Risk Management

[pic 2][pic 3]

[pic 4][pic 5]

Contents

1. Key cyber threats        

2. Applicable regulations and geographies they apply        

3. Leading industry standards and best practices        

4. GRC technology available in market        

5. Pros and cons of GRC        

6. Recommendation for GRC        

1. Key cyber threats

The key cyber threats in financial services are as follows: -

1. DDoS (Distributed denial of service): DDoS attacks are used to deny access to an online service. This is achieved by bombarding or crushing it with traffic from various sources. Attacker may demand for a ransom from the user in order to prevent denial of service on the website run by financial institutions.
2. Social media attacks: Attackers can misuse social media profiles (by making fake profiles) and extract confidential information from people dealing with financial services.
3. Spear phishing and whaling:  It involves spoofing emails of executives with an intention to mislead finance departments and force them to make large transaction to fraudulent accounts. The email body normally contains a URL which seems to be of a valid financial website but ultimately leads to some other website.
4. Malwares: There are various types of malware in financial services industry. One is Point-of-sale malware which tries to attack payment portal websites (Ex: -LusyPOS and BlackPOS). The other type is ATM malware which infects the ATM and try to transact large sum of money illegally. They also try to perform reverse transactions in which the money is transacted back to some other bank account (Ex: - GreenDispenser and money mules). Credential stealing malware is targeting banks by leaking the credentials of online banking accounts. (Ex: - Dridex and Exploit kits).
5. Virus attacks: Virus attacks are one of the most severe attacks where they affect the network and the computer systems by replicating infinitely. Viruses have the capability to destroy the entire database of any financial services.

2. Applicable regulations and geographies they apply

The Financial institutions of the U.S are subject to numerous rules & regulations. On one hand they have to comply with regulations prescribed by Basel Committee on Banking Supervision (BCBS-Basel III Norms), Banking Federal Reserve Board (FRB) in its Enhanced Prudential Standards (EPS) rule, and by the Office of the Comptroller of the Currency (OCC) in its Heightened Standards (HS) formal guidelines, as well as by other sources including the FRB’s Supplemental Policy Statement on Internal Audit. These regulations are mostly concerned with capital adequacy (capital planning & stress testing, liquidity management and Off balance sheet exposures. Apart from these, the Financial institutions have to also comply with regulations w.r.t Cyber Risk.