Difference between revisions of "Cybersecurity in Banking"
| Line 55: | Line 55: | ||
===Managing Security=== | ===Managing Security=== | ||
While the realization of cybersecurity is heavily dependent on technical means, management security is equally important to assure the maintenance of cybersecurity. To formulate the cybersecurity in the banking system, national laws, regulations of the publicity, and enhance the overall cybersecurity awareness of enterprise personnel are crucial. | While the realization of cybersecurity is heavily dependent on technical means, management security is equally important to assure the maintenance of cybersecurity. To formulate the cybersecurity in the banking system, national laws, regulations of the publicity, and enhance the overall cybersecurity awareness of enterprise personnel are crucial. | ||
| + | |||
| + | [[Category:2020New]] | ||
| + | [[Category:2020Concept]] | ||
Revision as of 13:58, 17 March 2020
With the wide application and development of network and the internet, the internet has become an open network, public site on the bank transaction server, and the deal many high sensitivities of the information stored on the server. The virus spread through the way such as Internet and E-mail, and spread faster and wider and more dangerous. Especially with the emergence of code red, Nimda and other hybrid threats, it has launched a serious challenge to the cybersecurity in banking. As the banks are considered a sensitive department, to ensure the security of the network system, it is more necessary to strengthen the detection and elimination of cybersecurity attacks and threats.
Therefore, how to ensure the safety of the online trading system of the banks is the most crucial problem in the construction of online banking. The bank transaction server requires a higher level of security, and the security server is greatly dependent on the safety of the operating system. Unfortunately, whether the widely used UNIX or Windows operating system, its security level is not enough. Problems include the degree of access control, existent of superuser security vulnerabilities, and several other fatal problems of the operating system. Online banking system makes bank internal network to become publics to the general internet, but the currently existing online banking system protection is not strong enough, making it possible for the criminals to destroy the bank internal applications or breakthrough into the internal network to attacks bank transaction servers, thus putting cybersecurity in banking at risk.
Internet finance is a financial service form running on the basis of a global electronic information system. Therefore, the technical and administrative security of the global electronic information system has become the most important system at risk for banks.
Contents
Background
A bank information system is a technology-intensive, capital intensive, large-scale complicated human-machine system. With the rapid development of global information technology, its application in the banking system is more and more widely used and the reliance of the information system is becoming more comprehensive. At the same time, the risk faced by the bank information technology system will also increase. Cybersecurity is the life of banking information systems. With the development of the bank information system, the information is more concentrated and the scale is larger. While the banking industry's dependence on it is increasing, at the same time the importance of cybersecurity in banking is also increasing. It is crucial to the survival of the bank and the success of its operation, so cybersecurity in banking should be regarded as equally important as the security of the capitals. Bank information system security is not only relevant to the industry itself, but also pertinent to a country's economic security, social security, and national security. Because of its particularity, cybersecurity is more serious and important in the field of banking.
Current Status and Risk Analysis
With the increasingly fierce competition among financial enterprises, Banks have done a lot of work in improving service, increasing service functions, perfecting business varieties, and improving service efficiency. Through the realization of financial electronization, the use of high technology to promote the development and progress of the financial industry is bound to bring great economic benefits to the development of the banking industry.
Risk Analysis
Cybersecurity has four important risk factors.
Internet Unit Risks: Online banking, e-commerce, online trading systems are connected with the bank through the public network. Because of the characteristics of the internet itself is extensive and free, a financial system will naturally be listed in the front of its attack target by malicious intruders
External Unit Risks: Due to the increasing intermediary services of the bank, such as collecting fees on behalf of others, paying taxes on behalf of others, and third-party depository and management, the interconnection with the network of other units, the bank network system naturally increase its cybersecurity threats from external units.
Internal Unit Risks: According to the survey statistics, of all the cybersecurity incidents that have occurred previously, 70% of the attacks are from internal units. Therefore, intranet cybersecurity risks are more serious. Internal employees are familiar with their own enterprise network structure and application, and their own attacks may become the most deadly cybersecurity threat to the system.
Managing Cybersecurity Risks: The weak cybersecurity consciousness of enterprise employees and the flimsy cybersecurity management system are also one of the most important factors for cybersecurity risks. A sound cybersecurity management system is a key factor to ensure and maintain an enterprise's cybersecurity.
The Consequences of Risk
The possible consequence of cybersecurity threats includes illegal use of resources, spiteful destruction of data, data theft, data tampering, counterfeiting, forgery, deception, and extortion. The consequences and losses for such a sensitive industry as banking are incalculable.
Cybersecurity Risk Solution
System Security
Operating System Cybersecurity: These include cybersecurity bugs and backdoors in the operating system, which are often exploited by intruders. Therefore, the operating system must be equipped with cybersecurity configuration, the latest patch, and the use of the corresponding scanning software for its cybersecurity evaluation.
Application System Cybersecurity: For the cybersecurity of the application system, we should try to open only the services that frequently used and close the protocols that are not used. Also, strengthen the user's login identity authentication, ensure the user's legitimacy, and strictly limit the operation permission. Besides, make full use of the login function to record the information accessed by the users, and provide a basis for post-review.
Internet Security
Network Structure Cybersecurity: Whether the network structure layout is reasonable or not also affects the cybersecurity. The production area, office area, outreach area, and test area of the banking system must be reasonably distributed according to their respective application scope and degree of confidentiality, to avoid the threat caused by the low local cybersecurity and spread to the entire system.
Enhance Access Control: The banking system network must be physically isolated from the public network. The isolation and access control between the internal network, external network, and untrusted network can be achieved by installing a firewall.
Cybersecurity Check: Because of the safety control system is static protection such as cybersecurity system firewalls. Therefore, it must also be equipped with intrusion detection systems for active defense. Its function is real-time analysis of the network data flow, violations tracking, alarming, and blocking the connection. It can deal with both internal attacks and attacks from external units.
Application Security
System Virus Protection: To prevent the invasion of viruses, we should configure the latest antivirus system according to the specific system type. Whether the virus is from an internal network or external network, the antivirus system can protect the entire network and eliminate the virus as soon as detection, preventing the spread of it.
Information Security
Information Storage: The most important division of the banking system is the security of the database because the banking system uses servers to store data. Therefore, data are centralized in a large database system, so the cybersecurity of the database is particularly important. The most secure and effective way to protect the database is to use a backup and recovery system.
Managing Security
While the realization of cybersecurity is heavily dependent on technical means, management security is equally important to assure the maintenance of cybersecurity. To formulate the cybersecurity in the banking system, national laws, regulations of the publicity, and enhance the overall cybersecurity awareness of enterprise personnel are crucial.
