Question

At a recent graduate recruitment event, you talked with a number of different people on company stands. Each talked about the various modules that you took on your course, your ambitions and aims.

The next day, you received an e-mail from the Chief Executive Officer (CEO) at ABC Bank PLC. She explained that your ideas about the importance of cyber security were very interesting and thinks that someone of your skills and knowledge may be just what the bank is looking for, as a senior risk manager. In this capacity the senior executives of your organisation have come to you with concerns about reports concerning cyber-attacks and viruses affecting IT systems and the problem encountered by companies such as TSB Bank and VISA in Europe with their IT systems. They were alarmed by the continued growth of ransomware attacks in particular.

To reassure the senior management you are required to identify the cyber risk facing a financial institution and develop a risk management plan including ‘continuity planning’ (or “resilience”) for the organisation to enable the organisation to manage a cyber incident effectively and continue trading in the event of the risk occurring.

Answer 1

Numerous banks and money related foundations incorporate outsider administrations from different merchants with authority information, especially as the business digitizes. This intensifies the cyber risk presentation, expanding the establishment's weakness if the outsider seller doesn't have the right safety efforts set up. This can prompt the loss of client information, loss of client reserves, administrative fines and noteworthy reputational harm.

Banks and monetary establishments hold a plenty of delicate information, that whenever altered can be hard to distinguish and can make money related organizations cause a great many dollars in harm. Regardless of whether an insider worker looking for vengeance against a foundation, or a programmer hoping to affect the notoriety of the firm, banks have seen a pattern in pernicious attacks trying to cause devastation instead of concentrate information. The aftereffect of such an attack incorporates noteworthy legitimate expenses and administrative fines, just as business interference, reputational harm and reclamation costs. Types of Risk:

1. Credential Stuffing

Credential stuffing is a kind of cyberattack that typically focuses on the individual information of banking clients. Utilizing taken record credentials, programmers can increase unapproved access to client accounts utilizing mechanized enormous scope login demands. The taken data would then be able to be utilized to besiege sites and servers so as to attempt to access basic IT foundation. This training is known as credential stuffing. 2) Cloud Providers

Cloud administrations come in valuable by helping banks balance IT costs, support framework uptime and guarantee their information is being put away securely. In any case, the guarantees of the cloud have accompanied a couple of hard-earned exercises with regards to client information and security. 3. Phishing Attacks

Phishing is a typical kind of cyberattack that is regularly used to take client information, including login credentials and Mastercard numbers. Yet, recently, there's been an expansion in phishing attacks focusing on bank workers. Phishing happens when an attacker fools a clueless casualty into opening a vindictive connection, prompting an establishment of malware which at that point freezes the framework as a major aspect of a ransomware attack. 4. Ransomware

Ransomware is a sort of malware that scrambles information, making it inconceivable for the proprietors of that information to get to it except if they pay a strong charge. In March 2017, the WannaCry infection spread autonomously through the systems of unpatched Microsoft Windows gadgets, leaving a large number of PCs tainted and grabbing a sum of 327 installments totaling $130,700. 5. Web of Things (IoT) Exploitation

While a dominant part of misuse endeavors come from programming vulnerabilities, they can simply start from powerless bits of equipment. Anything from a representative gadget to a switch associated with an unbound system can put a whole association's advanced framework at risk.

For some CISOs, this may seem as though wasting time going on and on – yet unbeknownst to many is the manner by which effectively exploitable their IoT gadgets are since they're regularly not required to have a similar degree of security examination as PCs. Unbound IoT gadgets, for example, home switches, printers, and IP cameras are for the most part helpless against attacks. Ways of Risk Management :

1. Assess Your Cloud Security

Regularly audit your cloud infrastructure to guarantee it's cutting-edge. Assess your cloud security's present state compared to security benchmarks, best practices and compliance standards.

2. Monitor Your Cloud Security

Utilize a vulnerability management apparatus to assist you with automating threat recognition and secure against potential threats before they become an issue.

3. Establish Strict Access Management Policies

By just giving access consents to representatives who require it, you're guaranteeing your organization is all around shielded from inside – especially on the off chance that you utilize contractors or part-time laborers.

4. Establish a Disaster Recovery Plan

Having a plan in place causes you avoid data misfortune and allows your to limit personal time after a disturbance. This possibly works in the event that you backup your data regularly and frequently.

5. Encrypt Your Data

Encrypting your data cryptographically, and securing the cryptographic keys to that realm, guarantees your most delicate digital assets are always ensured – regardless of whether your IT structure is critically undermined