A threat to compromise to the intellectual property of the bank. Every organization has some intellectual property related to their core business processes. Compromise with these properties will severely impact on their business process and revenue generation. Some examples of such threat is copyright infringement, piracy etc. The official documents of the bank can be stolen and pirated. Then those can be used for cheating genuine customers of the bank.
Currently there is no authentication process for securing the access to the data of the bank. There is no access control, username, password protection, firewalls etc. Thus, an attacker can easily breach into the current system and infrastructure by gaining unauthorized access to the system and data.
There is no backup plan, system logs etc. Thus, there are high chances of data loss from some intentional or accidental threat. The threat is more applicable for the 1.3TB customer data that is one of the biggest assets of the bank.
Threats of software attack like worm, virus etc. are applicable for all servers and systems. As all these are connected to the network (and internet), there is no firewall or IDS system, there is no antivirus software loaded on the systems and there is no patching done on any system for any vulnerabilities of the systems and software. Thus there are higher chances of software attack.
The servers are kept in a room without any restriction on entry to the room. So there are chances of physical theft of server components, data etc. This threat is applicable to all servers that are kept in the room.
There are threats related to the insider attacks. Where the internal staffs can steal data and critical information from the systems. This is more applicable as there are no proper policies, access control and other physical security measurements.
There are threats related to vandalism and sabotage. As the servers are kept in room without entry restriction anyone can enter into the room and may destroy the hardware. Even virus attacks can be used for such purposes.
8.The bank network has experienced some huge traffic on weekends. But they have not analysed the traffic. There are threats related to DDoS or Distributed Denial of Service attack.
The bank has no organizational policies, so there are threats related to lack of organization planning and policies. This will affect the privacy, training for personnel etc.
There are no data backup plans; all customer data are kept into the SQL server. That works with other servers. If, due to any technological failure, the server is crashed. Then all data will be lost the server will be damaged. In that case there will be huge loss for the bank.