,
Ransomware, Overlay
• Mobile specific threats
such as fake Apps
• We are bound to see
• Mobile specific exploit kits
• Bundling frameworks and
services (perhaps
automated)
• Device takeover malware
for mobile
• NFC, ApplePay – new
targets
Account Takeover
via a Criminal Mobile
Device
Cross-Channel
Attacks
Compromised &
Vulnerable Devices
Susceptible to
suspicious apps &
mobile malware
Server-side device ID isn't
effective for mobile device
Credential theft from the
desktop enables mobile
fraud
Customer
Criminal
17. PSD2 challenge
Potential increase in security risk with the
entrance of a third party between the
financial institution and the consumer
• Data protection personal information is
a top priority for European regulators
and merits close attention
• Liability claims in the case of
unauthorized transactions and data
breaches
• By providing their APIs to TPPs, banks
open up a significantly greater attack
surface to potential cyberadversaries, and
can no longer hide critical applications
behind perimeter firewalls.
18. Compliance as mitigation
factor
• PCI DSS /Payment Card Industry Data Security Standard
• SWIFT - security standards for customers.
• Basel - Risk Management Principles for Electronic Banking
• Local regulation - Decision on Minimum Standards for
Information System Management in Banks and Decision on
Minimum Standards for Outsourcing Management
• GDPR - General Data Protection Regulation intended to
strengthen and unify data protection for individuals within
the European Union
• Standards
• ISO 27000
• ITIL
• COBIT
19. PCI DSS Compliance Requirements
• Install and maintain a firewall configuration to protect cardholder
data.
• Do not use vendor-supplied defaults for system passwords and other
security parameter
• Protect stored cardholder data
• Encrypt transmission of cardholder data across open, public networks
• Use and regularly update anti-virus software.
• Develop and maintain secure systems and applications.
• Restrict access to cardholder data by business need-to-know.
• Assign a unique ID to each person with computer access.
• Restrict physical access to cardholder data
• Track and monitor all access to network resources and cardholder data
• Regularly test security systems and processes
• Maintain a policy that addresses information security
20. SWIFT’s Customer Security Programme
• Launched in June 2016, is a dedicated initiative
designed to reinforce and evolve the security of
global banking, consolidating and building
upon existing SWIFT and industry efforts.
• The programme will clearly define an
operational and security baseline that
customers must meet to protect the processing
and handling of their SWIFT transactions.
• The programme will focus on five mutually
reinforcing strategic initiatives:
• Improving information sharing amongst
the global community
• Enhancing SWIFT related tools for
customers
• Enhance guidelines and provide assurance
frameworks
• Support increased transaction pattern
controls
• Enhance support by third party providers.
21. Basel Committee- Risk Management Principles for E- Banking
• A. Board and Management Oversight:
1. Effective management oversight of e-
banking activities
2. Establishment of a comprehensive security
control process.
3. Comprehensive due diligence and
management oversight process for
outsourcing relationships and other third-
party dependencies.
• B. Security
4. Authentication of e-banking customers.
5. Non-repudiation and accountability for e-
banking transactions.
6. Appropriate measures to ensure segregation
of duties.
7. Proper authorization controls within e-
banking systems, databases and
applications.
8. Data integrity of e-banking transactions,
records, and information.
9. Establishment of clear audit trails for e-
banking transactions.
10. Confidentiality of key bank information.
• C. Legal and Reputational Risk Management
11. Appropriate disclosures for e-banking
services.
12. Privacy of customer information.
13. Capacity, business continuity and
contingency planning to ensure availability
of e-banking systems and services.
14. Incident response planning.
22. General Data Protection Regulation - rules
summary
• Territorial scope: The GDPR extends regulations from EU
companies to include those organizations outside of the
EU processing data relating to EU citizens
• Security: Tightened and broadened security where data
protection and privacy is by design and default
• Data Protection Officers: to be appointed to ensure data
protection compliance within organizations where over
5000 records are processed or there are 250+ employees
• Data breaches & right to know: Data breaches need to
be reported within 72 hours and a notification to the
affected individuals sent ‘without undue delay’
• Data portability : where individuals are able to request
copies of personal data being processed in a format
usable by the person, and so they are able to transmit
electronically to another processing system
• Data erasure : When an individual asks for their data to
be deleted, provided there is no legitimate grounds for
retaining it, the processors or controllers must comply.
• Stronger enforcement & fines: Higher fines and
sanctions introduced for noncompliance – up to 4% of
global turnover
23. ISMS –information security management
system
• Part of the overall management
system, based on a business risk
approach, to establish, implement,
operate, monitor, review, maintain
and improve information security
(ISO definition)
• Influenced by the organization’s
needs and objectives, security
requirements, the processes
employed and the size and
structure of the organization.
• Expected to change over time.
• A holistic approach to managing
information security –
confidentiality, integrity, and
availability of information and
data.
24. Steps in establishing, monitoring, maintaining
and improving its ISMS
• Identify information assets and their
associated information security
requirements
• Assess information security risks and
treat information security risks [to an
acceptable level]
• Select and implement relevant
controls to manage unacceptable
risks [or to reduce risks to acceptable
levels]
• Monitor, maintain and improve the
effectiveness of controls associated
with the organization’s information
assets
25. ISO/IEC 27001:2013
• Leading International Standard for ISMS.
Specifies the requirements for establishing,
• implementing, maintaining, monitoring,
reviewing and continually improving the
ISMS within
• the context of the organization. Includes
assessment and treatment of InfoSec risks.
• Best framework for complying with
information security legislation (FBiH and
other regional banking legislations heavily
relay on this standard)
• Not a technical standard that describes the
ISMS in technical detail.
• Does not focus on information technology
alone, but also other important business
assets, resources, and processes in the
organization.
27. Organization of information security
• A structured management
framework directs,
monitors and controls the
implementation of
information security as a
whole within a bank
Executive Committee
Chaired by the Chief
Executive Officer
Audit Committee
Chaired by Head of
Audit
Security Committee
Chaired by Chief
Security Officer CSO
Information Security
Manager
Security
Administration
Policy & Compliance
Risk & Contingency
Management
Security Operations
Local Security
Committees
One per location
Information Asset
Owners (IAOs)
Site Security
Managers
Security Guards
Facilities
Management
Risk Committee
Chaired by Risk
Manager
28. Role of information
security officer
• Communicate risks to executive
management.
• Budget for information security activities.
• Ensure development of policies,
procedures, baselines, standards, and
guidelines.
• Develop and provide security awareness
program.
• Understand business objectives.
• Maintain awareness of emerging threats
and vulnerabilities.
• Evaluate security incidents and response.
• Develop security compliance program.
• Establish security metrics.
• Participate in management meetings.
• Ensure compliance with governmental
regulations.
• Assist internal and external auditors.
• Stay abreast of emerging technologies
30. At the end
• Threat intelligence, proactive
prevention, faster incident detection
and immediate response are critical
for protecting against the risks
presented by cyber threats
• Only with continued investment and
increased understanding of the
technology, tools and talent needed
to effectively combat threats will the
financial sector be able to mitigate
the huge risk presented by
cybersecurity threats
Editor's Notes
Insider fraud
Account Takeovers: Cyber criminals have demonstrated their ability to exploit online financial and market systems that interface with Internet, such as the Automated Clearing House (ACH) systems, card payments, and market trades.
Payment Systems: Fraudulent monetary transfers and counterfeiting of stored value cards are the most common result of exploits against financial institutions, payment processors, and merchants.
ATM Skimming: ATM skimming is also a prevalent global cyber-crime. A criminal affixes a skimmer to the outside or inside of an ATM to collect card numbers and personal identification number (PIN) codes.
Point of sale terminals: Point of Sale (POS) terminals have been a primary target for cyber criminals engaging in credit card fraud and have resulted in the compromise of millions of credit and debit cards the US.
Mobile Banking Exploitation: As more mobile devices have been introduced into personal, business, or government networks, they have been increasingly targeted for stealing PII. Cyber criminals have successfully demonstrated man-in-the-middle attacks against mobile phones using malwares.
SWIFT network attacks
DDOS attacks on e-banking and m-banking sites
Targeting a specific product - Hackers identified prepaid debit cards from Visa and MasterCard as their primary targets because such cards are preloaded with money instead of being linked to specific accounts, thus minimizing early detection.
Identifying the weakest link - The global financial system is only as strong as its weakest link. In the first operation in December 2012, hackers infiltrated an unnamed Indian credit card processing company to steal card information; in the second operation in February 2013, they targeted an American credit card processing company.
Raising the scope- Instead of using the stolen data, the hackers raised the scope of the attack by increasing or removing the withdrawal limits on the prepaid cards by infiltrating the National Bank of Ras Al Khaimah in the United Arab Emirates during the first attack and the Bank of Muscat in Oman during the second attack.
Executing the plan through global coordination- Account information was sent by the hackers to local crews in about 20 countries around the world, who used the data to program the magnetic strips of cards in order to withdraw money from them on local ATMs.
The heist -In December, local crews used five account numbers to make 4,500 transactions worth $5 million. In February, they used 12 account numbers to make 36,000 transactions worth $40 million.
Laundering the money Local crews used the money to purchase luxury items, including Rolex watches and cars, in an effort to launder the money. They also deposited some of the money into bank accounts – presumably those of the hackers. In one instance as much as $150,000 was deposited.
Attacking an internal bank's network and critical information systems- Hacks of banks' centralised systems had made groups of machines issue cash simultaneously, a process known as "touchless jackpotting" The machines had not been physically tampered with, it said, but "money mules" had waited to grab the cash.
Data protection concerns arising from the fact that protection of personal information is a top priority for European regulators and merits close attention; see here for a recent example of European regulatory intervention in the world of social media