Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Technology

Posted By Jessica Weisman-Pitts

Posted on August 13, 2021

Building security from the ground up to avoid data breaches and tackle cybercrime in FinTechs

Cybercrime is rapidly growing, and this year, more so than ever, has been hit with hackers committing cyber-attacks. From Microsoft’s Exchange Server, taking Australian TV network off the air and disrupting fuel supplies so badly that drivers were filling plastic bags with gasoline it is not surprising to hear that cybercrime will reach $6 trillion this year, and is set to rise by 15% for the next five years, costing the world more than all natural disasters, climate change and military spending. Furthermore, the Pegasus Spyware scandal showed that state and state-affiliated actors are far more likely to be behind cyber-attacks than the stereotypical bedroom hacker.

Like war, hunger, and climate change, we need a global response and a large and skilled workforce to combat cybersecurity. However, there is shortfall of almost four million cybersecurity professionals and yet, only 42% of the top 50 computer science courses in the US teach “Cybersecurity”. Here, I’ll explain the importance of deploying technology correctly to mitigate cyber-attacks.

Cyber-attacks on FinTech’s

Due to the types of information which could be breached and the financial impact, cybercrime is more pronounced in the finance industry, despite their high investments in security. Individual attacks can cost on average $18.3 million and 70% of companies report a security incident and it is likely that this number would be even higher if more technology and expertise were deployed to recognise attacks.

On average, financial institutions spend 10.9% of their budget on cybersecurity which although eats up much of their money is necessary– the risk and reward of penetrating such companies attracts the most sophisticated cyber-criminals.

Because FinTech companies tend to be smaller and less established, they could be even more at risk, having less budget and expertise to devote to cybersecurity. Therefore, a vulnerability in a challenger bank’s mobile app or an unencrypted transfer of customer data could allow fraudsters to access banking details, including PIN numbers and CVVs. So, considering these challenges, what can be done to tackle cybercrime?

The importance of implementing cybersecurity from the beginning

Although technology is always evolving, unless we educate and use it properly, cybercrime will continue to rise. From developers leaving security vulnerabilities in their code to office receptionists not asking the right questions of their callers to employees leaving laptops on public transport or clicking a link in an email, 95% of breaches were attributable to human error, according to a report by IBM.

In order to help reduce cybercrime, it is vital that companies develop a holistic approach in which cybersecurity is integrated into every part of the company, whether that be hosting occasional seminars on how to look out for fraudulent activity, to considering promoting cybersecurity professionals, who typically sit beneath the IT function in most companies, to a higher level.

For FinTechs, this means having security at front of mind – systems need to be in place for preventing and dealing with the fallout from cyber-attacks from day one. While social engineering is often the cause of a costly data breach, and it is important for all organisations to do all they can to mitigate these by offering employees cyber security awareness training, it is also important for IT teams to define who has access to the data and credentials to access that data. Fintechs can do this by implementing security from the ground up, where they build security processes into their product development from the beginning.

The mentality that once existed in cybersecurity, where passwords protected the outside of networks while employees were free to do as they wished inside will no longer work, as attack vectors, distributed work and service models become more and more sophisticated.

Adopting cloud-based Payment Hardware Security Modules

Hardware security, such as Payment HSMs are a valuable tool to invest in. They are designed specifically for the card payments sector, providing optimised performance for processing, and encrypting sensitive data. If customer data is encrypted, then they will be useless to cyber-attackers, and therefore budgets should always be set aside to give your company the very best security. Of course, we cannot assume that all Fintechs have the resources to operate and manage Payment HSMs and purchasing the hardware requires significant investment.

By using a fully managed service, FinTechs can convert capex to opex while deploying best-in-class security technology. In doing so, resources are freed up internally to focus on the core business, with external subject matter experts taking on the responsibility of the security, compliance, and management of the payment infrastructure.

It is important for financial institutions of all sizes to understand and remain vigilant to the potential target for cyber-attacks. By implementing a holistic approach, adopting both best-in-class security solutions such as Payment HSMs and employee training and awareness, companies will be in the best position to tackle potential cyber-attacks.

Eyal Worthalter is Vice President – Global Solution Sales at MYHSM by Utimaco

Recommended for you

  • Thales announces advanced security for automotive, FinTech and IoT with new lightweight cryptographic curve support in nShield HSMs

  • NetApp acquires StackPointCloud

  • TestComplete adds Artificial Intelligence to eliminate common UI Test automation issues