Cyber security in banking a case study of canada

To encounter cyber-attacks, different areas of the economy should have proper security on their databases. The cases of cyber-security and cyber-related threats have been on the rise in the recent past. The main focus is on the banking sector in Canada which has had its spoils of information security cases, data breach, and other cyber-related crimes. The primary objective of this paper is the evaluation, critical analysis and recommendation on the issues concerning cybersecurity. The banking sector is enormous and sensitive, and as such, it requires significant attention in tackling the problem through conceptual analysis of the threats. Additionally, social engineering is also being used continuously and has contributed significantly to data breaches. In most cases, social engineers use employees to come up with designs to trick the bank clients or any other victim into allowing access to data.

In such a scenario, employees pretend to accept a request that said to come from a higher authority. This process is called spearfishing. Spearfishing was used by a large extent in Australia, in 2016. It's a worldwide problem that requires global policies to reduce its effects. There is a dire need for financial institutions to heighten the cybersecurity awareness and its dangers in the institutions. The institutions must learn how to protect their services, employees, and stakeholders from harm. The financial impact of cybersecurity incidents Data breaches do not only affect bans but can affect any business in any industry. High costs are incurred in recovering the lost finances in the process of the attacks. Therefore, even though Canadian banks are renowned for leading the way in cybersecurity practices, they are still vulnerable to cyber-attacks.

Thus, this solidifies the national and regional significance of cyber security in banking. To add more weight to the significance of cybersecurity matter on a global scale, the cyber-attacks are not unique to Canada. Thirty-five percent of all cyber-attacks in the United Arab Emirates (UAE) are directed towards the banking sector (More and Nalawade, 2015). Therefore, there is a need for the development of a cyber-security programme that is comprehensive and outlines the right compliance and risks standards, and governance levels as a top priority for the banking community. According to Khan and Barua (2010), three-quarters of the insider attacks are intentional and range from poorly-paid employees to disgruntled ones who provide hackers with their credentials or refuse to take concerns of cyber security seriously because of poor morale.

However, the remainder (25 percent) on insider threats is usually because of human error such as innocently downloading malware. According to Shoemaker (2017), the state of danger to cybersecurity in banking in Canada is no exception. According to a report released by the Bank of Canada in 2014, it observed that the high reliance of banks on third-party services is increasingly bringing about the systemic vulnerability to cyber-attacks. This has also been supported by the 2016's cyber-attack on the Central Bank of Bangladesh in which false instructions of SWIFT were sent to the NYFR (New York Federal Reserve) in an attempt to implement approximately 30 transfers (Shoemaker, 2017). The same has been replicated and as mentioned earlier as regards to the exploitation of SWIFT systems connection to banks where a record-breaking amount of 81 million US dollars were stolen by hackers (Lloyd, 2016).

Thus, this is a testament of how the DDoS, Third-Party and insider attacks amongst others in the Canadian banking and other countries across the world has evolved from simple assaults to well-orchestrated and sophisticated cyber-attacks resulting to losses of billions if not millions of US dollars every year. According to Raghavana and Parthiban (2014), since the forced Lehman Brothers Investment Bank bankruptcy that caused the financial crises a decade ago, bankers have concentrated on the bank’s capability to endure economic shocks in the United States and across the rest of the world with Canada not being an exception. However, if the financial crises were to happen in Canada today, it would most certainly not be as a result of economic shocks but rather cyber-attacks.

According to Raghavana and Parthiban (2014), the cyber-attacks in Canada are resulting in disruptions of financial services within the banking sector and more particularly the payment systems. According to Newman (2010), cyber-attacks in banking are presenting a broad spectrum of dangers or perils to societies and individuals across the world. Thus, the proponents of human security indicate that any threat to social security is anything that makes individuals feels insecure. In contemporary society, cyber security in banking is one of the most prevalent fears amongst the human population across the world. In 2017 alone, more than 50 percent of the U. S adult population, that is, 143 million individuals were victims of the cybersecurity attacks through the banking sector. The increase in price must concern the financial institutions in the banking industry because this is the one industry that experiences the highest customer churn compared to other sectors.

The primary factor that places the financial institutions at a higher risk is the fact that customers have to deal with the fear regarding the safety of their finances (Ossip, 2017). Several financial institutions are aware of the magnitude at which their relationships with their clients can be affected in case of an occurrence of the cyber attack. However, a few financial institutions acknowledge that loss of brand trust and damage of the company reputation is the primary concern in case of a data breach. They need to understand that the act can potentially lead to loss of customers significantly. However, over the last decade, the threat of cybersecurity in banking has tremendously become complicated, and it seems that the future will remain sophisticated because the cybercriminals are patiently and in a synchronizing manner orchestrating cyber-attacks.

In that case, the threats to cybersecurity are currently having unprecedented impacts such as the losses of billions of US dollars in the banking sector exemplified by the example of Tesco Bank in the U. K and the Bangladesh Central Bank which lost approximately 80 million US dollars through cyber-attacks. Thus, there is a need to create substantive solutions to prevent the escalation of the cybersecurity threats in the banking sector in Canada and beyond. Targeting of financial institutions in cybersecurity attacks Financial institutions are the primary targets of cyber attacks because they are lucrative (Smith, 2018). Current practices in cybersecurity incident mitigation Banking institutions have devoted the right amount of their resources in raising awareness among employees, customers, and stakeholders. They have also boosted the recognition of potential cybersecurity risks among banking institutions (Ossip, 2017).

These practices have yielded positive results. As stated by the sections above, cybersecurity and data breaches are the significant concerns of the banking institutions. In the past, organizations were utterly blindsided by issues to do with cybersecurity. Best practices are not sufficient enough for solving the problem, but they can help financial organizations lessen the destruction and losses caused by cybersecurity incidents. First, institutions must be prepared for attacks. Most financial institutions, especially in the developing nations, do not have a formal cybersecurity incident response plan (Öğüt, Raghunathan and Menon, 2011). In case of an occurrence of a cyber attack, they are left vulnerable to data breach. Furthermore, most of these organizations are not confident in their ability to recover from an attack.

There is a significant return on investment for an organization investing in such offers because it can preserve customer trust as well as preventing customer loss. Institutions that invest more in improving customer trust and experience potentially reduce the churn and the cost of breaches. Also, institutions that offer protection to data breach victims are likely to records high levels of success in their industry. Customers are interested in institutions that have identity protection resources and services. Employee education is another critical practice that should not be overlooked. Recommendations for Future Action and By Whom According to Öğüt, Raghunathan, and Menon (2011), four proposals ought to be taken into considerations to enhance cybersecurity in banking in Canada and the rest of the world.

First, since the use of device-centric data in banking financial services is not effective in ensuring threats to cybersecurity are minimized, the banks should switch to the utilization of insights gathered through digital identity intelligence that is crowd-sourced which is two and half times more effective than device-centric data (Öğüt, Raghunathan and Menon, 2011). More so, to detect anomalies for a particular person founded on their history, especially for employees of the banks who may be involved in insider attacks, the banks should be able to use behavioral analytics that is advanced that in one way or another evaluate typical behavior patterns of the user beyond the obvious. Further, the banks should be able to significantly enhance models of fraud by the utilization of clear-box machine learning.