Cybersecurity Risks and Its Regulations. The Philosophy of Cybersecurity Audit
DOI:
https://doi.org/10.24234/wisdom.v25i1.970Keywords:
philosophy of cybersecurity, risk mitigation, cybersecurity audit, virtual bank, ransomware, security standards, information technologyAbstract
Since financial institutions are leading targets of cyber attacks, the article’s main goal is to show that without dedicated action, the global financial system will only become more vulnerable as innovation, competition, and the pandemic further fuel the digital revolution. Also, the cost of cybercrime at financial institutions outpaces the cost of cybercrime in other industries. For example, according to a 2019 private study, the per-company cost of cybercrime is over $18 million for financial services companies, around 40% higher than the average cost for other sectors. If the entire system fails to address cybersecurity concerns adequately, this could lead to systemic risk – the risk that a cybersecurity incident would destabilize the financial system. The article considers the level of protection of confidential information in financial enterprises and the means of combating data leaks. In addition, the question of the need for an information technology audit, especially a cybersecurity audit, is raised.
Downloads
References
Bowcut, S. (2022, November 10). Cybersecurity in the financial services industry. Cybersecurity guide. Retrieved January 31, 2023 from https://cybersecurityguide.org/industries/financial/
Chappell, B., & Neuman, S. (2017, December 19). U.S. says North Korea ëDirectly responsibleí for WannaCry Ransomware attack. The Two-Way. Retrieved January 27, 2023, from https://www.npr.org/sections/thetwo-way/2017/12/19/571854614/u-s-says-north-korea-directly-responsible-for-wannacry-ransomware-attack
Chipeta, C. (2022, November 28). How to prepare for a PCI DSS audit in 7 steps. UpGuard. Re-trieved January 29, 2023, from https://www.upguard.com/blog/how-to-prepare-for-a-pci-dss-audit
Cybersecurity audits: Best practices + checklist (2022, April 26). Reciprocity. Retrieved February 1, 2023, from https://reciprocity.com/resource-center/best-practices-cybersecurity-audits/
Duncan, C. (2022, September 8). 5 Biggest threats to cyber security in the banking industry in 2022. Deskalerts. Retrieved February 1, 2023, from https://www.alert-software.com/blog/cybersecurity-in-bank-ing#:~:text=What%20is%20cyber%20security%20in,legal%20action%20by%20aggrieved%20customers
Karchija, A. A. (2014). Kiberbezopasnost' i intellektual'naja sobstvennost'. Chast' 1 (Cybersecurity and intellectual property, Part 1, in Russian). Voprosy kiberbezopasnosti (ìCybersecurity issuesî, in Russian), 1(2), 61-66.
Kost, E. (2023, January 10). Top 13 Cybersecurity Regulations for Financial Services. UpGuard. Retrieved February 1, 2023, from https://www.upguard.com/blog/cybersecurity-regulations-financial-industry#toc-10
Lazenby, S. (2022, October 6). DDoS attacks in the financial industry: How to protect your infra-structure and payments. Inetco. Retrieved January 29, 2023, from https://www.inetco.com/blog/ddos-attacks-in-the-financial-industry/#:~:text=In%20the%20first%20six%20months,than%20in%20all%20of%202021
Mahwah, N. J. (2022, August 17). Radware H1 2022 report: Malicious DDoS attacks climb 203%. Radware. Retrieved January 30, 2023, from https://www.radware.com/newsevents/pressreleases/2022/radware-h1-2022-report-malicious-ddos-attacks-climb/
Mazzanti, C. (2019, June 12). Keep your business secure with an up-to-date firewall. Emazzanti technologies. Retrieved January 25, 2023, from https://www.emazzanti.net/keep-business-secure-date-firewall/
Mester, J. L. (2019). Cybersecurity and financial stability. Speech, Financial Stability Conference ñ Financial Stability: Risks, Resilience, and Policy - Federal Reserve Bank of Cleveland and the Office of Financial Research. Retrieved January 31, 2023, from https://www.clevelandfed.org/newsroom-and-events/speeches/sp-20191121-cybersecurity-and-financial-stability#cf-fn-4
Michael, C. (2021, October). What is attack surface management and why is it necessary? TechTarget security. Retrieved January 30, 2023, from https://www.techtarget.com/searchsecurity/tip/What-is-attack-surface-management-and-why-is-it-necessary
NCSI (2023a). The national cyber security index: Country ranking. In NCSI. Retrieved February 1, 2023, from https://ncsi.ega.ee/ncsi-index/?order=rank
NCSI (2023b). The national cyber security index: The methodology of calculation. In NCSI. Re-trieved February 1, 2023, from https://ncsi.ega.ee/methodology/#:~:text=The%20National%20Cyber%20Security%20Index,national%20cyber%20security%20capacity%20building
Reuters. (2021, May 8). Colonial Pipeline halts all pipeline operations after cybersecurity attack. Reuters. Retrieved January 25, 2023, from https://www.reuters.com/article/usa-products-colonial-pipeline-idAFL1N2MV01W
Sabillon, R., Serra-Ruiz, J., Cavaller, V., & Cano, J. (2018, April 2). A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM). 2017 International Conference on Information Systems and Computer Science, 2017 November 23-25 (pp. 253-259). https://doi.org/10.1109/INCISCOS.2017.20 DOI: https://doi.org/10.1109/INCISCOS.2017.20
Sanger, D. E., Clifford, K., & Perlroth, N. (2021, May 8). Cyberattack forces a shutdown of a top U.S. pipeline. The New York Times. Retrieved January 25, 2023, from https://www.nytimes.com/2021/05/08/us/politics/cyberattack-colonial-pipeline.html
Schwartz, M. J. (2016, March 10). Bangladesh bank hackers steal $100 million. Data Breach Today. Retrieved January 20, 2023, from https://www.databreachtoday.com/bangladesh-bank-hackers-steal-100-million-a-8958
Shacklett, M. E. (2021, November). What is multifactor authentication and how does it work? Tech-Target security. Retrieved February 1, 2023, from https://www.techtarget.com/searchsecurity/definition/multifactor-authentication-MFA
Stepanyan, K. (2022, October 5). Addressing the complexities of cybersecurity at fintech enterprises. Isaca Journal, Vol. 5. Retrieved February 1, 2023, from https://www.isaca.org/resources/isaca-journal/issues/2022/volume-5/addressing-the-complexities-of-cybersecurity-at-fintech-enterprises
Tan, H. T., & Libby, R. (1997). Tacit managerial versus technical knowledge as determinants of audit expertise in the field. Journal of Accounting Research, 35(1), 97-113. https://doi.org/10.2307/2491469 DOI: https://doi.org/10.2307/2491469
Terry, R. (2021, August 19). Financial services: Web application attacks grow by 38% in first half of 2021. Imperva. Retrieved January 31, 2023, from https://www.imperva.com/blog/financial-services-web-application-attacks-grow-by-38-in-first-half-of-2021/
The Central Bank of the RA (2013). ìTeghekatvakan anvtangutíyan apahovman nvazaguyn pahan-jneri sahmanman veraberyal kargyî hastatelu masin HH KB 173-N voroshum (ìProcedure on the definition of minimum information security requirementsî, in Armenian). Retrieved January 31, 2023 from https://www.arlis.am/documentview.aspx?docid=84836
Tunggal, A. T. (2022, November 24). What is third-party risk management? TPRM clearly explained. UpGuard. Retrieved January 28, 2023, from https://www.upguard.com/blog/third-party-risk-management
Vailshery, L. S. (2022, November 22). Number of internet of things (IoT) connected devices worldwide from 2019 to 2030. Statista. Retrieved January 29, 2023, from https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/
Van Remoortel, F. (2016, November). Financial institutions and the general data protection regula-tion. Financier Worldwide. Retrieved January 29, 2023, from https://www.financierworldwide.com/financial-institutions-and-the-general-data-protection-regulation#.Y9uyWHZBxaS
What is a cybersecurity audit and why is it important? (2022, August 11). Easydmarc. Retrieved February 1, 2023, from https://easydmarc.com/blog/what-is-a-cybersecurity-audit-and-why-is-it-important/
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Liana GRIGORYAN, Lilit MIRZOYAN
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Creative Commons Attribution-Non-Commercial (CC BY-NC). CC BY-NC allows users to copy and distribute the article, provided this is not done for commercial purposes. The users may adapt – remix, transform, and build upon the material giving appropriate credit, and providing a link to the license. The full details of the license are available at https://creativecommons.org/licenses/by-nc/4.0/.