Cybersecurity Awareness for the Financial workforce

About this course

Financial institutions are among the most targeted industries by cybercriminals. The objective of this course is to raise awareness among employers and employees about emerging IT threats and attacks. Nowadays, uninformed employees can be easily victims to different types of threats. Moreover, inattentive employees can put the Intellectual Property (IP) of their organizations at risk.  Today’s threats go much beyond the scope of conventional forms of attacks such as viruses and trojans but extend to other sophisticated forms of malwares which encompass spear phishing attacks, business email compromise, social engineering attacks, identity thefts, crypto jacking and ransomware attacks. Awareness is the key to prevention of different types of attacks and protection of Intellectual Property. In 2023, security awareness poses as a fundamental layer of security in addition to other layers of security already implemented by organizations.

Objective

The objective of this course is to raise awareness among financial employees on how to protect sensitive financial data against cyberattacks.

Course Content

Part 1: The new financial cybersecurity landscape

• Why the Financial services sector is one of the most targeted industries?
• Threat actors affecting the financial services sector
• Sophisticated financial malware
• The evolving cybercrime landscape affecting PII
• Advanced social engineering techniques

Part 2: The impact of data breaches in the financial services sector

• The biggest financial data breaches and related implications
• Laws, regulations and financial obligations of organizations operating in the financial services sector
• An anticipatory approach to deal with financial cyber risks

Part 3: Sophisticated ransomware attacks targeting financial services sector                       

• The evolution of ransomware
• Ransomware with exfiltration techniques
• Ransomware infection vectors: Internet facing vulnerabilities and misconfigurations, phishing, Precursor malware infection

Part 4: Malware types

• Understand the different types of malicious software
• The latest trends in cyber attacks
• Preferred vectors of cyber attacks

Part 5: Email phishing attacks

• Social engineering techniques targeting financial institutions
• Email as a preferred vector of attack
• Types of phishing attacks – Email phishing, Spear phishing, Whaling, Smishing, Vishing
• Techniques to identify sophisticated phishing emails
• Business email compromise

Part 6: Passwords

• Understanding password complexity vs password length
• Passphrase vs Passwords
• Creating secure authentication and know when your password is compromised

Part 7: 10 ways to protect your organization and its data 

• Multi factor authentication – Creating secure authentication using 2FA, 2SV or MFA
• Software patching
• Identifying sophisticated attacks using fake URLS
• Detect potentially infected attachments
• Securing your data over public networks
• Securing mobile devices
• Protecting privacy online
• Learn how encryption can protect your data
• Protect your online privacy
• Protect from ransomware and other sophisticated attacks

Part 8: The anatomy of a cyberattack resulting in a financial data breach  

• Learn about the different phases involved in a cyber attack
• The reconnaissance phase – passive and active reconnaissance.
• Weaponization and delivery of infected payloads
• Exploitation and Installation of payload phase
• Data exfiltration and action on objectives