Banks' Cybersecurity Measures Essay.

Discuss the cybersecurity and its measures adopted by banks.

Importance of Cybersecurity in Banks

Cybersecurity is being the primary objective for every organization as well as for an individual so that internet-connected systems could be protected from cyber-attacks. Crucial elements through which cybersecurity could be strengthened are adopting anti-viruses, advanced operating systems, firewalls, passwords, etc. Cyber-attacks are increasing rapidly and with regards to this, all industries in all sectors are adopting appropriate measures for protecting their systems and data from cyber-attacks (TechTarget, 2018). All sectors are using internet in order to execute their functionalities and this essay will focus over the cybersecurity in banks. Cybersecurity refers to the body of technologies, processes, and practices which are designed to protect networks, programs, devices and data from the attacks, damages and from unauthorised accesses. Cybersecurity is also referred to as the information technology security. Cybersecurity is important in every sector because almost all sectors and industries have adopted automation in their functionalities. In the computer context, security refers to both physical as well as cybersecurity and both are executed in the business context in order to protect organizational data from unauthorised access. In relation to this, information security is being designed for maintaining the integrity, confidentiality and availability of data and it is a subset of cybersecurity (Ben-Asher & Gonzalez, 2015).

Cyber security is the collection of technologies and their main purpose is to protect networks, programs, data and consumers’ credentials from damage and attack. In relation to prevent cyber-attacks, government authorities have taken various measures along with collaborating with the IT teams of banks. These measures are spreading awareness amongst the users for not sharing their secret credentials with any person in order to avoid any unauthorised access. OTPs (one time password), face id and finger print unlocking systems are another crucial measures for ensuring user’s data from the cyber-attacks (Church, 2016).

Cyber-crimes are increasing rapidly and in relation to this, every one requires to take measures from their side. Due to advancement in technologies, cyber-attacks have been increased and in order to deal with these attacks, it is required for the banks to adopt appropriate steps so that cybersecurity could be enhanced. Cybersecurity is another great measure for building brand image amongst the consumers. The more security measures will be adopted by any bank, the more number of customers will be attracted towards the bank. Cybersecurity is not only important for banks, but it also plays significant role in protecting data for government, military, financial institutions, organization who collects consumers’ data, etc. Amongst these information, certain part of data could is sensitive enough through which huge loss could be occurred. Cybersecurity is concerned with theft of data, hacking user’s computer system, unauthorised access, etc. Cyber-attacks have been considered as one of the top threats to national security since 2013 and it has even eclipsed terrorism (Craig, 2018).   

Measures Adopted by Banks for Improving Cybersecurity

Since the introduction of technology in banking industry, banks have rapidly adopted new and advanced technologies and the digital channels in order to improve customer services as well as to enhance their revenues. Along with this, customers’ preferences have also shifted towards digital platforms. In order to secure the banking systems along with the management of operations of the banking industry, appropriate measures have not been adopted in terms of cyber security. Due to which, chances of leakage of clients’ secret information, credentials and other data is much high (Morrow, 2012). Although, certain measures have been adopted by the banks in order to secure their systems and procedures and banking industry have been found proactive in terms of investing certain part of their revenues for improving cyber security services. Primary challenge in the cyber security is the adaptation of security measures because prevention could only be done for those risks which have already taken place. The risks which are not yet taken place cannot be prevented, thus, chances of risk are high in terms of keeping banking system secure and safe. Following are certain challenges in relation with traditional approach to IT security are:

• Proliferation of attack trajectories and increased attack surface
• Proliferation of customer’s preferences towards digital platforms
• Sophistication of threat actors and enhanced targeting of banks
• Banking industry is acting as ‘boundary less’ ecosystem (Kohl & Charlesworth, 2013).

A slight difference has been observed in the attacks over banking system through technology and these are exploiting the source, motives, behaviour, and vectors. This indicates that the traditional security measures adopted by banks are not appropriate in terms of controlling the risks and challenges of contemporary banking industry. Internationally, cyber security incidents have been increased and amongst them, several incidents have been large scale braches, heists and frauds. These incidents not only end in terms of financial losses but in several cases, it has been found that the brand value of particular financial institutions has been eroded (Ghernouti-Hélie, 2010). Every country has a central authority to control and regulate all the operations of financial institutions and banks. With regards to this, they have adopted several measures in the direction of controlling the cyber-attacks over banks. Along with this, they have also adopted advanced technological measures for strengthen bank’s cyber security so that banks could easily be able to control the losses occurred due to unwanted incidents along with analysing the nature and quantum of cyber-attacks (Gcaza & von Solms, 2017).

For executing cybersecurity in an effective manner, appropriate coordination and efforts are required throughout an information system and it includes:

• Application security
• Information security
• Network security
• Disaster recovery
• Operational security

Amongst these elements, one of the elements is constantly affecting cybersecurity and it is evolving nature of security risks. Traditional approach of cybersecurity focus on preventing system components against the major threats which meant leaving components undefended and not protecting system against less dangerous risks (Terlizzi, Meirelles & & Viegas Cortez da Cunha, 2017). Advisory organizations in cybersecurity plays vital role and as per the current environment, they suggest to promote more proactive and adaptive approach. The National Institute of Standards and Technology (NIST) have recently issued updated guidelines in relation with risk assessment framework that recommend a shift towards real-time assessments and continuous monitoring. These frameworks are mainly introduced for improving critical infrastructure and amongst them, a framework is mainly introduced for protecting data theft and other cyber-attacks in banking, communication, defines and energy industries. Thus, investments in cybersecurity are increasing in order to upgrade the technologies through which enhance the level of cybersecurity (NIST, 2018).

Challenges in Traditional Approach Toward IT Security

Bank robbery is one of the oldest crimes which are being practiced since a very long time. When internet was not introduced, traditional methods were used for bank robbery and all those did not got succeeded always. Still goals of bank robbers have not been changed but their methods of executing robbery have been evolved. Today, bank robbers do not go to the bank for executing robbery, they just hide behind the screens and with the help of sophisticated tactics; they enter into banking systems and then transfer the funds into their accounts (Grossman, 2018).

In 2015, banking industry identified a new type of threat under which massive cybercriminal ring was targeting banks using Carbanak malware. This malware affected banking machines for not less two years and it also affected internal money-processing services and ATMs (automated teller machines). Till the time, Kaspersky Labs identified the measure to deal with this malware; attack was so massive that it infected over 100 banks in more than 30 more countries and the loss was estimating to approximately $1 billion. Another example of cyber-attack in banking industry held with phishing campaign and with this malware, attackers steal over $100 million from the Bangladesh Central Bank account at the Federal Reserve Bank of New York. In order to execute this crime, attackers spied over Bangladesh Bank for weeks before the attack. Attackers infiltrated number of computers very smartly with phishing attacks for stealing credentials for transferring payment (Gupta, Agrawal & Yamaguchi, 2016).

In relation with the preventing measures for securing bank’s data from cyber-attacks, IT teams at banks have enhanced protection in terms of securing consumer’s data, as well as to reduce the credit card frauds. Still, attackers are continuously managing to execute frauds, thus, it is necessary for the banks to adopt certain effective measures through which their internal security system could be strengthened (Thomas, 2015). Following are some of the measures which could be adopted by banks for improving their security system:

• Consistent learning: Attackers are inventing different types of threats every day and in order to deal with those attacks, IT teams of the banks needs to develop preventing measures for all those attacks which has already been executed. This will help the banks to prevent their system with the existing malwares and other cyber-attacks whereas; there is no appropriate system through which upcoming cyber-attacks could be prevented. Apart from this, organization could also use network segmentation strategy by creating network zones and by limiting the ability of a hacker in relation with entering into the system of banks. In relation with network segmentation strategy, regular updates needs to be implemented through which security measures could be strengthened along with enhancing the protection for data for customers’ in banks (Isozaki, Yoshizawa, Fujimoto, Ishii, Ono, Onoda & Hayashi, 2016).
• Enterprise wide security policy: This type of policy will act as the road map for an IT team of bank which will ultimately help in maintaining a truly security architecture. It will help the banks to manage the cyber risks under which the operations of banks could be executed in an effective and appropriate manner. In addition to this, this security policy needs to consider all regulations and compliance requirements (Jin, Lavaei & Johansson, 2018).
• Security policy enforcement: This defines that how security policy behaves in IT platforms and on the other hand, how it actually validates that the policy is being enforced across the network. Following compliances and the regulations helps the organization to follow the cyber-attacks but it does not make the network safer. In relation with this, it is required for the business organization to constantly monitor their networks so that appropriate measures could be adopted. This is a combined effort which includes network operations, security operations and the CIO (Weinstein, 2016).

It is necessary for the senior management of banks to analyse the requirements of the organization by determining internal requirements so that appropriate picture of the security could be created. Along with this, senior management requires to analyse the recent trends and the types of cyber-attacks which are taking place so that appropriate measures could be adopted with the objective of being one step ahead from the attackers (Lord, 2018).

Managing network security is bit complex and resource intensive task and in relation to this, it is necessary for the senior management to analyse the gaps between the security measures adopted by organization and the advancement in technologies. Major challenge for the maintaining security in the banks is ever-evolving nature of security risks. Traditionally, governments and banks have focused over cyber security resources in order to protect their crucial system components along with defending against the known threats. Today, these measures are not sufficient because threats have been advanced and in order to match up with the security risks, advanced measures needs to be adopted. NIST has issues guidelines for banks as risk assessment framework and switch towards continuous monitoring and real-time assessments. These are known as the data-focused approach through which approaches to security would easily be opposed to the traditional model (Moga, Boscoianu, Ungureanu, Lile & Erginoz, 2015).

Evolution of Security Risks in Cybersecurity

The National Cyber Security Alliance (NCSA) by SafeOnline.org has suggested several measures for adopting top-down approach in terms of strengthening the cyber-security. Under this, corporate management will play lead role in terms of prioritising cyber security management in all business practices along with banks’ functionalities. NCSA advices banks to be prepared for responding to all types of attacks in order to prevent the organization from financial as well as reputational loss. In relation with NCSA has issued guidelines in three areas: identification of the most valuable information that exists in the organization, determining risks and threats associated with that particular information and expecting the damage which will be faced by the banks if that information will be stolen. Cyber risk assessment needs to be executed according to the regulations and compliance of management and government respectively (Newmeyer, 2015). With the help of outcomes originated from risk assessment, an adequate plan will be created in order to accommodate the increasingly sophisticated attacks.

European Union has developed number of activities in terms of computer security and electronic communications; it took a conscious decision to develop fully-fledged approach towards cybersecurity. This authority has analysed several drastic events of cyber-attacks and to tackle them, EU has discovered idea that societal reliance on technology for addressing such attacks and issues. EU reinforce its first strategy in relation with cyber security in 2013 and the motive of this strategy was to improve the private sector’s resilience to cyber threats by encouraging higher degree of cooperation between all actors involved, greater investment in private and national sector to enhance their capacities to respond on attacks along with further development of cyber defence capabilities (Informa UK Limited, 2018).

From then, improvisation has been recognised at political, legislative and capabilities level and from there, political dimension is concerned and with relevance to this, cyber-security is being the priority for EU and they are continuously adopting new measures and conducting meetings with international agencies to integrate the unique ideas for developing effective policies towards improving cyber-security. Primary motive of cyber-security is being one step ahead from the hackers and to attain this objective, EU has invested huge part of their earnings towards research and development so that the members of this team could think out of the box in terms of secreting the banking system especially from the cyber-attacks (No & Vasarhelyi, 2017).

From the all major concerns, outdated core IT system was the most significant threat for global bankers. Failures are the major reason for investing in terms of enhancing the procedures along with keeping the banking system secure through which the quality of service could be improved as well as the adaptation of agile systems through which digital and mobile banking system could be enhanced in terms of controlling and to face the cyber-attacks in an appropriate manner (Wilson, 2011). Along with the cyber-attacks, other reasons which affect organizational performance are burden of multiple legacy systems at some banks is another crucial problem. In addition to this, several banks especially those who practice with traditional approaches face huge competition from the disruptive innovators who are providing high quality services to its clients. This makes the modern banking industry unique from the traditional banking industry. In terms of enhancing the organizational performance, adaptation of change is necessary (Pan, Morris & Adhikari, 2015). Change management helps the organization to deal with the contemporary requirements of the business industry as well as of the target audience. With regards to this, banks are required to adopt innovative and creative approaches to make their operations unique from the other banks and financial institutions (Sales, 2012).

Examples of Cyber-Attacks in Banking Industry

Technological risks directly linked with the criminality and cyber-attacks are some of the important concerns for bankers. It has been analysed that banks technology has grown and along with this, threat of cyber-attacks have also been increased. With regards to the cyber-attacks, prevention measures are not yet capable enough to stay one step ahead from the threats. Measures are only available for those activities which have already been taken place. There are not such measures are available through which the risk of cyber-attacks could be minimised. Professional hackers, fraud companies, etc. are major threat for the banking system (Zhuang, Bardas, DeLoach & Ou, 2015). Cyberattacks on key financial infrastructure could leave banks vulnerable to significant financial, regulatory, and reputational risk. These attacks have been immensely grown up in last couple of years and to respond positively towards these growing threats, financial institutions and banks are significantly strengthening their defensive strategies in order to stay one step ahead from to tackle the cyber-attacks in an appropriate manner (Pipyros, Mitrou, Gritzalis & Apostolopoulos, 2014). Cyber Threat Intelligence (CTI) is sharing measures through which banking firms could increase their efficiency along with enhancing their capacity to deal with the network of infiltration. Some of the major cyber-crimes in modern banking industry are as follows:

• The ways in which malicious actors are selecting to attack their selected targets are rapidly evolving and technology is playing the role of facilitator in terms of enhancing the impact of those attacks. Customers as well as financial institutions have shifted towards digital platforms and this has been the major opportunity for cybercriminals in terms exploiting the customers ((Pipyros, Mitrou, Gritzalis & Apostolopoulos, 2016).
• In addition to this, victims of attacks are analysing the benefits of collaborating and sharing the information and malicious actors finds the way to detect the opportunity to enter user’s system. Due to introduction of advance technological measures, number as well as the chances of cyber-attacks have been increased as the process for executing a criminal activity with the help of technology is easily available over internet platforms (Rid & Buchanan, 2015).
• The third crime theme in term of banking operations are increasingly interconnected nature of financial markets. This interconnectedness increases the risk of cyber-attacks, thus, it is necessary for the banking operations to closely analyse the relationship with their customers and service providers in order to ensure the strict protocols for preventing IT infrastructure, intellectual property and clients’ credentials in order to defence against cyberattacks. If banks were not able to recognise the risks at right time, it may lead to reputational as well as financial damage (Fan, Pawlik, Daniels, Vernon, Banks, Westby & Makary, 2016).
• Next scenario of cybercrime is the shifting of attention of banks to ensure the protection of cyberattack in terms of saving the data of their clients in appropriate time. It has been observed that banks are substantially enhancing their capabilities to overcome the challenges along with recovering data and implementing secondary systems for maintaining the operations in the event of prevention of cyberattack (Rasekh, Hassanzadeh, Mulchandani, Modi & Banks, 2016).

With regards to this, banking firms are implementing new and advanced technologies as well as the traditional methods as defensive strategies. Combination of these strategies proves to be the most appropriate and effective strategies for developing security program. This also includes strong management process through which every attack could easily be faced along with the vulnerability management (Servidio & Taylor, 2015). Advancement of computers and technology in business sector as well as in other sectors has eased the operations and along with this, it has also generated various risk factors due to which cybercrimes and threats increases rapidly (Weinstein, 2016). Role of computers and technology is huge in terms of executing the destructive operations. Banking sector include, public banks, private banks, foreign banks, regional as well as cooperative banks. In relation to this, various IT based products and services are available. Some of them are phone banking, ATM, Smart cards, debit and credit card, mobile banking, internet banking and there are various other banking services through which banking industry has created an effective place in an individual’s life (Carr, 2016).

Computer crime, high tech crime, e-crime, digital crime, and cybercrime are certain crucial terms of electronic crime. In terms of executing e-crimes, computer plays vital role in relation with committing crime, as the tool to store the data and as the target of the crime. Stolen of intellectual property or execution of any illegal activity could easily be done with the help of computers. In order to match up with the latest trends in technologies, security measures and threat intelligence, advisory organizations are required to be active (Shields, 2015). Culprits could execute several types of cybercrimes and the most common are:

• Ransomware: It is a type of malware under which an attacker locks victim’s computer system and files stored in the computer. This is done through encryption and against unlocking the system, attacker demands for payment to decrypt and for unlocking the victim’s computer.
• Malware: This is a type of threat which is used for harming computer user such as computer virus, worms, spyware, etc. (Shoemaker, Kohnke & Sigler, 2016).
• Social engineering: It is a type of attack which relies over human interaction to trick users into breaking security procedures in relation with gaining sensitive information which is typically protected.
• Phishing: It is a type of fraud under which fraudulent emails are sent which resembles that it comes from authentic source and the purpose of these emails is to steal the confidential data of users such as credit card credentials, etc. (Sittig  & Singh, 2016). This crime is growing rapidly. In this type of crime, culprit creates a fraudulent email which looks legitimate and arrives from trustworthy source. This email contains all the secret and confidential information about the receiver through which the email proves to be an official message. Along with this, the mail also contains bank’s logo, graphics and the link of the website which will same look like the original website of the particular bank. The mail asks the customers to share their secret credential by displaying the high sense of urgency and if clients will click over the link mentioned in the mail along with giving their details, it will redirect them to illegal website which will look same as per the official site of bank. Through this, culprits obtain secret information regarding the customers and then these credentials are used for executing the fraud such as transferring the money from account holder to some other bank accounts without customer’s consent (Corbet & Gurdgiev, 2017).
• Apart from this, there are numerous threats and types of cybercrimes which occur in the daily lifecycle. Identity theft, worms and Trojan horses, spy ware, search engines/Google, denial of service/distributed denial of service attacks and blackmail. In order to track these crimes as well as to mitigate the impact of these crimes, every country has established an especial body which regulate the cybercrimes so that the banks could perform their operations along with protecting the secret information of customers, valuable data, etc. Federal Bureau of Investigation (FBI) has established separate body i.e. Internet Crime Complaint Centre (IC) to regulate and control these types of crimes (Abomhara & Køien, 2015).

Effective Measures for Strengthening Bank's Security System

Increasing cybercrimes are one of the major concerns for banks which are increasing their liability towards their clients. Thus, there is no other option left for the banks else being proactive, data sets, showing integrity for their services and execution of the tasks as per the legal obligations. Apart from these formal obligations, banks need to be practical for handling the crimes in an appropriate manner (TechBeacon, 2018).

Some of the important measures which could be adopted for reducing the impact of cybercrimes and to enhance the cybersecurity are:

• Evaluation of employees: At regular intervals, it is required for the organization as well as to its members to execute the evaluation techniques through which suspicious employees could be found. All computers and other resources used by the employees in the banks needs to be evaluated so that appropriate information could be analysed. Technical consultants could be hired in order to execute the evaluation program in an effective manner.
• Development of policies: Policies and the regulations in relation with dealing with the cybercrimes needs to be build up so that in the situation where risk arises, banks needs to use some sound logic and not to overreact in terms of developing protection mechanisms.
• Risk assessment: If the risk assessment will be done in an appropriate manner, it will lead to improving effectiveness. In relation with this, organization could also take help from the professional with the objective of analysing all possible threats and cybercrimes which could occur. With the help of this, organization could adopt appropriate measures for being one step ahead from the culprits.

References

Abomhara, M., & Køien, G. M. (2015). Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security, 4(1), 65-88.

Ashok, A., Wang, P., Brown, M., & Govindarasu, M. (2015). Experimental evaluation of cyber attacks on automatic generation control using a CPS security testbed. In Power & Energy Society General Meeting, 2015 IEEE (pp. 1-5). IEEE.

Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack detection. Computers in Human Behavior, 48, 51-61.

Carr, M. (2016). Public–private partnerships in national cyber-security strategies. International Affairs, 92(1), 43-62.

Church, A. (2016). Military Strategy as a Guide for Cybersecurity. In European Conference on Cyber Warfare and Security (p. 58). Academic Conferences International Limited.

Corbet, S., & Gurdgiev, C. (2017). Financial Digital Disruptors and Cyber-Security Risks: Paired and Systemic.

Craig, J. (2018). Cybersecurity Research—Essential to a Successful Digital Future. Engineering, 4(1), 9-10.

Fan, C. J., Pawlik, T. M., Daniels, T., Vernon, N., Banks, K., Westby, P. & Makary, M. A. (2016). Association of safety culture with surgical site infection outcomes. Journal of the American College of Surgeons, 222(2), 122-128.

Gcaza, N., & von Solms, R. (2017). Cybersecurity Culture: An Ill-Defined Problem. In IFIP World Conference on Information Security Education (pp. 98-109). Springer, Cham.

Ghernouti-Hélie, S. (2010). A national strategy for an effective cybersecurity approach and culture. In Availability, Reliability, and Security, 2010. ARES'10 International Conference on (pp. 370-373). IEEE.

Grossman, S. (2018). Banks Face New Cybersecurity Rules. Risk Management, 65(2), 12-13.

Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern cryptographic solutions for computer and cyber security. IGI Global.

Informa UK Limited. (2018). European Union cyber security as an emerging research and policy field. Retrieved from: https://www.tandfonline.com/doi/full/10.1080/23745118.2018.1430712.

Isozaki, Y., Yoshizawa, S., Fujimoto, Y., Ishii, H., Ono, I., Onoda, T., & Hayashi, Y. (2016). Detection of cyber attacks against voltage control in distribution power grids with PVs. IEEE Transactions on Smart Grid, 7(4), 1824-1835.

Jin, M., Lavaei, J., & Johansson, K. H. (2018). Power Grid AC-based State Estimation: Vulnerability Analysis Against Cyber Attacks. IEEE Transactions on Automatic Control.

Kohl, U., & Charlesworth, A. (2013). Information technology law. Routledge.

Lord, N. (2018). What is Cyber Security?. Available from: https://digitalguardian.com/blog/what-cyber-security.

Moga, H., Boscoianu, M., Ungureanu, D., Lile, R., & Erginoz, N. (2015). Massive Cyber-attacks Patterns Implemented with BDI Agents. In Applied Mechanics and Materials (Vol. 811, pp. 383-389). Trans Tech Publications.

Morrow, B. (2012). BYOD security challenges: control and protect your most sensitive data. Network Security, 2012(12), 5-8.

Newmeyer, K. P. (2015). Elements of national cybersecurity strategy for developing nations. National Cybersecurity Institute Journal, 1(3), 9-19.

NIST. (2018). Cybersecurity. Available from: https://www.nist.gov/topics/cybersecurity.

No, W. G., & Vasarhelyi, M. A. (2017). Cybersecurity and Continuous Assurance. Journal of Emerging Technologies in Accounting, 14(1), 1-12.

Pan, S., Morris, T., & Adhikari, U. (2015). Classification of disturbances and cyber-attacks in power systems using heterogeneous time-synchronized data. IEEE Transactions on Industrial Informatics, 11(3), 650-662.

Pipyros, K., Mitrou, L., Gritzalis, D., & Apostolopoulos, T. (2014). A cyber attack evaluation methodology. In Proc. of the 13th European Conference on Cyber Warfare and Security (pp. 264-270).

Pipyros, K., Thraskias, C., Mitrou, L., Gritzalis, D., & Apostolopoulos, T. K. (2016). Cyber-Attacks Evaluation Using Simple Additive Weighting Method on the Basis of Schmitt's Analysis. In MCIS (p. 41).

Rasekh, A., Hassanzadeh, A., Mulchandani, S., Modi, S., & Banks, M. K. (2016). Smart water networks and cyber security.

Rid, T., & Buchanan, B. (2015). Attributing cyber attacks. Journal of Strategic Studies, 38(1-2), 4-37.

Sales, N. A. (2012). Regulating cyber-security. Nw. UL Rev., 107, 1503.

Servidio, J. S., & Taylor, R. D. (2015). Safe and Sound: Cybersecurity for Community Banks. Journal of Taxation & Regulation of Financial Institutions, 28(4).

Shields, K. (2015). Cybersecurity: Recognizing the risk and protecting against attacks. NC Banking Inst., 19, 345.

Shoemaker, D., Kohnke, A., & Sigler, K. (2016). A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0): A Guide to the National Initiative for Cybersecurity Education (NICE) Framework (2.0) (Vol. 3). CRC Press.

Sittig, D. F., & Singh, H. (2016). A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Applied clinical informatics, 7(2), 624.

TechBeacon. (2018). 3 ways IT can secure against bank cyberattacks. Available from: https://techbeacon.com/3-ways-it-can-secure-against-bank-cyberattacks.

TechTarget. (2018). Cybersecurity. Available from: https://searchsecurity.techtarget.com/definition/cybersecurity.

Terlizzi, M. A., Meirelles, F. D. S., & Viegas Cortez da Cunha, M. A. (2017). Behavior of Brazilian Banks Employees on Facebook and the Cybersecurity Governance. Journal of Applied Security Research, 12(2), 224-252.

Thomas, Z. (2015). POLL: banks need global cybersecurity standards. International Financial Law Review.

Weinstein, R. (2016). Cybersecurity: Getting beyond Technical Compliance Gaps. NYUJ Legis. & Pub. Pol'y, 19, 913.

Wilson, T. D. (2011). Information Management, today and tomorrow. Cuadernos de Gestión de Información, 1, 1-5.

Zhuang, R., Bardas, A. G., DeLoach, S. A., & Ou, X. (2015). A theory of cyber attacks: A step towards analyzing MTD systems. In Proceedings of the Second ACM Workshop on Moving Target Defense (pp. 11-20). ACM.