DIGITAL PIRACY IN FINANCIAL SERVICES

Piracy, Breach, and Security in the Digital World of Financial Services

Arsh Arora

Appalachian State University

RC 2001

Instructor Dr. Kevin Young

March 23, 2022

DIGITAL PIRACY IN FINANCIAL SERVICES 2

Abstract

A cyber attack is a type of online attack that utilizes one or more computers to attack a single

computer or a group of computers or networks. Cybercriminals use a variety of strategies to

carry out a cyber assault, including viruses, hacking, and malware. It involves data breaches,

which occur when personal, sensitive, or protected information is exposed to an unauthorized

person. Without authorization, files from a data breach are read and distributed (Chaullagai,

2016). Data breaches are sometimes considered more than a momentary terror; they have the

potential to change a person's life. Hackers can access data over the network, Bluetooth,

messaging services, or the networking sites that are used, whether the system is offline or online.

Breach of personal information can take several forms. Cybercriminals select their victims based

on two criteria: greatest effect and profit. Because financial institutions keep extremely valuable

data, and their digital transformation activities are increasing the opportunity for cybercriminals

to obtain that data, they fully match these prerequisites. This is why, after healthcare, hackers

target the financial industry disproportionately. Ransomware instances increased by 150 percent

in 2020, according to the FTC (Federal Trade Commission, 2020). According to the AGI

(Authenticated Government Information), the budget authorization for cyber security-related

operations in the 2020 President's Budget was $17.4 billion, up to $790 million (5%) over the

2019 budget. Even with that increase, we had the biggest cyber attack that caused the gas

pipeline to shut off and caused problems for the government and most importantly to the people.

keywords: Ransomware, Cybercriminals, Federal Trade Commission, Authenticated

Government Information, Cyber security

DIGITAL PIRACY IN FINANCIAL SERVICES 3

Piracy, Breach, and Security in the Digital World of Financial Services

The financial corporation has depended on digital technologies for the past decade. As a

result, financial institutions rely on digital technology to do operations, develop partnerships,

exchange data, and transact with other entities. The increasing reliance on technology is

attracting both positive and harmful aspects inside numerous businesses. Cyber assaults are one

of the unintended effects of the banking industry's rapid digital transformation. According to data

from the previous several years, the occurrence of cyber-attacks within financial institutions is on

the rise (Firch & Allen, 2021).

Due to the fact that cyber threats are still changing and growing, they provide a difficult

task for financial institutions. Cyber assaults are triggered by a number of circumstances,

including changes in the global financial industry. The fact that the banking industry is

accessible is one of the known sources of cyber assaults. Furthermore, there are currently no

institutional entities actively participating in the battle against cybercrime. We must investigate

the factors that lead to financial cyber-attacks. We must also consider the causes of cyber-attacks

in their surroundings (Pfleeger, 2008). Cyber-attacks are further aggravated by a widespread

lack of political will to address the issue. Until recently, cyber security concerns were restricted

to the banking sector. Cyber attacks now are often caused by a lack of a political response to the

challenge of cyber security ( Rue, 2008). The financial services industry has yet to adopt a

strategic approach in this regard, incorporating all main business owners, and it also includes

government agencies. Phishing (social engineering and technical deception), malware attacks

(injection of malware into legitimate online advertising sites), watering (injection of malware

into frequently visited websites), and web-based attacks (targeting of systems and services that
DIGITAL PIRACY IN FINANCIAL SERVICES 4

contain customer credentials) are all examples of cyber attacks (Wright,2015). Another

concerning trend in cyber assaults is the sale of stolen information to any interested customer on

the internet. Institutions have been obliged to invest massive sums of money to mitigate the

impact of cyber assaults. Cyber-attacks, on the other hand, have resulted in the loss of both

intellectual property and financial assets. Customers are likely to lose trust in businesses that

have been subjected to cyber-attacks (Jang-Jaccard & Nepal, 2014). In the fight against cyber-

attacks, it's critical to have a strong infrastructure. The lack of information centers that can

provide a complete overview of the situation is also increasing cyber assaults on financial

institutions. Cyber dangers are a new type of threat, yet they're evolving at a rapid speed. As a

result, critical information about the effects of cyber assaults on financial institutions is still

being gathered. It will take more time to evaluate the whole impact of cyber security. Financial

companies will continue to be victims of preventable cyber assaults unless accurate data on the

evolution of cyber attacks is produced ( Fair, 2022).

Reasons for the Cyber Attacks

Although some hackers get a thrill or a sense of accomplishment from shutting down

computer systems, most cyber assaults are either illegal or political in nature. The vulnerability

of financial institutions is one of the leading causes of cyber assaults. Naturally, financial

institutions do not function in a closed system, and they must maintain a wide range of links in

order to stay afloat. A malicious entity might quickly acquire access to the secured systems by

exploiting financial institution activities. A hacker is capable of not just stealing data, but also

deleting or altering it. As a result, each financial institution's susceptibility stems from its basic

activities. Ordinary "software, hardware, or human weaknesses can be exploited by hackers in

DIGITAL PIRACY IN FINANCIAL SERVICES 5

order to obtain administrative control of networks, which, if misused, might result in disastrous

repercussions" (Peefleger, 2008). Another big reason to keep in mind is human error. Human

error in the context of security refers to workers' and users' unintended acts or lack of experience

that create, promote, or allow a data leak to occur. Human mistakes may damage a company's

security in a variety of ways, but some categories of failures jump out above others in terms of

consistency. Misdelivery, which is defined as sending something to the incorrect person, is a

common hazard to corporate data security. Cybercriminals are always on the lookout for new

software flaws to exploit. When a vulnerability is identified, software engineers rush to patch the

flaw and distribute the fix to all clients before malicious hackers may corrupt more people. This

is why users must apply security updates as soon as they become available on their systems.

Unfortunately, end-users frequently delay updating their systems, which has negative

repercussions (Ahola, 2019).

A breach caused by human negligence or system failure is frequently much less

expensive than a breach caused by a hacker or malicious insider, still, it should not be

underestimated. A research was conducted a few years back and it showed that 24% of the data

breaches occurred due to human error. Human mistake costs $133 per record on average in cyber

security. In addition, it takes an average of 242 days for an organization to detect and remedy a

problem caused by unintended activities (Ahola, 2019). Another big reason for such attacks is

cyberwarfare. The possibility of cyberwar and its alleged consequences are a cause of

tremendous concern for governments and armies all over the globe but, governments all around

the globe are participating in cyberwar, with many admitting to or suspecting of planning and

executing attacks against other countries as part of continuing political, economic, and social
DIGITAL PIRACY IN FINANCIAL SERVICES 6

conflicts. Cyberwarfare is the term used to describe these sorts of attacks and most times if cyber

attacks go unreported, it is due to a lack of governmental commitment to the subject of cyber

security.

Preventing Cyber Attacks and Breaches

Investing money on security software is the key to stop these attacks, A SSP (system

security plan) is a list of all the security measures in place to keep data safe. The SSP identifies

hardware, software, security measures, training techniques, and incident-response procedures in

a system. It can also restrict access to authorized users and ensure that staff follow secure habits

and respond appropriately in the event of a security breach. When servers are crowded, it also

stops items from dropping through the cracks and allows the server from crashing.

Build a firm foundation for cyber security: training makes a big difference. Continuously

educate critical individuals in the line of attack on cyber security trends and breaches, as well as

conducting frequent assessments of authentication and security procedures. Employees should be

alert, they need cyber security drills. Invest in companies, such as security intelligence and

enhanced access control, but be adaptable and agile enough to keep up with cybercriminals.

Understand your data and map assets completely. "Not all information is vital or private." To

appropriately prioritize data security requirements (Zomorodi, 2017). Outsourcing cyber

security is another policy that everyone should adhere to. Outsourced cyber security is a service

that is handled externally and utilizes qualified cyber security specialists to handle a company's

cyber security demands. Outsourcing cyber security to different associations also provides

qualified and devoted IT professionals who will monitor networks, assess online threat exposure,
DIGITAL PIRACY IN FINANCIAL SERVICES 7

and respond to the many cyber attacks that are common today. Furthermore, outsourcing allows

one to focus on business while knowing that the professionals are up to speed on current cyber

threats and will provide the firm with layered protection. External cyber security services will

also evaluate cyber policies, safeguard your networks, update your gadgets, and set up spam

filters. They will also install firewalls for real-time security and provide services 24 hours a day,

seven days a week.

One of the things that should be considered to be a law is installing HSM ( Hardware

Security Module) in every business firm. A hardware security module (HSM) is a specialized

computing device used to store and safely encrypt data. In basic terms, it's a hardware appliance

that generates, protects, and manages keys needed for encrypting and decrypting data, as well as

establishing digital signatures and certificates, to give additional protection to a company's most

sensitive data (Acosta, 2021). HSMs encrypt data using algorithms to provide a higher level of

security. HSMs have tightly limited access and are created with embedded systems that have

been intensively tested and approved by third-party operators. HSMs are meant to give a secure

environment to organizations in a number of sectors that need to protect their data. Today

businesses are recognizing the need for tighter security, and utilizing HSMs may assist in the

implementation of more effective measures that result in not just compliance, but also peace of

mind (Sheikh, 2021). Hopefully, they continue to upgrade it and help to avoid more data

breaches, and provide security against cybercrime.

DIGITAL PIRACY IN FINANCIAL SERVICES 8

References

Acosta, D. E. (2021, February). How does hardware security module (HSM) protect

aaaapayment card data? Advantio. Retrieved March 22, 2022, from

aaakhttps://www.advantio.com/blog/hardware-security-module-hsm-what-is-it-and-what-

isaaa-its-role-in-protecting-payment-card-data

Ahola, M. (2019, September 24). How to prevent human error: Top 4 employee cyber

kkkkksecurity mistakes. Top 4 Human Errors in Cyber Security | How to Prevent Employee

aaaaaMistakes | Ekran System. Retrieved March 21, 2022, from

aaaaahttps://www.ekransystem.com/en/blog/how-prevent-human-error-top-5-employee-

cybaaaaer-security-mistakes

Authenticated U.S. Government Information. (2021). Cyber Security Funding. Retrieved

aaaaaMarch 21, 2022, from aaaaahttps://www.govinfo.gov/content/pkg/BUDGET-2020-

PER/pdf/BUDGET-2020-PER-aaaaa5-8.pdf

Authenticated U.S. Government Information. (2022). Information technology and

aaaaacybersecurity funding. Retrieved March 21, 2022, from

aaaaaahttps://www.govinfo.gov/content/pkg/BUDGET-2022-PER/pdf/BUDGET-2022-

PERaaaaaa-6-2.pdf

Chaullagai, P.(2021, June 26). Week 7 at Herald College. Weekly Blog. Retrieved March
aaaaa22, 2022, from
aaaaahttps://prejitachaulagai.wordpress.com

Fair, L. (2022, February 11). Federal Trade Commission. Retrieved March 22, 2022, from

aaaaahttps://www.ftc.gov/
DIGITAL PIRACY IN FINANCIAL SERVICES 9

Firch, J., & Allen, J. (2021, October 28). 10 cyber security trends you can't

aaaignore in 2021. PurpleSec. Retrieved March 21, 2022, from

aaaaahttps://purplesec.us/cyber-security-trends-2021/

Jang-Jaccard, J., & Nepal, S. (2014, February 10). A survey of emerging threats in cyber

aaaaasecurity. Journal of Computer and System Sciences. Retrieved March 21, 2022, from

aaaaahttps://www.sciencedirect.com/science/article/pii/S0022000014000178

Pfleeger, L. (2008, January). cyber security economic issues - rand. cyber security

aaaaaEconomic Issues. Retrieved March 22, 2022, from

aaaaahttps://www.rand.org/content/dam/rand/pubs/research_briefs/2008/RAND_RB9365-

1aaaaa.pdf

Rue, R. (2008). Cybersecurity economic issues . Research Brief. Retrieved March 23,

aaaaa2022, from

aaaaahttps://www.rand.org/content/dam/rand/pubs/research_briefs/2008/RAND_RB9365-

1aaaaa.pdf

Sheikh, I. (2021, August 12). Hardware security module (HSM) vs. Key Management

aaaaaService (KMS). Interconnections - The Equinix Blog. Retrieved March 22, 2022,

aaaaafrom aaaaahttps://blog.equinix.com/blog/2018/06/19/hardware-security-module-hsm-

vs-key-maaaaaamanagement-service-kms/

Wright, D. (2015, May 1). Cyber attacks on financial institutions increasing in frequency

aaaaaand severity. Cyber attacks on financial institutions. Retrieved March 21, 2022, from

aaaaahttps://www.jdsupra.com/legalnews/cyber-attacks-on-financial-institutions-80984/
DIGITAL PIRACY IN FINANCIAL SERVICES 10

Zomorodi, M. (2017, March 29). Internet privacy: How much information do you give

aaaaaaway? Time. Retrieved March 22, 2022, from aaaaahttps://time.com/4673602/terms-

service-privacy-security/
DIGITAL PIRACY IN FINANCIAL SERVICES 11