Security Weakness

The Security Weakness of Citi Bank

Citi Bank Group (Citi) changed its business model by migrating onto digital platforms to allow customers 24/7 hour access to their banking and account information, through virtual access on all electronic services. However, evidence of Citi’s security weaknesses was exposed in 2011 when its systems were hacked into and financial data of more than 360,000 customers’ credit cards were exposed (Wired, 2011). Citi’s technical vulnerability involved the bank’s Cards’ Account Online Web-based system (Kitten, 2013) making it one out of the many banks that have become victims of cyber fraud. 

Don't use plagiarized sources. Get Your Custom Essay on
Security Weakness
Just from $13/Page
Order Essay

Weaknesses

Citi’s network was easily penetrable by hackers using “parameter tampering” against the vulnerability of Citi’s website. It was easy for the hackers to type multiple strings of data onto the address bar tens of thousands times and access account data. Therefore, one key threat to Citi’s Bank’s network was that it was vulnerable to intrusive external activity (Treasury and Trade Solutions, 2016). Essentially, this weakness was related to weak online authentication practices. As stated, the weaknesses of Citi Bank were associated to cyber security and not physical practices. The bank’s physical facilities are well security, but the online platforms were more vulnerable to attacks and security breach.

Vulnerabilities and Threats

A keen evaluation revealed that the ATM infrastructure at Citi Bank was vulnerable as a result of delayed security patches on bank-end-ATM servers, hence rendering them susceptible to attacks. 

The bank was also using Flat-networks, whereby ATM transactions are put on one network segment with other enterprise systems, hence making the ATM data easily accessible by anybody, and this is a serious vulnerability. Furthermore, the ATMs were specifically linked to IP-Based networks, which meant that Transaction and PIN-data that is unencrypted can easily be exposed to spoofing by cyber attackers.

Leadership Awareness and Resource Support

Citi Bank as a global organization has a capable team of leaders able to move forward the organization. However, when it comes to awareness regarding the security threats, few seemed to be competent and they also lacked adequate resources to support the enhancement of security threats and vulnerabilities to their systems. The CISO at Citi Bank Group reports to the Bank Manager. 

Solutions and Security Enhancement

Technological Perspective

Innovation and Adaptation: Having been a victim of online cyber-attacks, my organization has adjusted its models in order to address vulnerabilities associated with digital for protection purposes. Firstly, common-sense and oversight are measures adopted to prevent “insider threats” through control of information access, transaction monitoring, double-approval, and staff training to enable them respond to threat alerts. The second measure is IT discipline, where up-to-date software is in place and vigilance maintained on both end-users and IT. Furthermore, Citi has adopted a triple-pillar approach to defense. Protection of channels, where the bank’s systems block any attempt of entry by attacker through “strong log-in credentials” and encrypted data transfer. Along with that, the bank’s Payment Risk Manager has capacity to detect payment outliers that have capacity to detect any form of compromise to the bank’s systems (Digital Initiative, 2016). Finally the bank has adopted a Data Privacy policy and data governance function, that ensures the bank’s most valuable and confidential data is thoroughly protected through various levels. 

People perspective

Account holders are strongly advised to create strong and unique passwords for their online accounts and change passwords as often as it is practical, and as long as they can remember their passwords (Ilana, 2011). Furthermore, it is critical that users monitor their accounts once they have credit cards, check any suspicious activity that includes withdrawals and purchases. In addition, they are advised to use system’s anti-virus security software. Any suspicious activity should be reported to the bank immediately.

Policy Perspective

Banking regulators should furnish financial institutions with new policies that could improve banking security online and also insist on banks continuously updating their control mechanisms. Banks have a duty of care to provide information and measures to their clients that will help them report any strange incidents, because security is a collective and shared responsibility.

Conclusion

Whereas Citi Bank Group, a global financial institution witnessed weaknesses in its security systems resulting into online breaches, it has successfully modified its approach to security with an aim to prevent further breaches, with considerable success. 

References

Digital Initiative (2016). Citibank: Protecting Against Cyber Threats. Retrieved from https://rctom.hbs.org/submission/citibank-protecting-against-cyber-threats/

Kitten, T. (2013). Was Citi Breach Preventable? Banking Info Security. Retrieved from https://www.bankinfosecurity.com/was-citi-breach-preventable-a-6042.

Liana, G. (2011). Citigroup data breach: a lesson and warning to all. Forbes. Retrieved from https://www.forbes.com/sites/ilanagreene/2011/06/13/citigroup-data-breach-a-lesson-and-warning-for-all/#331b883b4817

Treasury and Trade Solutions (2016). Fighting Cyber Crime: Citi’s Digital Securities. Retrieved from  https://www.citibank.com/tts/sa/emea_marketing/docs/Fighting_Cybercrime_FAQs.pdfWIRED (2016). Citi credit card hack bigger than originally disclosed. Retrieved from https://www.wired.com/2011/06/citibank-hacked/.

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more
Live Chat+1(978) 822-0999EmailWhatsApp

Order your essay today and save 20% with the discount code LEMONADE