Hands-On Cybersecurity for Finance

By Dr. Erdal Ozkaya , Milad Aslaner
    What do you get with a Packt Subscription?

  • Instant access to this title and 7,500+ eBooks & Videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Free Chapter
    Introduction to Cybersecurity and the Economy
About this book

Organizations have always been a target of cybercrime. Hands-On Cybersecurity for Finance teaches you how to successfully defend your system against common cyber threats, making sure your financial services are a step ahead in terms of security.

The book begins by providing an overall description of cybersecurity, guiding you through some of the most important services and technologies currently at risk from cyber threats. Once you have familiarized yourself with the topic, you will explore specific technologies and threats based on case studies and real-life scenarios. As you progress through the chapters, you will discover vulnerabilities and bugs (including the human risk factor), gaining an expert-level view of the most recent threats. You'll then explore information on how you can achieve data and infrastructure protection. In the concluding chapters, you will cover recent and significant updates to procedures and configurations, accompanied by important details related to cybersecurity research and development in IT-based financial services.

By the end of the book, you will have gained a basic understanding of the future of information security and will be able to protect financial services and their related infrastructures.

Publication date:
January 2019


Introduction to Cybersecurity and the Economy

The relationship between cybersecurity and the economy has only been growing stronger, with cyber attacks on the rise. Cyber attacks have brought a new recognition of the importance of cybersecurity efforts. Attacks have now become widespread, common, and expected in some firms. New attacks are emerging within weeks due to an underground economy that has seen specialists create built-to-sell malware to a waiting list of cyber criminals. The impacts of cyber attacks have been felt and there are reports that these attacks are only going to get worse. The current and forecasted impacts are a devastation to the global economy. Here, we will introduce cybersecurity and link it to cyber attacks and the global economy. In this chapter, we will cover the following topics:

  • What is cybersecurity?
  • The scope of cybersecurity
  • Terminology related to the cybersecurity world
  • General description of hacking groups, cyber criminals, and cyber espionage
  • Importance of cybersecurity and its impacts on the global economy
  • Financial repercussion of reputational damage caused by cyber attacks
  • Digital economy and related threats

What is cybersecurity – a brief technical description?

Cybersecurity can be summarized as efforts aimed at preserving the confidentiality, integrity, and availability of computing systems. It's the practice of affording security to networks and systems to protect them from cyber attacks.

According the definition of cybersecurity by Cisco, (https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html), cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.

Cyber attacks have been on the rise and are targeted at accessing, modifying, or deleting data, money extortion, and the interruption of normal services. Cybersecurity is of great concern to today's businesses since there has been a high adoption of information technology to achieve efficiency and effectiveness in business operations. The current business environment is such that there are many devices, systems, networks, and users. All these are targeted by cyber criminals, and multiple techniques have been devised and used against them. Cyber attacks are only becoming more effective and sophisticated. Therefore, cybersecurity is becoming a survival mechanism rather than a luxury for many businesses. Cybersecurity has multiple layers, which cover devices, networks, systems, and users. These layers are intended to ensure that these targets are not compromised by attackers. In organizations, these layers can be compressed into three categories: people, processes, and technology.


This is the category that includes users. Users are known to be particularly weak in the cybersecurity chain. Unfortunately, cyber criminals are aware of this and often target them rather than systems during attacks. Users are the culprits in creating weak passwords, downloading attachments in strange emails, and easily falling for scams.


This category encompasses all the processes used by the organization. These can include business processes, such as the supply chain, that could be exploited by attackers to get malware inside companies. Supply chains are, at times, targeted in organizations that are well secured against other methods of being attacked.


Technology relates to both the devices and software used by an organization. Technology has been a prime target for cyber criminals and they have developed many techniques to compromise it. While security companies try to keep abreast of the threats facing technology today, it seems that cyber criminals have always had the upper hand. Cyber criminals can source new types of malware from underground markets and use them in multiple attacks against different technologies.


The scope of cybersecurity

The importance of cybersecurity can't be overstated. The world is in a state of interconnection, and therefore an attack on one host or user can easily become an attack against many people. Cyber attacks can range from the theft of personal information to extortion attempts for individual targets. For companies, many things are always at stake. There is, therefore, a broad scope of what cybersecurity covers for both individuals and corporate organizations—let's look at this in more detail.

Critical infrastructure security

Critical infrastructure is systems that are relied on by many. These include electricity grids, traffic lights, water supply systems, and even hospitals. Inevitably, these infrastructures are being digitized to meet current demands. This inadvertently makes them a target for cyber criminals. It is, therefore, necessary for critical systems to have periodic vulnerability assessments so that attacks that can be used against them can be mitigated beforehand. There have been several attacks on critical infrastructures in different countries. Commonly-targeted sectors include transport, telecom, energy, and the industrial sector. The most significant one was on Iran's nuclear facility. The facility was targeted using a speculated state-sponsored malware called Stuxnet. Stuxnet caused the total destruction of the nuclear facility. This just highlights the effect of cyber attacks against critical infrastructure.

The following is an excerpt from an article that describes the malware attack on Iranian nuclear facility computers (https://www.engadget.com/2014/11/13/stuxnet-worm-targeted-companies-first/):

Once the malware hit their systems, it was just a matter of time before someone brought compromised data into the Natanz plant (where there's no direct internet access) and sparked chaos. As you might suspect, there's also evidence that these first breaches didn't originate from USB drives. Researchers saw that Stuxnet's creators compiled the first known worm mere hours before it reached one of the affected companies; unless there was someone on the ground waiting to sneak a drive inside one of these firms, that code reached the internet before it hit Natanz.

Network security

There is no way businesses can be conducted without networks today. Countries that have isolated themselves from internet connectivity have been left behind financially, since a big part of the global economy is currently powered by the internet. North Korea is an example of one country where the internet is highly restricted and only accessed by a few people. However, having connectivity to networks comes with its own cons. Individual and corporate networks have been subjected to unauthorized access, malware, and denial of service from cyber criminals. There are some techniques that can be used to perform actions on networks that can hardly be detected by network admins without the use of tools such as intrusion-detection systems. Other cyber attacks include sniffing packets, theft, and manipulating data during transit. The tools that are being used to protect against network security threats have become overwhelmed with the amounts of traffic that they have to filter. They have also been facing challenges due to the number of false positives that are getting reported. Because of this, security companies are turning to new technologies, such as machine learning, to enable them to detect malicious and abnormal traffic in a more efficient and effective manner.

Cloud security

Among the new technologies that are receiving massive adoption is the cloud. The cloud allows organizations to access resources that they could previously not access due to the financial constraints of acquiring and maintaining the resources. It's also a preferred option for backing up due to its reliability and availability compared to other backup options. However, the cloud has its own set of challenges where security is concerned. Organizations and individuals are concerned about the theft of their cloud-stored data. There have already been incidences of data theft in the cloud. Cloud security ensures that cloud users can secure their data and limit the people that can access it.

According to McAfee security, as many as one in every four organizations has been a victim of cloud data theft (https://venturebeat.com/2018/04/15/mcafee-26-of-companies-have-suffered-cloud-data-theft/) :

Enterprises are moving their data to the cloud, but not everybody is certain that the cloud is as secure as it could be, according to the third annual report on cloud security from cybersecurity firm McAfee. This is due in part to the fact that one in four companies has been hit with cloud data theft.

Application/system security

Many business processes are run with the aid of applications or systems. However, these systems have introduced a weak point in organizations. If these systems are hacked, they can lead to the halting of services or production activities, theft of business secrets, and loss of money. A study by Trustwave SpiderLabs in 2017 revealed that 100% of randomly-selected and -tested web apps had at least one vulnerability. App security is, therefore, receiving attention in many organizations that have set up cybersecurity strategies.

A 2017 study showed that 100% of sampled web apps had at least one vulnerability (https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/don-t-sleep-on-web-applications-the-5-most-common-attack-types-and-how-to-better-defend-them/):

In fact, a stunning 100 percent of web apps that the Trustwave SpiderLabs team tested in 2017 contained at least one vulnerability.

User security

As said before, these are the weakest weak points, and they are particularly hard to protect since they are targeted using social-engineering techniques. These techniques cannot be prevented by using security tools. Attackers get to users through normal interactions, using media such as phones, emails, or face-to-face encounters. Organizations have lost a lot of money due to their employees being attacked using social-engineering attack methods. Therefore, user-awareness programs have been incorporated into most cybersecurity strategies.

Internet of Things security

Internet of Things (IoT) is an emerging technology that has been plagued with security threats. However, its practicality has seen it being adopted in many organizations despite the security challenges. IoT devices have been shipping in an insecure state, which poses threats to organizations and individuals. Cybersecurity has therefore been extended to cover this threat landscape.


Here are some terms related to the cybersecurity world:

  • Cybercrime: Any crime that involves the use of a computer as the object of a crime or as an accessory used to commit a crime. The perpetrators of such a crime are known as cyber criminals. They mostly use computer technology to illegally access sensitive information, scam, or carry out malicious actions.
  • Ransomware: Malware built to extort money from victims by blocking access to their computers and files until they pay a ransom amount. However, the payment of the ransom is never a guarantee of file recovery.
  • Malware: Malicious software. There are three categories of malware: viruses, worms, and Trojans. These are used to either allow unauthorized access or to damage computers.
  • Social engineering: An attack technique that is increasingly being used by cyber criminals to manipulate people into revealing some information or carrying out some actions. The end goal is either monetary gain or access to sensitive information, such as business secrets.
  • Phishing: A common exploitation attack that involves sending fraudulent emails, that claim to be from reputable sources, to users. Phishers aim to get sensitive data or money from their targets. With advancements in technology, phishing attacks are becoming more sophisticated and advanced, and thus more successful.
  • Botnet: A network of zombie devices that have been infected with malware to make them perform certain tasks, such as denial of service attacks. Personal computers were once key targets for recruitment in botnets, but since the introduction of IoT devices, hackers have been shifting focus to this largely insecure technology. A particularly dreadful botnet is the Mirai botnet, which is made up of IoT devices and has been used in several attacks.
  • Data breach: A corporate network is attacked by cyber criminals and some valuable data is stolen. In many cases, customer authentication details, addresses, and their financial information is stolen. Stolen data is valuable and can be sold in black markets or ransomed. Even when the stolen data is encrypted, hackers can find ways to decrypt it, especially if the encryption algorithm was weak.
  • DDoS attack: Attackers target a machine with an overwhelming number of requests, thus clogging its bandwidth and ability to respond to legitimate requests. DDoS attacks are carried out by botnets, which have been discussed previously. DDoS attacks can be used as a diversion technique where hackers cause security personnel to focus their efforts on recovering from the DDoS attack while another attack is taking place.
  • Spyware: Malware used to spy on people for the purposes of obtaining their personal information, login credentials, or other sensitive information. They mostly infect browsers or come hidden in apps and programs. For mobile devices, malware can use GPS sensors to communicate back the whereabouts of a user's device, and they can also access the call history and SMS.

General description of hacking groups and cyber espionage

Hacking groups and cyber espionage have frequently featured in cybersecurity reports; here, we will discuss both of them.

Hacking groups

Hacking groups have been active with their engagements in both legal and illegal activities. Legal activities are those that don't violate any government regulations, such as the spreading of user awareness, while illegal activities violate government regulations, such as electronic fraud. Hacking groups are an association of hackers that act in unison during cyber attacks. Due to their unity during attacks, they are often more successful than solo attackers. There has been significant activity from hacking groups that has led to both good outcomes, such as user awareness, and bad outcomes, such as the theft and destruction of data. Here are some famous hacking groups:

  • Shadow Brokers: A notorious hacking group known for taking the fight directly to law-enforcement agencies. This group has taken credit for attacks against the US National Security Agency (NSA) many times. In their hacks, the Shadow Brokers have released to the public some of the alleged NSA hacking arsenal, which comprises exploits, bugs, and malware. This hacking group is associated with one of the most dreadful ransomware attacks. The group hacked the NSA and released an exploit called EternalBlue, which could be used against Windows computers. The exploit was released in March 2016 in black markets, and in May, hackers had already used it as part of the WannaCry ransomware attack. This is the exploit that made the encryption mechanism to execute by the Windows OS security mechanisms. The NSA was partially blamed by Microsoft for harboring these exploits instead of notifying the company so that they could be fixed. Shadow Brokers have not been associated with any illegal activity that targets corporate organizations or individuals. It seems that their main target is the NSA, due to speculations that this agency continually stocks exploits that it can use for espionage purposes inside and outside the US.
  • Bureau 121: This hacking group is said to be from North Korea, which contradicts the common assumption that North Korea is lagging behind technologically. Defectors from North Korea have said that there are military hackers that are well-paid in the country to keep up with hacking operations. The group is said to be massive, with over 1,500 people who work outside North Korea. The group has attacked South Koreans through apps and websites, and has even destroyed banking records. They said to be behind the 2015 Sony hack, which cost the company $15,000,000. The hack came just after Sony released a movie that had depicted Kim Jong-un in a bad light.
  • Anonymous: The most recognized hacking group in the world. It's said to be from 4chan and has, over the years since 2003, grown in number and capabilities. The group operates in a decentralized manner, and even if one of their members is arrested, there are more than sufficient personnel to keep the group running. The group is associated with a hacktivist movement that takes the form of vigilante actions. The group has played a role in anti-child-pornography movements, where its members have brought down numerous websites that offer such content. What makes Anonymous so special is that it has been adopted as an idea rather than a hacking group. Therefore, it has received adoption around the world and has a higher chance of staying relevant. This group has been branded with the iconic Guy Fawkes mask.

Apart from these hacking groups, there are many others. Some emerge and then cease to exist once their top leaders are arrested. Hacking groups are not necessarily evil since some of them hack with good intentions. However, they are still a threat to cybersecurity since they use tools and techniques that can be ultimately harmful to users and computers.

Cyber espionage

This is a growing cybersecurity problem where cyber criminals target an organization in an attempt to steal information that could be used by competitors or to undermine the company. Companies worldwide have fallen victim to these types of hack, where their business secrets are stolen by foreign countries. Manufacturing companies that have fallen victim to cyber espionage have seen counterfeits of their products being released at cheaper prices in overseas markets. Cyber espionage is becoming an economy menace since it affects the revenues of many organizations. It's estimated that a large number of organizations that have fallen victim to cyber espionage still don't know that they're victims.

In some incidents, cyber espionage has been directly attributed to hacking groups. There are fears, however, that some espionage attacks are state-sponsored. Some countries have been accused of having special units that conduct cyber-espionage attacks.


Cybersecurity objectives

The aim of cybersecurity is to ensure that the confidentiality, integrity, and availability of data and systems is preserved. This section discusses the different objectives of cybersecurity.

Importance of cybersecurity and its impacts on the global economy

Cybersecurity has of vital importance today ever since the world was networked. Many processes in organizations are enabled by interlinked technologies. However, the penetration of technology into normal lives and organizational processes has introduced people to cyber threats. With every improvement in technology, the threat of cyber attacks increases. New technology, such as IoT, have met the harsh reality of cybercrime. However, current cybersecurity efforts ensure that the use of technology is not hindered by cyber criminals. There are several reasons why organizations and individuals are emphasizing cybersecurity; they are outlined here.

The number of cyber attacks is growing

With the rapid development of technology, the number of cyber attacks has been growing exponentially. Cybersecurity reports show that, each year, there is a rise in the number of threats that have been detected for the first time. There are specialists in underground markets that have focused on creating new types of malware that they sell to hackers. Cyber criminals are spending long hours doing background research on individuals and organizations to find weaknesses that they can target. Social engineers are perfecting their manipulation tactics to help them net more victims. At the same time, users have not significantly improved or taken individual responsibility for their own security or that of the companies they work for. The only hope in securing individuals' data, money, and systems lies in enhancing cybersecurity. With all the developments on the part of cyber criminals, cybersecurity is fast becoming a necessity.

Cyber attacks are getting worse

Cybercrime has evolved from what it used to be. The aftermath of a cyber attack today is often devastating, as can be seen from the companies that have fallen prey to cyber criminals. Yahoo lost its value after it was confirmed that cyber criminals had penetrated its systems and stolen the data of 3,000,000,000 users. Ubiquiti Networks lost over $40,000,000 to cyber criminals that executed a social-engineering attack on its employees. Many other top companies have lost sensitive data to hackers. Individuals are not spared either. The WannaCry ransomware indiscriminately encrypted individuals' and organization' computers in over 150 countries. In general, cybercrime is getting worse. More money is involved, and huge chunks of sensitive data are being stolen. The targets are not limited to small organizations, since big companies, such as Uber and Yahoo, have already fallen victim. Cybersecurity is therefore essential for organizations and individuals.

Impacts on the global economy

The economic implications of cyber attacks are being felt on a global scale. Organizations are losing billions of dollars to attacks every year. Forbes has estimated that with the current pattern, cybercrime will cost the globe $2,000,000,000,000,000,000 in 2019. In 2015, this number was only at $400,000,000. Prior to the estimate from 2015, early estimates done in 2013 reported that cybercrime only costs $100,000,000 globally. As can be seen, the pattern has been such that the cost keeps growing. The World Economic Forum has taken note of this, and with concern. It has warned that the figures could be higher since a large percentage of cybercrime goes undetected. It has identified industrial espionage as one crime where many victims don't even know that they're victims.

As per the estimation of the cost of cybercrime by Steve Morgan (https://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#466996b73a91), from 2013 to 2015, the cost of cybercrime has quadrupled, and it looks like there will be another quadrupling from 2015 to 2019. Juniper research recently predicted that the rapid digitization of consumers' lives and enterprise records will increase the cost of data breaches to $2,100,000,000,000,000,000 globally by 2019 (https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion).

Estimation of financial losses related to cybercrime

The financial losses related to cybercrime are incomparable to the cost of cybersecurity. While cybersecurity costs remain almost constant, cybercrime costs increase every year. In 2017, it was estimated that annual breaches had increased by 27.4%.

Accenture has estimated the cost of cybersecurity for the year 2017, as follows:

These numbers are more than just a statistic. It shows that more organizations will fall victim to cybercrime in 2018 than in 2017. The average cost of a breach or malware attack on an organization is currently at $2,400,000. However, this number is just an average. There are organizations that lose much more than that. Take, for instance, the Sony attack that happened in 2015: the organization lost a whopping $15,000,000 due to the attack; the Ubiquiti Networks case led to a $40,000,000 loss. Therefore, the average cost of a cyber crime should not be used to depict the reality, since some companies lose several times the average.

The time it takes to resolve a cyber attack is becoming longer than ever. It now takes an average of 23 days to recover from a ransomware attack. Insider threat attacks take up to 50 days to recover from. DDoS attacks take only a few days to recover from, but by then a lot of damage will have been done. In general, the attack duration has increased and that adds to the effects on the victims. The financial consequences can only go higher with more exposure time to an attacker.

Globally, the US has witnessed the highest average cost of cyber attacks. The country's average has been higher than the global average since 2017, when it was estimated at $21,000,000. This estimate has grown from $17,000,000 in 2016. The second country in the ranking of those with the highest cost of cybercrime is Germany; it jumped from $7,800,000 in 2016 to $11,500,000 in 2017. Japan is third, with an estimated cybercrime cost of $10,000,000. The UK, France, and Italy follow with estimates of $8,000,000, $7,900,000, and $6,300,000, respectively.

The following screenshot estimates cybersecurity costs by Accenture:

There are also other financial losses that arise from cybercrime that cannot be directly estimated. The loss of customer loyalty is a hidden impact that can have financial consequences. Fewer customers directly translates to lower revenue. Lost reputation is another impact that leads to financial loss. Without a good reputation, very few clients will choose to do business with a company that's perceived to be unsecured. Legal fees from cases relating to loss of user data also add to the financial consequences of hacks that a company has to meet. These fees, therefore, make cybercrime very costly to organizations.

Finance and cybersecurity

There is a strong relationship between finance and cybersecurity. Finance can be viewed in two perspectives in line with cybersecurity. Finance is used to procure cybersecurity products that can be used to prevent cybercrime. Finance is also a direct victim of cyber attacks. Therefore, it continues to be linked to cybersecurity. There have been attacks targeted specifically at the finance departments in organizations. Other than this, Chief Finance Officers (CFOs) are having to work closely with Chief Information Security Officers (CISOs) in organizations to ensure that they adequately fund their cybersecurity endeavors. Today, the links between finance and IT are closer than ever.

Critical dependency of business, processes, and IT infrastructure

Today, business is run through computer systems that coordinate processes from different business lines, while making the individual processes more efficient and effective. For instance, in a production company, the supplies department has to be linked with the production department, which then has to be linked with the sales department. This type of chain will ensure that the supply department has already procured input before the production department depletes the ones it has. The production department will control its output depending on the sales such that there is no over-production. To ensure that these three departments continue to operate smoothly, the organization might acquire enterprise resource planning (ERP) systems that will be integrated. The ERPs will ensure that the supplies department automatically gets notified when the production department needs more input. The production department will get actual and forecasted sales to ensure that it doesn't overproduce products that may go to waste. The ERP solution will be the backbone of all this coordination between departments.

This hypothetical example is just a snapshot of what takes place in actual organizations. Different departments are linked using IT systems. When these systems are down, business processes in different business lines will be affected. Therefore, it's in the best interest of all organizations to ensure that IT systems are running as expected at all times. Another critical linkage between departments is the internal network. Organizations that have branches in different places normally want to ensure that data stored in different physical locations can easily be accessed. Therefore, a WAN is established to keep all branches connected. If this network goes down, many operations can't take place. There are other components of the IT infrastructure in an organization that are equally important for the functioning of day-to-day operations. If these components go offline, operations can't go on as usual. This is the current state in most organizations. To survive in the current business environment, it has become necessary to make IT a resource. There are some industries where competitiveness is only judged by the systems that an organization has.

With a good view of the current dependence of businesses on IT infrastructures, one can appreciate the consequences of having components of the infrastructure failing or being attacked. Without some critical components, such as ERP systems, networks, and computers, business operations can come to a halt. One of the main reasons IT systems go down is cyber attacks. There are other causes, such as natural disasters, human error, and normal failures. However, of major concern today is attackers targeting the IT infrastructure. Not only can they stop operations, attackers can purposefully destroy the infrastructure. This will in turn cripple the organization. Therefore, organizations resort to protecting their IT infrastructures, since they cannot afford to lose some of the functionalities that are supported by the different components of the infrastructure.

Economic loss

As a consequence of the increasing cost of cybercrime, there has been a resultant loss in global and local economies. Based on estimates from McAfee, it is expected that 2018 will see 0.8% of the global economy gross domestic product being lost to cybercrime. This is estimated at $600,000,000,000. Estimates for 2019 show that the economic loss will hit the trillion-dollar mark. This shows that the economic impact of cybercrime is only getting worse. In 2014, the estimated loss was at 0.7% of the global economy. The US has seen a relatively constant increase in the number of cybercrimes reported. Europe, however, has seen the highest rise in cybercrime. It might appear that cyber criminals were once not particularly focused outside the US market. With time, there has been an influx of hacking activity, and the hacks have sporadically grown in the previously-unexplored Europe region. Also, since the US has seen consistent cybercrime, organizations have been preparing themselves for the attacks. Europe is now facing the highest economic loss to cybercrime. An estimated 0.84% of its regional gross domestic product has been lost to cybercrime. In the US, the percentage is at 0.78%.

There are several reasons why the economic loss due to cybercrime seems to be going up. To begin with, there are more cybercrime tools being released. The new cybercrime tools are more effective. As was explained in the Hacking groups section, the most damaging ransomware attack thus far was successful due to the use of a three-month-old exploit that had been stolen from the NSA by a hacking group. Another reason for the increase of economic losses is because of the adoption of new technologies by threat actors. These technologies enable them to decrypt encrypted files, gain access to systems without causing alarms to be raised, and overwhelm security tools, among other things. Another driver for the increased economic loss is the growing sophistication of hacks. A good example is phishing. Phishing has evolved over time. Years ago, it was done through plaintext email, which narrated an unfortunate occurrence and asked the recipient to offer some assistance to the person in peril. Early phishing emails were characterized by grammatical errors and an outright feeling of vagueness. However, phishing has recently developed a new face. It's done through professionally-formatted HTML emails that resemble those of legitimate companies. Phishing emails contain links to cloned websites that have a similar look, feel, and interactive quality to legitimate websites. The targets don't know when they're handing over their information to hackers or sending money to them. This type of revolutionary development in attack techniques has also been witnessed in other types of attacks. This has led to a high number of successful attack. For example, the number of victims of the IRS scam of 2017 was around 170,000. This is a number that didn't exist five years ago since these types of phishing attacks hadn't been used.

Banking and financial systems – changes from a risk and security perspective

Banking and financial systems have been the targets of cyber criminals. There are listings on some underground economies of malware that can be used against automated teller machines to cause them to spit out cash. There are malware that can be used to intercept the communication between bank servers and customers to steal sessions or login information. There are malware that have been developed to spy on users once they visit certain banking websites. There are phishing scams that have been specifically targeted at customers of certain online banks and payment systems. These are just a few of the threats that are facing banks and have caused them to innovate their risk and security perspectives. The following is a screenshot of a PayPal phishing email:

Banks have had to upgrade their machines and operating systems used to control their ATMs to prevent malware attacks that can cause money to be stolen. They recognize that there are hackers conversant with the systems used by ATMs, who can easily break into these systems and steal money directly from the machines. Banks have also come to recognize that there are threats with the transmission of data on the internet in plaintext form. Therefore, they have switched to secured HTTP to ensure that data is encrypted from the source to the destination. Therefore, a user's input for logging in cannot be stolen while in transit. This is a risk that they didn't have to contend with in the past, but now are forced to. Antivirus companies are creating browser add-ons that can be integrated with common browsers to detect and remove spyware, or to prevent any spying activities from taking place during data entry into websites. Previously, spyware was not a risk but today security companies have to respond to it. As for the phishing scams, banks have been spreading user awareness to prevent users from falling for scams. There has been a PayPal scam doing the rounds, with emails and websites that are similar to the legitimate PayPal sites and they have caused many users to lose money. Years ago, these scams didn't exist, but today banks have to pay attention to them so as to keep their users secure. In short, there are many changes taking place in banking and financial systems to account for new risks and security threats that didn't exist or weren't as serious in the past.

Data breach means money

When an organization is breached, data is stolen, and then it is leaked, the end result is the exchange of money. Therefore, data leakage almost always translates to money. The beneficiary of a data leak is the hacker. The hacker has everything to gain from the leaked data. The hacker could hold the stolen data ransom and ask the victim to pay so that the data isn't released or sold in underground markets. This has happened several times. A Dubai bank was once threatened by a hacker that they would release bank records that had been hacked from the bank's website. The bank defied the orders to send a ransom amount to the hacker, and the end result was that sensitive information was released on Twitter by the hacker. Another way that a hacker can make money out of a data breach is by selling it to third parties. When Yahoo was hacked and data belonging to 3,000,000,000 users stolen, it was listed for sale in dark markets. Black markets on the darknet are almost always the place where stolen data is sold. There are willing buyers for stolen data even if it's encrypted. The buyers tend to either be advertisers or other cyber criminals. Advertisers will use the stolen data to create profiles of people that they can advertise to some products. Cyber criminals will, on the other hand, try to user details, such as login credentials, to hack the user whose data has been stolen.

The other cashflow in a data breach relates to the loss of money from the victim organization. When a data breach occurs, and either user data or personally identifiable information is lost, the victim organization can be sued by the users. It is the responsibility of the organization that collects user data to ensure that this data is secured at all times from theft. There have been cases where users have dragged some companies to court after a data breach. Courts often side with users as they are the most aggrieved parties when personal data has been stolen. Financial loss also occurs to the victim organization due to the loss of credibility, reliability, and trust that customers had in it.


Financial repercussion of reputational damage caused by cyber attacks

A good example of how a cyber attack can damage a company's reputation can be drawn from Yahoo. Since Yahoo's cyber attack resulting in the theft of a whopping 3,000,000,000 accounts' data, the company significantly lost reputation and value. Verizon, the company that wanted to buy Yahoo, slashed $350 million from the amount that it had offered to acquire the company. There was also a mass exodus of users from Yahoo to rival companies such as Gmail. Today, fewer people want to create a Yahoo account, due to the thought of hacking and data theft. Yahoo serves as a lesson to many organizations of just how badly cyber attacks can damage the reputation of an organization.

Therefore, the financial repercussions of the loss of a good reputation as a result of a hack are real and more pronounced than other types of attack, such as physical theft. The first repercussion of loss of reputation is the loss of customers. Today, Yahoo barely controls the market share that it used to control prior to the hack. Users are scared of their data being stolen by hackers. Yahoo has repeatedly been hacked, such that the security controls put in place to secure its systems and data are doubted. The way that the organization handled the hacks is another contributor to the loss of customers. The organization didn't immediately warn users that a large number of account data had been stolen. Instead, it was seemingly playing games with its users, informing them that the hack had only affected a fraction of accounts. When the initial figures were released, it was said that only 500 accounts had been hacked. However, it turned out that there were more than 3,000,000,000 affected accounts. Users felt cheated and that the attack was not dealt with as it should have been . At the same time, competitors of Yahoo, such as Google, didn't have any security scares since their security records had remained spotless for so long. It's not known how long it will take Yahoo to recover from its damaged reputation.


Digital economy and related threats

The digital economy refers to the wide range of economic activities and commercial transactions that take place through IT. The digital economy has been growing partly due to the evolution of some part of the traditional economy to this type of economy. This makes it quite hard to draw a distinct line between what remains as the traditional economy and what is to be referred to as the digital economy. Many organizations have adopted information technology to enable them to run their processes faster, more efficiently, and with competitiveness. Individuals are also part of this economy, since they are engaging in tasks and transactions that they couldn't participate in previously. New technology is causing more people and organizations to join this economy. The addition of IoT, big data analytics, the cloud, wireless networks, and social media networks has continued to pull more people into this economy.

However, cyber threats exist in this economy. Without physical intrusion and theft, this economy can be sabotaged using technology similar to what powers it. Particularly, it has been said that this economy might cease to grow if the security to protect it isn't adequate. This economy is fragile and cyber threats have been marked as its greatest challenges. A single cyber threat can bring it to stagnation. Over the last few years, there has been a growth on the cyber threats that face this economy. Some attacks have shown the capability to bring the digital economy to its knees. It seems that the threats facing this economy are only getting more advanced. The following are some of threat trends facing the digital economy.

Smart threats

With the proliferation of IoT and cloud-connected devices, a new breed of cyber threat is emerging. There are now smart threats developed to target devices which are interconnected using the IoT technology and also the cloud. Since IoT devices are still fresh in the economy, they are being targeted more because they haven't yet been hardened to the threats that exist on the internet. IoT devices connect to the internet just like many other devices, but their security features are lacking, thus they are sitting ducks for hackers. The cloud is also seeing massive adoption from companies. This is a new frontier where hackers have moved their expertise to. The cloud is not the same as local servers, where organizations can closely monitor the security of their applications and sensitive information. If a wave of successful attacks sweeps through major cloud vendors, massive losses will be witnessed.


Hackers have already demonstrated that they can topple the digital economy using a single ransomware. The WannaCry ransomware attack serves as a basis for this statement. The attack was waged globally as it affected over 150 countries. Experts have said that if it hadn't been for the sloppiness of the coder of the ransomware, an end to the attack wouldn't have been found in time to prevent a global-scale panic. Within just 24 hours, this single ransomware caused huge loses to companies, deaths in hospitals, loss of individuals files, and other types of losses. Ransomware still remains a severe threat to the digital economy after that demonstration. It's estimated that ransomware threats have been growing and this should be of concern to the economy.

The following is the screen presented by WannaCry after encrypting a computer:

Critical infrastructure attacks

A perilous attack landscape for the digital economy is critical infrastructures. Countries are increasingly automating critical infrastructures that provide services to the masses. These infrastructures can be attacked, putting a stop to the critical services that they offer. For instance, the WannaCry ransomware attack of 2017 crippled the National Health Service (NHS) in the UK. Hospital systems were affected to a point where medical appointments and surgeries had to be postponed until the attack was resolved.



The chapter has given you an introduction to cybersecurity and the economy. It explained the scope of cybersecurity, the terms used in cybersecurity, and a general description of some relevant actors in cyber attacks. The chapter also looked at the objectives of cybersecurity. It outlined the importance of cybersecurity and its impact on the global economy. The financial repercussions of cyber threats have been highlighted, showing the devastation that can be caused by threat actors. Finally, this chapter focused on the digital economy and the threats it currently faces. These threats include smart threats, ransomware, and critical infrastructure attacks; all of these can be performed on a large scale, thus toppling the digital economy. In the next chapter, you will learn about different threat actor groups and their motivation.


Further reading

About the Authors
  • Dr. Erdal Ozkaya

    Dr. Erdal Ozkaya is named among the Top 50 Technology Leaders by CIO Online & IDC. He is a Chief Cybersecurity Strategist and CISO at Xcitium (Comodo Cybersecurity), and a professor at Charles Sturt University. His expertise spans end-to-end IT solutions, management, communications, and innovation. He’s a well-known public speaker, an award-win

    Browse publications by this author
  • Milad Aslaner

    Milad Aslaner is a security professional with over 10 years' experience in product engineering and management. He has published white papers and books on social engineering, the practical application of cybersecurity, and cybersecurity in the financial services industry, with a technical focus on EDR, TVM, incident response, and real-world exploitation techniques. During his time at Microsoft since 2012, he has led the commercial software engineering team for the Surface Book and Laptop, and built security features such as SEMM. As a senior security program manager, he aims to transform strategic enterprise customer requirements to realize new scenarios, thereby safeguarding Microsoft customers against the evolving threat landscape.

    Browse publications by this author
Latest Reviews (1 reviews total)
i did not have the product
Hands-On Cybersecurity for Finance
Unlock this book and the full library FREE for 7 days
Start now