The word terrorism, for most, conjures images of twin towers falling, emergency personnel working tirelessly to retrieve wounded and deceased citizens and millions of people grieving from their home television screens. As the world continues to change, so does the bounds of terrorism and its means of creating harm in the physical world (Littl3field, 2017). Terrorism is now not only limited to religious agenda but now has crossed into the realm of cyber related crime, threats within cyberspace, and attacks against systems or damages to information (Littl3field, 2017). Specifically, cyber terrorism can be defined as “pre-mediated, politically motivated attacks by sub national groups or clandestine agents or individuals against information and computer systems, computer programs and data that results in violence against non-combatant targets” (Janczewski, & Colarik, 2008).
Cyber-terrorism against an organization is more likely than ever, even more so for companies involving banking or financial services. Recent studies show that financial organizations incur over “50 attacks per month on average” (Foster, n.d.). However, these types of cyber threats can vary not only by function, but by overall purpose. For example, the most common cyber threats include social engineered Trojans, un-patched software, phishing, network traveling worms, and advanced persistent threats (Secureworks, 2017). These common cyber threats can be used to either attempt to damage or disrupt a computer network or system, or steal sensitive or classified data (Secureworks, 2017).
As statistics continue to rise, it is important that organizations address current events and issues to better posture their network’s security, especially since cyber terrorism can be deemed as a strategic threat to an organization. For financial services, leading shareholders or need to understand that there are several types of cyber terrorism that they need to be aware of. Specifically, there are four primary attacks that threaten financial institutions. These include social engineering, data breaches, system outages and denial of service attacks as well as third party threats (Yazbeck, 2018). These types of social engineering attacks trick the victim into revealing sensitive information so they are able to either exploit the person, system, network, or physical location (Yazbeck, 2018). Similarly, data breaches also gain access to valuable information such as credit cards or credential information (Yazbeck, 2018). While system outages and denial of service attacks allow for system unavailability and third party threats rely on services such as data storage or information technology to grant access to sensitive or classified information (Yasbeck, 2019).
Due to the increase of cyber-crime against financial services organizations, there are several existing strategy recommendations that these organizations should use to respond to these environmental and existential threats? These recommendations include using threat intelligence to take a proactive approach to your security program, evaluating risks to increase security, leveraging automation tools to sift through noise, tracking threats specific to the organization and never underestimating the power of cybersecurity training (INTSIGHTS, 2018).
Cyber-crime will continue to increase. Organizations must be extremely cognizant of current threats and existing cyber crime. For organizations that offer financial services, this is an absolute must as cyber-crime against these organizations are more likely than ever. There are several ways a financial organization can better posture their security and need to so immediately. All organizations need to understand that a lack of strategy can be the reason for or missed success, but more importantly in this current time, ethics.
Foster, J. (n.d.). 21 Terrifying Cyber Crime Statistics. Data Connectors. Retrieved from https://www.dataconnectors.com/technews/21-terrifying-cyber-crime-statistics/
INTSIGHTS. (2018). Financial Services Threat Landscape Report: The Dark Web Perspective. Retrieved from https://cdn2.hubspot.net/hubfs/3699194/Content/Research%20Reports/IntSights_Financial_Services_Landscape-Final.pdf
Janczewski, L., & Colarik, A. (2008). Cyber warfare and cyber terrorism (1st ed., pp. 13–14). Hershey [Pa.]: Information Science Reference.
Little3field. (2017). Cyber Terrorism: Understanding and preventing acts of terror within our cyber space. Retrieved from https://littlefield.co/cyber-terrorism-understanding-and-preventing-acts-of-terror-within-our-cyber-space-26ae6d53cfbb
Secureworks. (2017). Cyber Threat Basics, Types of Threats, Intelligence & Best Practices. Retrieved from https://www.secureworks.com/blog/cyber-threat-basics
Yazbeck, S. (2018). 4 Cyber Attacks That Threaten Financial Inclusion. Retrieved from https://www.cgap.org/blog/4-cyber-attacks-threaten-financial-inclusion