FINANCIAL AND SYSTEMATIC FRAUD

INTERNAL ASSESSMENT II

INTERNAL ASSIGNMENT – II

FINANCIAL AND SYSTEMATIC FRAUD

RESEARCH ARTICLE

The Impact of Cybersecurity Threats on Financial

Institutions: Mitigating Risks of Systematic Fraud

NAME: Harshwardhan Kulsange TOTAL WORDS :

DIVISION: E 2,689 (excluding
footnotes, citations,
PRN: 20010125625
abstract, and references
COURSE: BA LL.B. (H) and bibliography)

BATCH: 2020-2025
I
PRN : 20010125625
 FINANCIAL AND SYSTEMATIC FRAUD
INTERNAL ASSESSMENT II

TABLE OF CONTENTS

INTRODUCTION ……………………..……………........................................……………III

RESEARCH QUESTION……………………………………………………………………IV

RESEARCH OBJECTIVE …………………………………………………………….……IV

COMPARATIVE STUDY ……………………………………………………..…………..VI

CRITICAL ANALYSIS……………………………………………...……………………VIII

CONCLUSION……………………………………………………………...……………….XI

REFRENCES AND BIBLOGRAPHY……………………………………...………………XII

II
PRN : 20010125625
 FINANCIAL AND SYSTEMATIC FRAUD
INTERNAL ASSESSMENT II

INTRODUCTION

The security and credibility of financial institutions throughout the world are facing an
unprecedented challenge in the modern era of digital finance due to the convergence of
sophisticated cyber threats and quickly developing technology. The financial industry is more
vulnerable to systematic fraud due to the exponential increase in electronic transactions and
the rising reliance on linked systems, which have made it a major target for different sorts of
cyberattacks. Institutions are being urged to implement strong and flexible measures to
reduce the dangers associated with systemic fraud due to the significant growth in the
magnitude and variety of cybersecurity threats. This has made it necessary to have a deeper
knowledge of the profound ramifications of these threats on the financial landscape.

Cyber attacks are a danger to financial institutions' essential operations, stability, and client
trust as they strive to participate in digital transformation. The frequency, sophistication, and
scale of cyberattacks on financial institutions have all alarmingly increased in recent years,
according to the Global Financial Services Review. Malicious actors have shown an
extraordinary capacity to exploit flaws within the electronic networks of financial institutions,
ranging from ransomware attacks and data breaches to sophisticated social engineering
schemes. This increases the likelihood of coordinated fraud that goes beyond individual
breaches.

Moreover, the interdependence of the financial system has intensified the cascading
consequences of cybersecurity intrusions, giving rise to systemic hazards that have the
potential to topple not only specific establishments but also the wider financial markets. The
global financial crisis of 2008 is a sobering reminder of the disastrous outcomes that systemic
flaws in the financial system may produce. Regulators and institutions have long been
concerned about conventional kinds of financial fraud, but the ever-changing cyber threat

III
PRN : 20010125625
 FINANCIAL AND SYSTEMATIC FRAUD
INTERNAL ASSESSMENT II
landscape has added a layer of risk, necessitating creative solutions and preventative
measures to protect the integrity and resilience of the financial sector.

This study intends to investigate the complex relationship that exists between attacks on
cybersecurity and the ongoing practice of systematic fraud in financial institutions. It will do
this by critically analyzing the fundamental vulnerabilities, potential consequences, and
effectiveness of current mitigation strategies. This study aims to contribute to the ongoing
discussion on the critical need for thorough and flexible cybersecurity structures, with a focus
on the prevention and detection of systematic fraudulent activity in the financial sector, by
clarifying the various challenges presented by technological hazards and their effects on
financial institutions.

RESEARCH QUESTION

1. That are the main forms of cybersecurity risks that financial institutions have to deal
with, and how do these dangers help to keep systemic fraud in the industry alive?
2. In what ways do the increasing complexity and patterns of cyberattacks affect the
integrity and financial stability of institutions, raising the possibility of systemic
threats and vulnerabilities?
3. What are the particular weak points in financial institutions' digital infrastructure that
cybercriminals take advantage of to make large-scale systematic fraud more likely?
4. In reducing the dangers of systematic fraud, how successful are financial institutions
now using cybersecurity procedures and measures? What are the main drawbacks or
weaknesses of these approaches?

IV
PRN : 20010125625
 FINANCIAL AND SYSTEMATIC FRAUD
INTERNAL ASSESSMENT II

RESEARCH OBJECTIVE

Naturally, the following is a brief research aim for your investigation into how cybersecurity
concerns affect financial institutions and how to reduce the likelihood of systematic fraud:

The main goal of this research is to thoroughly examine the complex relationship that exists
between cybersecurity risks and the ongoing perpetration of systematic fraud inside the
financial institutions' framework. Through a comprehensive examination of the wide range of
cyber threats that are common in today's financial environment, this research seeks to identify
the particular weaknesses in the Internet of Things that hackers take advantage of to spread
systematic fraud more widely.

In addition, the study aims to identify significant weaknesses and gaps in the present
approaches by assessing how well-suited cybersecurity protocols and measures are for
reducing the risks associated with systematic fraud. In addition, the research aims to clarify
the regulatory environment around financial institutions and how it affects cybersecurity
procedures. It also explores the effects of systematic fraud on consumer confidence, market
stability, and wider economic consequences. Through an examination of the interrelatedness
of banking systems and the growing interdependence of organizations, the study will
highlight the urgent need for industry-wide industry collaboration and complete risk
management plans.

Along with analyzing the mental health and behavioural characteristics of cyber attackers, the
study also attempts to find new technologies and creative methods that can strengthen
financial institutions' cybersecurity frameworks. With this information, strategies to
strengthen defences against systematic fraud will be developed. In the end, the research aims
to provide a comprehensive and flexible framework designed specifically for financial
institutions, incorporating strong cybersecurity safeguards and industry best practices, with
the main goal of proactively reducing the risks associated with systematic fraud and
guaranteeing the stability, reliability, and integrity of the financial industry.

V
PRN : 20010125625
 FINANCIAL AND SYSTEMATIC FRAUD
INTERNAL ASSESSMENT II

COMPARATIVE STUDY

The financial sector remains a target for cyber attackers. What happens if a bank or another
crucial platform is attacked and users are unable to access their accounts?

The financial sector's close technological and financial ties can make it easier for attacks to
quickly spread throughout the whole system, potentially leading to widespread downtime and
loss of credibility. Financial stability is threatened by cybersecurity.

Responding to a recent IMF assessment of 51 countries, the majority of financial supervisors

in emerging markets and developing nations have not implemented cybersecurity policies or
built the means to enforce them.

Rapid technology advancements provide attackers with more affordable and user-friendly
tools, but they also give financial institutions more power to stop them.

However, in a world that is becoming more and more digitalized, higher risks are to be
expected. As more gadgets and systems become connected, targets multiply. The banking
sector can become more egalitarian and efficient through the use of fintech companies, but
they also increase the risk of cyberattacks.

Cyberattacks have become more frequent as geopolitical tensions have increased. The
dangers are not confined to areas of conflict, and the motivations of the perpetrators are
frequently ambiguous. History demonstrates that disruptive viruses can have a worldwide
negative impact. For example, the NotPetya spyware infection that first inundated Ukrainian
firms' IT systems in 2017 swiftly expanded to many other nations and resulted in damages
estimated to exceed $10 billion.

Lastly, attacks are more likely to have systemic effects when widespread service providers
are reliant. Entire industries may be impacted by the concentrated nature of risks for
frequently used services like network operators, cloud computing, and managed security
services. Losses may escalate to a macrocritical level.

VI
PRN : 20010125625
 FINANCIAL AND SYSTEMATIC FRAUD
INTERNAL ASSESSMENT II
There are still significant gaps in the prudent framework even though regulators and financial
institutions are growing more aware of potential threats and ready for them.

Five priorities should help financial companies and regulators get ready for increased cyber
threats and possible successful breaches:

Financial institutions, regulators, and central banks all need to create cybersecurity plans.
Cyber risk is a multifaceted problem that calls for strong security within governing bodies,
strict regulation and supervision, market-wide cooperation, and initiatives to develop capacity
and expertise.

The focus of financial regulators and companies needs to change from traditional disaster
recovery and business continuity planning to providing essential services even if attacks
interrupt regular operations. The top executives of businesses, financial regulators, and the
people on their boards must support resilience. Businesses must be ready for serious but
conceivable events that could affect the entire system. Supervisors ought to mandate that the
sector take into account these unfavourable situations and evaluate its backup plans on an
individual and group basis.

The ability of cyber oversight and regulation to successfully foster resilience is something
that financial supervisors must guarantee. A universal strategy does not exist, although
numerous components are shared.

An efficient supervisory strategy strikes a balance between onsite and offsite tasks, carried
out by a combination of generalist supervisors and security specialists who apply the law
proportionately.

Financial institutions need to improve their response and recovery plans, secure-by-design
systems, and cyber "hygiene." The majority of successful attacks arise from ordinary
mistakes, like neglecting to apply patch updates or configure security settings, even though
many of today's attacks are more complex and depend on psychological manipulation to trick
a victim into disclosing critical information. In this situation, routine procedures for
safeguarding networks and guaranteeing the secure handling of important data are crucial.

To guarantee that authorities worldwide can handle incidents efficiently, the international
community needs to standardize cyber incident notification and efficient information sharing.

VII
PRN : 20010125625
 FINANCIAL AND SYSTEMATIC FRAUD
INTERNAL ASSESSMENT II
Significant advancements include the Financial Stability Board's common lexicon and
incident notification model.

The weakest link determines how strong a cyber defence is. Reduced risk necessitates a
global effort due to the world's increasing interconnections. As for the IMF, it keeps
supporting financial supervisors with capacity-building programs that prioritize developing
and putting into effect global standards and best practices.

CRITICAL ANALYSIS

The earliest known cyberattack originated in the 1980s with a basic computer virus. A virus
is a group of replicating computer programs that alter other programs and introduce their
code into the system to cause infection. With some applied studies, hacking websites became
a hazard to systems in the late 1990s. Malicious code emerged as an assault in 2004, posing a
threat to application security that was beyond the scope of traditional antivirus software.
These codes encompass a broad range of terminology related to system security, including
malware, Trojan horses, worms, attack scripts, and viruses. Then, in late 2008, sophisticated
Trojans and worms reappeared due to the attacks' quick advancement, and in 2012, threats
like phishing and identity theft occurred.

Subsequently, in late 2015, cybercriminals advanced with formidable tools including denial-
of-service (DDOS) and distributed denial-of-service (DDOS) attacks. As time went on,
cyberespionage and cyberwarfare became prevalent attack methods. Due to the use of various
internet connections, DDOS assaults are more common and harmful than DOS attacks
because the victim is unable to determine the origin of the attack.

It is clear from the vast array of data gathered from several sources and the analysis
performed on that data that these specific cybercrimes mostly impact Indian banking systems.
The Verizon 2017 data breach examination report states that after surveying several banking
institutions, it was discovered that over 50% of them appeared to have been impacted by the
VIII
PRN : 20010125625
 FINANCIAL AND SYSTEMATIC FRAUD
INTERNAL ASSESSMENT II
top five cyber threats, which include ransomware, malware, spear phishing, denial of service
(DOS), and phishing. The top three cyberattack patterns, which include denial of service
(DOS), online application attacks, and credit card skimmer, account for more than 88% of
security-related events among the majority of occurrences that are reported.

1. Phishing: Phishing assaults aim to obtain user passwords, credit card numbers, and
PINs to gain access to the victim's bank account or take over social network data.

2. Identity theft is a type of cybercrime in which hackers attempt to access sensitive

personal information, such as credit card numbers, social security numbers, or Aadhar
details, to pretend to be someone else and profit from using that person's name.

3. Trojans and viruses: Viruses are nothing more than the cost of malevolent algorithms
that can proliferate like human viruses on their own without human assistance. A
Trojan virus is a malicious program that, in contrast to other viruses, spreads quickly
instead of replicating itself. By opening the attachments in spam emails, you can
activate these.

4. Vishing is the use of social engineering over the phone to obtain private information
about an individual from the public to hold them for ransom.

5. Web applications typically use cross-site scripting. This gives hackers the ability to
insert client-side scripts into user-viewed websites. An attacker uses this to get around
access controls.

Therefore, why are banks so susceptible to cyberattacks? Money appears to be a major factor
in attacks, making assailants blind and unable to take any action. Aside from that, the Indian
financial industry has a big and constantly expanding market. Large numbers of both internet

IX
PRN : 20010125625
 FINANCIAL AND SYSTEMATIC FRAUD
INTERNAL ASSESSMENT II
and offline consumers are now interacting through various modalities such as Internet
banking, mobile banking, portable wallets, credit/debit cards, etc. due to the spread of digital
banking systems and financial inclusion policies in India. According to RBI data, bank
deposits increased at a CAGR of 11.11% from FY09 to FY17, reaching $1.86 trillion in USD
by FY19. As of February 2020, deposits were valued at $1893.77 billion.

Banks are extremely vulnerable to assaults due to their extensive business networks, high
number of financial transactions, large amounts of data and information about a vast
clientele, and absence of robust, multi-layered security systems. Data loss and financial loss
account for 88% of the effects of cybercrime on banks, according to research. Cyberattackers
don't always aim to steal money or cause other financial losses; occasionally, they target
targets to obtain financial and personal information to obtain insights on different business
models and customer information. Because they are concerned about data security, banks
may lose a significant portion of their client base and face reputational damage as a result of
this espionage.

As technology advances, cyberattack methods are evolving as well.

To successfully obtain privileges and cause disruptions to the network, attackers have gotten
more skilled at identifying, gathering, and evaluating vulnerabilities as well as gaps in the
system. Banks are now implementing the newest cyber-security technology and are willing to
pay more money to secure their IT infrastructure from unauthorized entry, unneeded data
breaches and security lapses to become well-aware of and advanced with the current hacking
techniques. A firewall that is configured and maintained properly helps shield the banking
environment from unauthorized attacks. Banks should use a variety of safety precautions to
thwart any such known cyberattacks.

Penetration tests, in which the examiner poses as an invader and attempts to break the
security system, are used to test the security of banks' networks and infrastructure. These tests
are conducted on the premises of the banks to detect system weaknesses. Many of these tests
have been conducted in the past, and based on the information gathered from those
investigations, it was discovered that the majority of vulnerabilities discovered in Indian
banks are related to web applications, inadequate network security, ineffective password

X
PRN : 20010125625
 FINANCIAL AND SYSTEMATIC FRAUD
INTERNAL ASSESSMENT II
management, incorrect server configuration, and ignorance. The usage of the secret socket
layer (SSL) protocol is one of the required methods to avoid cyber-attacks against bank
backend online services. Any browser that requests access to a website's data does so by first
retrieving the SSL certificate and verifying that it is valid, issued by a recognized authority
recognized by the browser, and being used by the internet site for which it is intended. If all
of these conditions are met, the browser is then granted access to the website's data.

CONCLUSION

Cybercrimes are unrestricted and develop at a rate that keeps up with new technological
advancements. A significant threat to financial and financial businesses is the unprecedently
high increase of cybercriminals and its catastrophic fallout. It attempts to create a lively
security readiness among banks and other financial institutions. The increasing reliance of
billions of people on e-banking technology at various levels presents a significant challenge
to cyber professionals in developing a robust cyber security protocol. In addition to
combating cyber weaknesses, Indian banks must also change their mentality and become
psychologically ready to respond to cybercrimes and criminals like they would in a battle.
The traditional methods that have been used throughout should be dropped in favour of
cutting-edge technologies that offer nimble and unconventional means of combat.

Reviewing the state of cyber security and new threats is also necessary. Indian banks are the
backbone of the nation's economy and a tool available to both individuals and institutions. A
bank must maintain its sound financial institution and credibility at all costs. The moment has
come for institutions to abandon their conventional banking structures and collaborate with
new technologies and innovative ideas to eliminate or significantly reduce the cyber threat
within the system.

XI
PRN : 20010125625
 FINANCIAL AND SYSTEMATIC FRAUD
INTERNAL ASSESSMENT II

REFRENCES AND BIBLOGRAPHY

1. Fighting Cybersecurity Threats to the Growing Economy, 2018 Economic Report of

the President 323 (2018).
2. William H. Manz, Editor. Legislative Histories of Cybersecurity Laws Enacted by the
113th and 114th Congresses (2016).
3. Harry Dixon, Maintaining Individual Liability in AML and Cybersecurity at New
York's Financial Institutions, 5 PENN St. J.L. & INT'l AFF. 72 (2017).
4. Andrew Zachary Ryan Smith, FTC Regulating Cybersecurity Post Wyndham: An
International Common Law Comparison on the Impact of Regulation of
Cybersecurity, 45 GA. J. INT'l & COMP. L. 377 (2017).
5. Malgorzata Krystyna Such-Pyrgiel, Anna Golebiowska & Dariusz Prokopowicz, The
Impact of the COVID-19 Pandemic on the Growing Importance of Cybersecurity of
Data Transfer on the Internet, 51 POLish Pol. Sci. Y.B. 81 (2022).
6. Richard Parlour, EU Cybersecurity Policy in the Financial Sector, 26 J. FIN. CRIME
666 (2019).
7. Asaad Mohammed Ali Wahhab, Baneen Hassoun Jawad & Emad Hamaza Abd
Alajeli, Auditing Cybersecurity Risks considering the Information Renaissance and
Its Impact on the Continuity of Companies, 35 TECHNIUMSoc. Sci. J. 18 (2022).
8. Ludmila Georgieva, The First EU-Wide Legislation on Cybersecurity, 6 EEJ 62
(2016).
9. Shauhin A. Talesh & Bryan Cunningham, The Technologization of Insurance: An
Empirical Analysis of Big Data an Artificial Intelligence's Impact on Cybersecurity
and Privacy, 2021 UTAH L. REV. 967 (2021).
10. Kristen E. Eichensehr, Giving Up on Cybersecurity, 64 UCLA L. REV. Discourse
320 (2016-2017).
11. Zhen Zhang, Cybersecurity Policy for the Electricity Sector: The First Step to
Protecting Our Critical Infrastructure from Cyber Threats, 19 B.U. J. Sci. &TECH. L.
319 (2013).

XII
PRN : 20010125625
 FINANCIAL AND SYSTEMATIC FRAUD
INTERNAL ASSESSMENT II
12. Daniel Tien Chong Ling, Cybersecurity in International Arbitration: An Untapped
Opportunity for Arbitral Institutions, 34 SAcLJ 432 (2022).
13. Scott J. Shackelford , Andrew A. Proia, Brenton Martell & Amanda N. Craig, Toward
a Global Cybersecurity Standard of Care: Exploring the Implications of the 2014
NIST Cybersecurity Framework on Shaping Reasonable National and International
Cybersecurity Practices , 50 TEX. INT'l L. J. 305 (2015).
14. William H. Manz, Editor. Legislative Histories of Cybersecurity Laws Enacted by the
113th and 114th Congresses (2016).
15. Alina Big, Automatic Deletion of Biometric Data in Financial Institutions, 45 Seton
HALL Legis. J. 151 (2021).
16. Maxim Dobrinoiu, Need for Education on Cybersecurity, 6 INT'l J. INFO. Sec.
&CYBERCRIME 25 (2017).
17. Marek Gorka, Cybersecurity Politics - Conceptualization of the Idea, 50 POLish Pol.
Sci. Y.B. 71 (2021).
18. Melanie J. Teplinsky, Fiddling on the Roof: Recent Developments in Cybersecurity, 2
AM. U. Bus. L. REV. 225 (2013).
19. Andrew Yu, Regulatory Financial Reform: Impact of Dodd-Frank Act on IT
Compliance, 38 Rutgers COMPUTER & TECH. L.J. 254 (2012).
20. David Thaw, The Efficacy of Cybersecurity Regulation, 30 GA. St. U. L. REV. 287
(2014).
21. Derek E. Bambauer, Schrodinger's Cybersecurity, 48 U.C.D. L. REV. 791 (2015).

XIII
PRN : 20010125625