Recent years have seen fintech take enormous strides in terms of global adoption. Spurred on by lockdowns during the COVID pandemic, users increasingly turned to fintech options for all their financial needs.
Fintech has joined the host of other industries and sectors fighting off determined and creative cybercriminals taking advantage of business as they adapt to the post-COVID environment. Indeed, one notable attack early in the pandemic hit UK-based fintech Finastra, whose customers include the vast majority of the world’s largest banks.
Given the dangers, fintech firms need to place ever more emphasis on securing their systems. Below are some primary security issues and trends fintechs need to keep in mind as they harden their defenses.
Signing off on intelligent authentication
Fintech is making the world of finance more accessible and inclusive. Options such as digital payment platforms, cryptocurrencies, alternatives to traditional lending institutions, and more help to serve traditionally underbanked populations. But, not surprisingly, the success of fintech also makes it an ever more visible target for cybercriminals.
Cybercriminals are highly motivated to access fintech customer accounts. After all, direct access to accounts is the fastest way for hackers to steal assets. And unfortunately, even though use of fintech applications is exploding - the number of fintech startups has more than doubled in the last four years - it is still far too simple for hackers to gain access to user credentials.
Poor password hygiene by fintech users is one of the primary access points for hackers. As a result, fintechs require more rigorous identity management methods than traditional username/password combinations, leading to the rise in intelligent authentication tools.
Intelligent authentication refers to a range of identity management tools and processes that more strictly tie an attempted login to a specific consumer. In addition to tools like multi-factor authentication, biometrics, and IP locations, intelligent authentication increasingly relies on digital signatures.
Digital signatures have numerous applications in fintech, from opening accounts to credit and loan applications to confirmation of transfers and payments. And they are not only useful for client-facing operations; indeed, digital signatures are an essential part of effective internal identity and access management policies and practices.
Protecting links in the supply chain
Supply chain attacks have generated a lot of attention in the past couple years, with perhaps the most recognizable being the Colonial Pipeline ransomware attack. When many people hear ‘supply chain attack’, their initial response is to think of physical supply chains. IT professionals may take the analysis a step further and look to the application development supply chain. But few tend to associate fintech and supply chain attacks.
However, fintech has defined supply chains that are susceptible to attack and highly desirable targets for cybercriminals. Rather than focusing on flows of physical goods or application delivery, fintech supply chains deal with the most critical of all goods and flows: personal financial information and asset transfers. And as fintech usage is pushed forward even faster by the COVID pandemic, the treasure trove of data is growing exponentially.
Every step in the fintech supply chain, from client data collection to payment processing or other asset transfers, is an opportunity for an exploit. Fintechs also need to consider vulnerabilities in the application supply chain as well, making the security task that much more complicated. PCI-DSS compliant payment systems and encrypted data flows, among other tools, should be standard components of every fintech security toolbox.
Defending against D-I-Y attacks
Many cybercriminals are both ingenious and diligent. Unfortunately, today it doesn’t take all that much effort to become a hacker and generate substantial income. Instead, all you need is access to the Dark Web.
For prospective hackers that do not want to expend the time and effort developing their own exploits, the Dark Web offers do-it-yourself style hacking kits and other tools that simplify the process. A wide range of kits are available, with ransomware kits being highly prevalent and low-cost. Even more advanced hackers can quickly build their arsenal with these pre-made hacking tools.
While the end results of traditional exploits and those who rely on kits are no different, organizations need to understand and build defenses against the primary types of attacks criminals are selling on the Dark Web.
Competing for security talent
According to one recent survey, 57% of companies struggle to fill the security talent gap. And there is no clear end in sight - in fact, it appears that the gap may be accelerating.
For many organizations, the security talent gap is a self-reinforcing problem. While companies struggle to staff their security teams sufficiently, hackers proliferate quickly, as does the number of daily attacks. So existing team members are suffering from overwork and burnout as they try to cover the shortage.
The need is particularly acute when it comes to cloud security. Digital transformation efforts have migrated more and more company assets to the cloud, and security teams are struggling with the transition. Unfortunately, cloud security isn’t as simple as applying traditional on-premise security paradigms to the cloud environment because of the scale and speed of resource changes in the cloud. So, security teams must add time for education on new security tools to their already overburdened days.
Overcoming the security talent gap will require looking outside traditional hiring paths. It will also require harnessing technology to fill gaps, such as applying artificial intelligence and machine learning tools to help security teams process and analyze the massive amounts of data they see daily. When effectively used, these tools can quickly sift through traffic and configuration data, excluding more false alerts than prior tools. Teams can then prioritize efforts and focus on the most pressing issues.
Fintech will continue its progress towards dominance in financial services, but with that success comes the burden of deflecting unwanted attention from cybercriminals. The tools exist for fintechs to strengthen the security of their systems and continue offering valuable and convenient financial solutions for their customers. It’s just a matter of taking advantage of them.
Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.