Article Preview
TopIntroduction
The growing network complexity and proliferation of devices could lead to widespread vulnerabilities in civilian infrastructures and U.S. government systems….. (Director of National Intelligence (Borghard, 2018))
The Director of National Intelligence and agency directors from the National Security Agency, Central Intelligence Agency, and the Federal Bureau of Investigations recently testified to Congress that malicious cyber activity conducted by adversaries is concerning to the U.S. national security and the top security priority for the Intelligence Community (Borgard, 2018). Malicious threat actors, in the form of nation states, terrorists, cybercriminals, and hacktivists continue to interrupt the U.S. financial sector, which is the nation’s bedrock (OFR, 2017; Borghard, 2018). The U.S. banking system amassed $17.4T in assets and $164.8B in 2017, which supported the most diversified banking and financial industry (“The Financial Services,” n.d.). Degrading or disrupting the U.S. financial sector will lead to financial instability (Borghard, 2018) not only in America but across the globe because the domestic and international financial ecosystem is interconnected and susceptible to cybercrimes. Defying the U.S. national security threatens the sovereignty and democracy of our nation. Sixty-four percent of Americans and more than 2 billion online users have had their sensitive information compromised (Lewis, 2018). An FBI official postulated that cybercriminals target the U.S. due to the amount of information stored on our systems, networks, devices, and in the data centers (Palmore, 2019).
The growing dependence on information communication technology requires financial institutions to leverage information systems and platforms with known cyber vulnerabilities in which cyber-attacks originate from poor system designs and substandard quality control (Clark, Berson, & Lin, 2014). Given that private organization's design information technologies, these entities are just as much involved in securing the U.S. financial sector as the government (Clark, Berson, & Lin, 2014). Loughery (2013) asserted that Congress has failed to conjure any legislation leading to efforts to curtail cybercriminals targeting of the U.S. financial sector and other critical infrastructures.
The U.S. financial industry is the nation’s underbelly to building and maintaining a healthy and thriving economy. Carter (2017) asserted that financial services is the fastest-ascending market in cybersecurity as indicated by a 67% increase from 2013 to 2016. Cybersecurity spending in the U.S. is forecasted to hit $68B between 2016 to 2020 (Carter, 2017). Financial services firms are paying $18M per cyber-attack compared to $12M paid by other industries; consequently, financial firms are attacked 300 more times than other domains (Mirchandani, 2018). Banks are predominantly targeted with denial of service (DoS) attacks, spear phishing, and malware as 90% of financial institutions reported observing ransomware as another viable attack vector (Mirchandani, 2018). While hacktivists attempted the most attacks on financial entities at 80% with a 1% success rate, were less effective than cybercriminals who had a 20% success rate; however, nation-sponsored cyber-attacks had the highest success rate at 98% (Mirchandani, 2018).