Banking is a significant sector of national infrastructure and economy. Therefore, it is important to enhance safe consumer online banking as it is the basis of trust and efficient transactions globally. As a member of the Treasury, it is important to mitigate the increasing cases of cyber-attacks targeting the US banking To: Chartered Presidential Approved Group
system. Below is a 10-step approach to improve the resilience of the banking sector and ensure a safe network for consumers and banking operations.
Step 1 – Training employees on cyber-attacks, threats, and vulnerabilities to the threats
Through certification, all information systems personnel will demonstrate their proficiency in secure computing operations. Before gaining access to the network, IT employees must pass a nationally recognized certification exam based on their level of responsibility.
Step – 2. Background check on employees
Before the onboarding procedure, the organization will conduct a background investigation on every employee. The approach will be required of any employee holding a position of trust.
Adding trustworthy people to the network’s positions is the only method to create a trustworthy network.
Step – 3. Conducting social engineering training
Social engineering training will be provided to all staff members at least twice a year. Social engineering is one of the common methods that hackers use to trick inexperienced employees into accessing to network by breaching security practices (Hijji & Alam, 2022). The training ensures that employees are aware of the hackers targeting to extract information from an inexperienced worker in social engineering. The organization will ultimately increase awareness to build a team of cyber-defenders and limit the possibilities of socially engineered cyber-attacks.
Step 4 – Networks will be subject to vulnerability scanning and penetration testing and ensure stringent policies and deadlines for fixing flaws. Third-party penetration testing can identify the back doors and other network vulnerabilities that hackers can use to enter any network. Using a third party limits the possibility of an insider attack and provides an objective assessment of all network vulnerabilities (Aslan, 2022). Patching and testing of vulnerabilities strengthens the network and ultimately results in a more resistant network to attacks.
Step 5 – Legislation on architecture and design of network
The network’s architecture and design must adhere to stringent government regulations to be eligible for federal insurance. The approach will directly support the previous step that focuses on strengthening the network. A banking institution must meet or surpass all network security compliance standards to be eligible for FDIC insurance.
Step 6 – Mandatory authentication
All interfaces based on customers and employees will require multifactor authentication (MFA). This implies that you need to meet various identity verification requirements to be granted access to the network. The procedure can be a combination of PINs, hard tokens, security questions, and biometrics in addition to the login and password.
Step 7 – Internal and third-party monitoring
Network activity must be monitored both internally and by outside parties to enforce safe computing practices. Cyber security personnel should be notified of any risky behaviors so that they can be monitored or shut down to collect proof. Employers and customers can avoid risky computing by utilizing firewalls and numerous other IT products.
Step 8 – Mandatory development of resiliency and automation strategies
The use of mandatory resiliency and automation solutions will guarantee the prompt restoration of regular operational conditions following any kind of network disturbance. Building redundant networks is essential to providing excellent customer service and will be crucial to banking operations.
Step 9 – It is mandatory to implement physical security measures in locations with network servers, switches, or routers. An attacker can use such locations to launch a direct assault on the network or a denial of service attack, among other types of disruptions.
Step 10 – The last step is mandatory risk management and impact analyses before and after the network infrastructure is fully constructed. The approach will facilitate the appropriate distribution of resources and guarantee that identified vulnerabilities are equipped with the necessary threat-mitigation tools. Additionally, this helps executives comprehend the second and third orders of impact in the event of a network breach.
Conclusively, the resilience of the banking sector is significant in safeguarding the stability and integrity of the US financial system. The end user poses the greatest risk to any network as it is most likely that hackers will launch an attack on the end user before hiding to gain access (Li & Liu, 2021). Therefore, end-user certification and training are crucial to mitigate the risk. The potential for destruction is virtually endless once a hacker has all the necessary data and gains access to the network. The network’s ease of access is the second-biggest danger factor. Regular and random audits of IT personnel rights and privileges are required as they will guarantee restriction on access.
References
Hijji, M., & Alam, G. (2022). Cybersecurity Awareness and Training (CAT) Framework for Remote Working Employees. Sensors, 22(22), 8663.
Aslan, Ö. (2022). Computer System and Third-Parties Vulnerabilities Increase the Risk of Cyber Attacks. International Congress of Academic Research. Retrieved https://www.researchgate.net/publication/358883187_Computer_System_and_Third-Parties_Vulnerabilities_Increases_the_Risk_of_Cyber_Attacks
Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176-8186.
write