engleski

Croatian Bank Security Analysis by Publicly Available Data

No system is perfect, especially given the factor of human error. Banks’ IT systems are interesting to potential attackers because of the magnitude of potential damage to customer data, reputation, and banks’ finances. All the bank employees' data could be used as a potential vector of attack which represents major security risks that must not be neglected. In this paper, it is analyzed how many publicly available sensitive information about 10 major banks that are active in the Republic of Croatia is possible to collect by using simple and free tools to see if there are any potential security risks for these banks. The paper begins with the introduction of tools and methods used in gathering information. All gathered data is then compared to see which of the banks are most exposed to potential attackers. The subject of system security has been analyzed many times. Some papers describe penetration testing, social engineering in case of attack, data gathering tools, but this paper incorporates all before mentioned theories and provides concrete data gathering results on which the level of risk is determined and suggestions for preventive measures.

bank security ; reconnaissance ; data confidentiality ; OSINT

nije evidentirano