The Security Weakness of Citi Bank
Citi Bank Group (Citi) changed its business model by migrating onto digital platforms to allow customers 24/7 hour access to their banking and account information, through virtual access on all electronic services. However, evidence of Citi’s security weaknesses was exposed in 2011 when its systems were hacked into and financial data of more than 360,000 customers’ credit cards were exposed (Wired, 2011). Citi’s technical vulnerability involved the bank’s Cards’ Account Online Web-based system (Kitten, 2013) making it one out of the many banks that have become victims of cyber fraud.
Citi’s network was easily penetrable by hackers using “parameter tampering” against the vulnerability of Citi’s website. It was easy for the hackers to type multiple strings of data onto the address bar tens of thousands times and access account data. Therefore, one key threat to Citi’s Bank’s network was that it was vulnerable to intrusive external activity (Treasury and Trade Solutions, 2016). Essentially, this weakness was related to weak online authentication practices. As stated, the weaknesses of Citi Bank were associated to cyber security and not physical practices. The bank’s physical facilities are well security, but the online platforms were more vulnerable to attacks and security breach.
Vulnerabilities and Threats
A keen evaluation revealed that the ATM infrastructure at Citi Bank was vulnerable as a result of delayed security patches on bank-end-ATM servers, hence rendering them susceptible to attacks.
The bank was also using Flat-networks, whereby ATM transactions are put on one network segment with other enterprise systems, hence making the ATM data easily accessible by anybody, and this is a serious vulnerability. Furthermore, the ATMs were specifically linked to IP-Based networks, which meant that Transaction and PIN-data that is unencrypted can easily be exposed to spoofing by cyber attackers.
Leadership Awareness and Resource Support
Citi Bank as a global organization has a capable team of leaders able to move forward the organization. However, when it comes to awareness regarding the security threats, few seemed to be competent and they also lacked adequate resources to support the enhancement of security threats and vulnerabilities to their systems. The CISO at Citi Bank Group reports to the Bank Manager.
Relationship between Physical and Cybersecurity Practices
At Citi Bank, there is a model relationship between physical security provided by a security protection unit and cybersecurity practices, which need to be addressed to narrow the weaknesses in the overall bank security.
Solutions and Security Enhancement
Innovation and Adaptation: Having been a victim of online cyber-attacks, my organization has adjusted its models in order to address vulnerabilities associated with digital for protection purposes. Firstly, common-sense and oversight are measures adopted to prevent “insider threats” through control of information access, transaction monitoring, double-approval, and staff training to enable them respond to threat alerts. The second measure is IT discipline, where up-to-date software is in place and vigilance maintained on both end-users and IT.
Account holders are strongly advised to create strong and unique passwords for their online accounts and change passwords as often as it is practical, and as long as they can remember their passwords (Ilana, 2011). Furthermore, it is critical that users monitor their accounts once they have credit cards, check any suspicious activity that includes withdrawals and purchases. In addition, they are advised to use system’s anti-virus security software. Any suspicious activity should be reported to the bank immediately.
Banking regulators should furnish financial institutions with new policies that could improve banking security online and also insist on banks continuously updating their control mechanisms. Banks have a duty of care to provide information and measures to their clients that will help them report any strange incidents, because security is a collective and shared responsibility.
Whereas Citi Bank Group, a global financial institution witnessed weaknesses in its security systems resulting into online breaches, it has successfully modified its approach to security with an aim to prevent further breaches, with considerable success.
Digital Initiative (2016). Citibank: Protecting Against Cyber Threats. Retrieved from https://rctom.hbs.org/submission/citibank-protecting-against-cyber-threats/
Kitten, T. (2013). Was Citi Breach Preventable? Banking Info Security. Retrieved from https://www.bankinfosecurity.com/was-citi-breach-preventable-a-6042.
Liana, G. (2011). Citigroup data breach: a lesson and warning to all. Forbes. Retrieved from https://www.forbes.com/sites/ilanagreene/2011/06/13/citigroup-data-breach-a-lesson-and-warning-for-all/#331b883b4817
Treasury and Trade Solutions (2016). Fighting Cyber Crime: Citi’s Digital Securities. Retrieved from https://www.citibank.com/tts/sa/emea_marketing/docs/Fighting_Cybercrime_FAQs.pdf
WIRED (2016). Citi credit card hack bigger than originally disclosed. Retrieved from https://www.wired.com/2011/06/citibank-hacked/.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more