The financial services industry has been reeling from the effects of frequent cyber attacks. This problem has slowed down advancements in the financial services industry. This essay catalogs some of the causal factors when it comes to cyberattacks on financial institutions. Some of these factors include an enabling environment and a lack of a common approach towards this problem.
Over the last decade, the financial services industry has relied on digital technology. Consequently, financial institutions rely on digital technology to conduct business, form liaisons, share information, and trade with external institutions. The growing dependency on the internet is also on the rise and this dynamic attract both positive and negative elements within various industries. Cyber attacks are one of the consequences of the digital revolution that is ongoing within the financial industry. The frequency of cyber-attacks within financial institutions is on the rise according to statistics from the last few years.
To mitigate the effects of cyber attacks within financial institutions, it is important to understand their anatomy. Cyber attacks are still evolving in nature and this makes them a complex challenge for financial institutions. Cyber attacks are caused by various factors including developments in the global finance industry. Some of the known causes of cyber attacks include the fact that the financial industry is scalable. Besides, currently, there are no formal institutions that are actively involved in the fight against cybercrimes. This essay analyzes the elements that contribute towards cyber-attacks on financial institutions. The paper will also put the causes of cyber attacks in their respective contexts.
Background of the problem
The frequency and relentlessness of cyber attacks on financial institutions prompt major banking stakeholders to enhance systems that can improve information security systems. Current statistics indicate that around 93 percent of major financial institutions have had their cybersecurity compromised in the last one year (Lennon, 2014). Cyber attacks are responsible for the theft of various aspects of digital operations including usernames, passwords, credit card information, and money among others.
A cyber attack can be in the form of phishing, “(social engineering and technical subterfuge), malvertising (injection of malware into legitimate online advertising sites), watering holes (injection of malware into commonly visited web sites), and web-based attacks (targeting of systems and services that contain customer credentials)” (Mukhopadhyay, Saha, Mahanti, & Podder, 2005). Another worrying trend of cyber attacks involves instances when stolen information is sold online to any willing buyer. To counter the effects of cyber attacks, institutions have been forced to invest colossal amounts of money towards the mitigation of this vice (Lennon, 2014). On the other hand, cyber-attacks have led to the loss of both intellectual properties and financial-based assets. Customers are likely to lose confidence in institutions that are subject to cyber-attacks. The development of robust infrastructure is vital in the fight against cyber attacks.
Combating cyber attacks prompts financial institutions to subdivide their resources into various departments in line with the severity of threats. The financial institution’s industry is interconnected into a web of bigger and smaller organizations. Consequently, a cyber attack on one institution can have far-reaching effects on other players including suppliers, vendors, partners, and customers, among others. This scenario was evident when the popular retail chain Target fell victim to hackers (Richardson, 2008). The attack affected a wide range of stakeholders including customers, suppliers, and financial institutions. Currently, the risk of cyberattacks is noted to be one of the major impediments to growth in the financial services industry.
Causes of cyber attacks
One of the major causes of cyber attacks is the vulnerability of financial institutions. Naturally, financial institutions do not operate in isolation and they have to sustain a myriad of connections to survive. Through a financial institution’s normative activities, a malicious actor can easily gain entry into the guarded systems. For instance, a hacker has the ability not only to steal data but also to delete or modify it. Consequently, the vulnerability of any financial institution comes from its core operations. Ordinary “software, hardware, or human vulnerabilities can be exploited by hackers with the view of gaining administrative control of networks which, if abused, could cause catastrophic consequences” (Pfleeger & Rue, 2008). Financial institutions are subject to competitive market dynamics and this means that they have to adopt a welcoming attitude. Also, financial institutions rely on the achievement of sizeable market shares for them to consolidate their financial stability.
In most financial-industry environments, there is a lack of a coordinated effort to address the issue of cyber attacks in a collective manner. Consequently, malicious actors have continued to take advantage of this shortcoming. For example, cyber-attacks have not yet been addressed at the international level (Pfleeger & Rue, 2008). At this level of action, financial institutions should be able to exchange information concerning cyber attacks. This information can range from intelligence to potential attackers, recognized best practices, and past experiences. Lack of coordinated efforts leaves financial institutions at the mercy of their own devices thereby giving potential attackers an advantage. The capacity for individual institutions is not sufficient to combat the efforts of attackers who are increasingly becoming sophisticated. Until global initiatives to combat cyber attacks have been instituted, the attackers will continue to prosper at the expense of small industry players.
Incidences of cyber attacks are also being fuelled by the fact that there is a general lack of political will when it comes to this problem. Until now, cybersecurity issues have been confined to financial matters. Lack of a political approach to the problem of cybersecurity is a major cause of cyberattacks. The financial services industry is yet to adopt a proactive stance in the matter thereby involving all major stakeholders including government departments.
Hackers and other cybersecurity offenders have enjoyed a relatively free reign as opposed to other criminals of similar nature (Bignell, 2006). For example, some countries do not have adequate systems for prosecuting cybercriminals. Consequently, offenders find safe havens through a lack of coordinated political will to combat cyber attacks. International political awareness can shield the financial services industry from increased cyber attacks. The leading industry representatives such as the European and International Banking Federation have failed to take up the initiative to drum up political awareness on cybersecurity (Nasheri, 2005). This lack of initiative is has left the industry vulnerable to the problem of cyberattacks.
Another cause of cyber attacks on banks and other financial institutions is that they are structured in a manner that leaves them vulnerable. The supply chain that is associated with financial institutions prompts banks to be vulnerable to attacks. The incessant risk of third party players prompts some institutions to seek consultancy services on how to deal with this issue (Richardson, 2008). For instance, some institutions have “invoked ‘supply chain working groups’ to manage risks associated with third parties and others have built comprehensive lists of who supplies what so that during incident information and intelligence can be shared with these companies” (Bignell, 2006, p. 23).
In recent times, the involvement of state actors in matters to do with cyber attacks is evident. Government-associated institutions initiate cyberattacks on targeted organizations for reasons that go beyond the norm. For example, one common motivation behind state-affiliated cyber attacks is espionage (Nasheri, 2005). State actors often target financial institutions that are affiliated with governments. In normal circumstances, attacks that come from government quarters often use the network intrusion tactic to perpetuate persistent threats against their targets. The risks that are associated with state-affiliated actors in cyber attacks rarely materialize (Bignell, 2006). Nevertheless, sour inter-relations between states and governments are a major contributor towards cyber-attacks on financial institutions.
Another major cause of cyber attacks on financial institutions is the environment in which they occur. For instance, cyber attacks occur within a virtual environment that mimics an international arena. Geographical and political boundaries are not a factor where cyber threats are concerned. Consequently, perpetrators of cyber threats can undertake their operations in any type of environment. The only real hindrance to perpetrators of cyber attacks is the pace of changing technology. Consequently, if attackers can adapt to the changing technology their attacks can go on unhindered for a long period. One observer analyzes the factors that contribute to increasing cyber threats by noting that “actors have shown themselves to be capable of adapting quickly to the rapid pace of technological change, taking full advantage of the convergence of internet-enabled technologies to develop new and bespoke attack vectors” (Bailey & Richter, 2014, p. 18). The ambiguity of the environment in which cyber-attacks take place is a major contributor to this vice. Also, at any given time, operations of financial institutions have to be evolving to keep up with the adaptive nature of cyber attackers.
Cyber attacks on financial institutions are also being fuelled by the fact that there are no centers of information that can give a comprehensive outlook on the issue. Cyber threats are an emerging threat but they are also progressing at an impressive speed. Consequently, vital data concerning the impacts of cyber attacks on financial institutions are still at the collection stage. It will take more time for the full impact of cybersecurity to be quantified. The collaboration of various institutions can diminish instances of cyber attacks by creating a resourceful information pool. Until credible data on the developments of cyber attacks has been compiled, financial institutions will continue to suffer from avoidable instances of cyber attacks. On the other hand, the collaboration of relevant information in an effective manner will give institutions access to information on cyber attacks (Rigby & Bilodeau, 2015).
Cyber attacks are a culmination of various oversights, omissions, and challenges within the realm of financial institutions. The attacks are causing a slowdown in the growth and expansion agendas of various institutions. On the other hand, advances in digital technology have provided an enabling environment for potential offenders. One prominent cause of cyber attacks is the fact that financial institutions operate in an interconnected environment where an attack against one institution could end up affecting many organizations. Lack of political commitment in the cybersecurity issue also means that cyberattacks can go on unnoticed. The entry of global stakeholders in cybersecurity matters means that pertinent data will soon be available to institutions and other players in the financial services industry. On several occasions, cyber offenders have found it easy to operate in a virtual environment where they are not limited by political or geographical boundaries.
Bailey, T., & Richter, W. (2014). The rising strategic risks of cyberattacks. McKinsey Quarterly, 2(14), 17-22.
Bignell, B. (2006). Authentication in an internet banking environment; towards developing a strategy for fraud detection. London: Bain & Company.
Lennon, M. (2014). Hackers hit 100 banks in ‘unprecedented’ $1 billion cyber heist. Web.
Mukhopadhyay, A., Saha, D., Mahanti, A., & Podder, A. (2005). Insurance for cyber-risk: A utility model. Decision, 32(1), 153-169.
Nasheri, H. (2005). Economic espionage and industrial spying. Cambridge: Cambridge University Press.
Pfleeger, S., & Rue, R. (2008). Cybersecurity economic issues: Clearing the path to good practice. Software IEEE, 25(1), 35-42.
Richardson, R. (2008). CSI computer crime and security survey. Computer Security Institute, 1(1), 1-30.
Rigby, D., & Bilodeau, B. (2015). Management tools & trends 2015. London: Bain & Company.