- Internal Code :
- Subject Code : INFS5114
- University : University of South Australia
- Subject Name : IT Computer Science
Security Governance
Executive Summary of Corporate Governance, Social Responsibility, and Data Breaches
The banking sector has been positively affected by industry 4.0. This industrial revolution has helped the banking sector perform various functions such as perform transactions globally, provide the cheapest financial charges, reduced requirements for human tech-talent, reduced risk factors, better business intelligence and increased transparency and trust. With the help of e-banking facilities banks have been able to perform the same traditional processes but with reduced time and a better user experience. The First Bank of Nigeria in a similar way has been relying on the usage of internet-based facilities to cater its customers. But due to this, the bank has been forced to focus more on its data security operations. The finance sector has been prone to many cyber-threats and out of those many forms of cyber-attacks, data breaches have been one of the most common cyber-attacks found in the sector. This report aimed at understanding the most common vulnerabilities and threats faced by the banking sector. The report also aimed at understanding the causes and effects of data breaches in reference to the finance sector especially banks. Data breaches in banks have been a leading method of cyber-attacks exposing personal and financial information of individual and corporate customers. Hence, it becomes important to incorporate some of the most trusted and efficient methods to prevent and curb the effects of data breaches. This report also aimed at recommending tools and methods which can be used by the First Bank of Nigeria as preventive measures against chances of data leaks.
Table of Contents
Executive Summary..
Introduction..
Threats and Vulnerabilities.
Business Context..
Compensating Tools.
Recommendations.
References.
Introduction to Corporate Governance, Social Responsibility, and Data Breaches
The 4th industrial revolution more commonly referred to as Industry 4.0 has revolutionised some of the major sectors of the society and has continued to help other sectors grow too. With the influence of internet in everyday tasks, the banking sector has been working extensively on providing a better customer service and user-friendly processes through mobile applications and websites. These methods have led to increased customer satisfaction through reimagining and digitizing traditional banking processes (Bandara, Vidanagamachchi and Wickaramarachchi, 2019). But this has also led to increased chances of cyber-attacks and cyber-threats. Cyber security attacks and cyber threats have been a point of focus for many industries as companies have been focusing extensively on promoting online businesses and innovating the traditional ways of business management. Cyber threats are used to refer to the many forms of attack methods used by people to damage the data, get hold of it or disrupt the digital life of that data in general. There have been various types of data threats which have been prevalent in the recent days. Some of the most commonly used and encountered cyber threats are malwares, phishing, trojans and ransomware. According to Marikar and Bandara (2020), many organizations across the globe have been making use of data tools such as data analytics and Business Intelligence as a method to gain insights of the data generated by the organization in past and in present and modify current decisions and predict future events. Since almost every business is trying to provide a better customer experience through the adoption of software tools, banks have also made use of these technologies to provide an effective way of conducting businesses. According to Ali et al (2020), many financial institutions including banks have been relying greatly on the use of big data analytics to transform their corporate production and the various operations modes. It has also become a key tool used by banks to detect frauds and prevent financial crimes, credit risk management and for marketing purposes. Hence, with excessive use of software systems by banks, it also becomes essential to provide proper data security tools so as to safeguard the information from potential cyber attackers. This report aims at understanding some of the cyber threats faced by the First Bank of Nigeria and recommending tools to curb the chances and effects of these threats.
Threats and Vulnerabilities
According to Mbelli and Dwolatzky (2016), the banking sector has been updating their traditional methods to carry out different tasks by making use of cyber banking which is has proven to be a more convenient way of conducting business with technology being the drive mechanism of this evolution. As these systems have been becoming more and more inter connected with increased inter-dependency, the potential impacts of data breaches and cyber and cyber-attacks have also increased. The traditional ways used by banks as countermeasures for mitigating the impacts and risks of these cyber-attacks was based on finding out a single point of attack. But with advancements, these attacks can target multiple systems at a single moment and can cause larger implications to the institution. The potential challenges faced by a bank in case of a cyber-attack include downtime of the computer systems at the bank, protection of the bank’s customers information and funds, maintaining of the reputation of the banking sector and protection of the critical infrastructure. These cyber-security threats continue to gain pace and become more sophisticated in nature for almost every sector of the society and in particular the banking sector. The banking sector is prone to many cyber-threats in comparison to other business sectors. According to Dautovic (2020), 71% of all data breaches which have been conducted around the world have been due to financial motives. The cost bared by banks due to cyber-attacks amount to $18.3 million each year per company. The United States of America alone had been affected by a total number of 1473 of cyber-attacks in 2019 which amounted to a total of 164.6 million successfully conducted data breaches. Studies have suggested that the costs bared by organizations on cybersecurity training would reach up to $10 billion by 2027. In the United States, 8 out of every 10 citizens have the fear that businesses are unsuccessful in securing their financial information. As per the FBI, the amount paid to scammers who have been attacking systems using ransomware have reached to an almost amount of $1 billion per year. 92% of the ATMs have been found to be vulnerable to hacks. By 2021, the number of job vacancies for experts who can help organizations prevent data breaches are expected to reach 3.5 million. As per the reports formed by an Internet Society involving the cyber incidents and data breaches over various business sectors, the total number of all data breaches and the records stolen had reduced drastically but leading to an increase in their financial impact. According to Hussain et al (2017), financial organizations making use of e-banking services have been prone to several cyber-security threats including thefts and data breaches. In a survey carried out by CSI which included 227 financial organizations, these organizations ranked themselves a score of 3.7 out of 5 and considered themselves ready for cyber threats. As per the 2020 Banking Priorities Survey, social engineering was found to be one of the leading cyber-attack and was chosen by 41% banks as a greatest threat. Third party data breaches and ransomware were scored 21% and 20% respectively. With increased usage of mobile based banking processes, the chances of identity theft have also increased. Identity theft refers to the cyber-crime of procuring the financial and personal data of someone else by assuming the name and identity of someone else. Identity thefts can be committed in various ways and can be classified as criminal medical, financial and child identity thefts. Financial theft can be described as the process of making use of someone else’s credits and goods of someone else for the services and benefits of oneself. Text mining can be an effective way to minimize the chances of identity theft in financial sectors. Publicly available identity theft cases and stories can be used as inputs to text mining algorithms and predict the behavioural traits of cyber-thefts in these cases and stories (Zaeem, Manoharan, Yang and Barber, 2016). Ransomware attacks have also been prominent in the finance sector. Banks have been prominent to ransomware attacks due to the variety and depth of information they hold. These ransomware attacks have not only affected the organization’s data and locked it but has also stolen from it and used it as a threat of its widescale release. The recent trends in ransomware include the use of banking trojans to attack the governments and companies across the globe.
Business Context
According to Ayo et al (2016), the information and communication technology has revolutionized the banking sector in Nigeria over the last few years. The financial organizations in the country have adopted the implementation of a wider range of digital banking services. The First Bank of Nigeria was set up in the year 1894 and has been a key participant in the financing of private investments in the infrastructure of the Nigerian economy. The bank has facilitated the federal government’s privatisation and commercialisation schemes (Ani-Mumuney 2018). The Nigerian Banking sector has made prominent efforts in making use of the advantage of the productivity and the customer service gains that the e-banking technology has offered. In a similar way, to promote a better business strategy and to make use of the leading technology in the financial sector, the First Bank of Nigeria too makes use of various e-banking services. The bank has made efforts to upgrade the e-banking solution offered by the bank, First Online. The bank has focused extensively on providing a safe banking experience through a vis-à-vis payment efficiency and versatility and productivity in their business transactions. The aim of the bank has been to provide a user friendly and a secure internet-based banking tool which could be carried out on any mobile device including mobiles and computers and can provide e-banking facilities to both individual and corporate customers. Some of the prominent features of the e-banking facility of the First Bank of Nigeria include self-verification in case of an intercepted transaction, downloadable statements in various formats, multiple transactions with the help of a single token entry, payment of bills and enhanced security. But since, many banks in a similar way as that of the First Bank of Nigeria are focusing more on internet-based banking services, the costs of data management holding the customer’s account details have also increased. Banks have to store large amounts of data as databases need to store variety of data values for each customer. Also, since this data is crucial in its own way as it not only holds the customers financial data but also their personal data and the bank’s important data such as the total funds held by the bank, market shares, stock market values, etc, it leads to higher chances of data breaches. Banks, insurance agencies and other organizations which form a part of the industrial sector have been prone to cyber-attacks mainly due to the nature of these businesses and the sensitive data they hold. In 2018, the finance sector had witnessed a total of 819 cyber-attacks which was more than double for the cyber-attacks faced by the industry in the previous year. Some of the most common banking sector data breaches include the data breach at the Capital One Financial corporation in which the cyber-attackers had gained access to the credit card applications of the organization’s customers including small businesses and the data breach at the First American Financial Corporation in which the cyber-attackers had exposed an approximate count of 85 million personal and financial records which were related to real estate deals in the year 2003. According to Lending, Minnick and Schorno (2018), multiple surveys and researches have suggested that data breaches have been a common happening in the corporate sector. The banking sectors are also prone to many indirect costs followed by data breaches. Researchers have found that data breaches can lead to litigation in certain circumstances where individuals suffer financial harm.
Compensating Tools
Data breaches cannot be considered as temporary risks and can lease long lasting affects in various ways. Data breaches affect an organization by not only stealing information but by also affecting customer trust levels and the organization’s reputation. Data breaches can be caused due to two broad factors which is technology issues and user behaviours. As the number of devices which can offer e-banking services are increasing, the number of interconnected links are also increasing leading to an increase in the number of vulnerable points which can act as a source of data leak. Data breaches are perceived to be often caused by an external entity but be caused due to internal influences too. Internal influences which can possibly lead to a data breach include the unauthorised members of the organization, in which employees can access the files and data of the organization without holding authorization, malicious insiders where in employees of the organization might hold authorization to view and access the organization’s data but also possessing an intent to cause harm to it. Lost and stolen devices can also be a cause of data breaches. Hence, it becomes important to employ proper tools and security methods to mitigate the chances of data breaches especially for financial organizations such as a bank. According to Steinberg (2020), the first and one of the most important steps by which organizations can prepare themselves for an attack such as data breaches is to provide proper training to their employees against possible causes of data breaches such as accessing vulnerable websites and being attentive towards any abnormal behaviour in the organization’s database. Classification of data can also be used as a compensating tool against data breaches. Classification of data can help in allotting proper security tools depending on the nature of the data. People accessing the data should be checked for authorization. Proper standards should be established to ensure that people holding physical and electronic access to the data can only view data which is assigned to their particular designation. Encrypting data is one of the most suitable tools to mitigate the chances of data breaches. Encrypted data provides data integrity as the data can be transformed to other forms of code and decrypted by officials holding the decryption key. Data backup can also be used as a useful tool in terms of data breaches. Data breaches can be hard to recover and in cases of financial institutions, data loss can have huge effects on the organization, its customers and market. Hence, data backups can help these organizations tackle data losses while allowing the same workflow with a backup database. The Nigerian Government has also setup standards to mitigate the causes and effects of data loss in cyberspace. The Nigerian National Cyber Security Policy and Strategy is also known for its strong leadership, multiple stakeholder approach and its risk-based approach (Osho and Onoja 2015).
Recommendations on Corporate Governance, Social Responsibility, and Data Breaches
The First Bank of Nigeria can make use of the many standard tools and methods used by some of the leading organizations to prevent data breaches. Data Leak Prevention and Detection (DLPD) can be established using security tools and designated DLPD methods. These techniques can be classified into two categories namely content based approach and context based approach. Data leak prevention techniques which make use of content based approaches depend on the analysis of data exposure in different states but can often be bypassed by internal and external attackers. Context based approaches make use of contextual analysis of the meta information and the context surrounding the data. The First Bank of Nigeria can make use of the content based approaches by searching for sensitive information related to the bank on digital devices such as mobiles and laptops by scanning for digital fingerprints. In this method, the organization can scan for fingerprints and signatures of pre-analysed sensitive data and compare it with the data being monitored. Context based approaches which can be employed by the bank include data mining and machine learning procedures. These technologies have many advantages associated to them as these methods do not need to be able to precisely describe the abnormal activities by discovering the outliers. Watermarks are another effective method to prevent data leaks. They not only help mark the data with keywords as watermarks but also help analyse the attacker and the attack mechanism after an incident while carrying out forensic analysis. Trap Based defence systems can also prove effective in terms of mitigating internal threats. Honey pots are examples of trap based approaches in which a duplicate database is exposed to attackers forcing them to think that they are attacking the main database of the organization (Cheng, Liu and Yao, 2017). Other tools which can be used by the First Bank of Nigeria to reduce the chances of experiencing data breaches include the usage of biometrics. Biometric systems have proven to overtake traditional methods including passwords and token based electronic approaches. The bank can make use of biometric security systems in its branches for customer and employee identification. These systems provide an easy, user-friendly and a reliable security system. Banking ATMs can also make use of biometric systems as these machines rely on a password to complete transaction. These passwords are easy to hack and do not provide effective security means at ATMs. ATMs can switch to either biometric systems or two factor authentication system. Two factor authentication systems provide an extra layer of security by making use of additional security tools along with a password based system. The most common example for a two factor authentication system is e-commerce payment gateways which rely on the passwords generated by the user and also One Time passwords issued by the organization. These passwords are valid only for short periods of time hence, making it difficult for attackers to process these passwords (Agidi, 2018). The bank can also make use of protection software which can help it predict attacks as they can be carried out using different methods. These software systems can help scan the databases for any viruses and spywares which could lead to possible data breaches. Anti-logger software is effective too as they can assist the bank in scanning for keylogger programs in the computers of the bank and other devices used by employees (Alsayed and Bilgrami, 2017).
References for Corporate Governance, Social Responsibility, and Data Breaches
Bandara, O., Vidanagamachchi, K. and Wickramarachchi, R. 2019, March. A Model for Assessing Maturity of Industry 4.0 in the Banking Sector. International Conference on Industrial Engineering and Operations Management, Bangkok, Thailand, March. pp 5-7.
Marikar, M.S. and Bandara, H.M.N. 2020. An Analysis of Data Driven, Decision-Making Capabilities of Managers in Banks. Human Computer Interaction. [Online]. Available at: https://arxiv.org/abs/2007.01862. [Accessed: 23 Sept. 2020].
Ali, Q., Salman, A., Yaacob, H., Zaini, Z. and Abdullah, R. 2020. Does big data analytics enhance sustainability and financial performance? The Case of ASEAN Bank. The Journal of Asian Finance, Economics, and Business,7(7), pp.1-13.
Mbelli, T.M. and Dwolatzky, B. 2016. Cyber security, a threat to cyber banking in South Africa: An approach to network and application security. 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud). pp. 1-6.
Dautovic, G. 2020. Top 25 financial data breach statistics for 2020. [Online]. Available at: https://fortunly.com/statistics/data-breach-statistics/#gref. [Accessed: 23 Sept. 2020].
Hussain, Z., Das, D., Bhutto, Z.A., Hammad-u-Salam, M., Talpur, F. and Rai, G. 2017. E-banking challenges in Pakistan: An empirical study. Journal of Computer and Communications, 5(2), pp 1-6.
Oni, A.A., Adewoye, O.J. and Eweoya, I.O. 2016. E-banking users’ behaviour: E-service quality, attitude, and customer satisfaction. International Journal of Bank Marketing, 34(3), pp. 347-367.
Ani-Mumuney, F. 2018. FirstOnline: FirstBank Internet Banking, upgraded with exciting features to promote e-Banking efficiency. [Online]. Available at: https://www.firstbanknigeria.com/firstbank-plas-personal-loan-against-salary-unlocking-the-wealth-in-salary-account-2-2/. [Accessed: 23 Sept. 2020].
Lending, C., Minnick, K. and Schorno, P.J., 2018. Corporate governance, social responsibility, and data breaches. Financial Review, 53(2), pp.413-455.
Steinberg, J. 2020. Avoid security breaches: How to protect your data. [Online]. Available at: https://www.computerworld.com/article/3535590/avoid-security-breaches-how-to-protect-your-data. [Accessed: 23 Sept. 2020].
Osho, O. and Onoja, A. D. 2015. National cyber security policy and strategy of Nigeria: A qualitative analysis. International Journal of Cyber Criminology (IJCC), 9(1). [Online]. Available at: 10.5281/zenodo.22390
Cheng, L., Liu, F. and Yao, D. 2017. Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7(5), p 1211.
Agidi, R.C. 2018. Biometrics: The future of banking and financial service industry in Nigeria. International Journal of Electronics and Information Engineering, 9(2), pp.91-105.
Alsayed, A. and Bilgrami, A. 2017. E-banking security: Internet hacking, phishing attacks, analysis and prevention of fraudulent activities. Int. J. Of Emerg. Techn. and Adv. Activ, 7(1), pp.109-115.
Zaeem, R.N., Manoharan, M., Yang, Y. and Barber, K.S. 2017. Modeling and analysis of identity threat behaviors through text mining of identity theft stories. Computers & Security. 65. pp.50-63.
Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help