Vulnerabilities and cybersecurity challenges

Cybercrimes are global, relentless, and pervasive. Personal data — the target — in the hands of criminals becomes a lethal weapon. The loss is more severe than a mere financial aspect. Everything you thought belonged to you, and you only — your life in letters and figures — slips through fingers. Emotions aside, there is no prey too small or too insignificant for a hacker.
Risk mitigation in finance is tricky. The specifics of the sphere is in its modularization. Therefore, different institutions with different views on security interact. Other than that, fintech companies are born in the cloud, agility, innovativeness, and high competition. According to Business Insider, the global fintech market will reach $305 billion by 2025. Nearly 90% of incumbent financial companies think they will lose part of their businesses due to fintech organizations within five years.
And as the fintech market is expanding, brand new hacking techniques evolve concurrently. With the pandemic outbreak, next-level phishing attacks have almost doubled. But let’s look at the bright side. The companies that invest in cybersecurity see benefits and recover.
Gone but not forgotten: cyber damages in 2020
In the fast-paced environment, DevOps is under pressure to deliver quick results. Frequently, security does not get enough attention and investment. This exposes an organization and its clientele to a wide hacking community.
The pandemic affected a sense of safety. While isolated and cautious in the physical world, people dwell in the digital variation of life, where nothing could go wrong. Or so they thought. Since the outbreak, cyberattacks grew by 238%, and most of them were financially-motivated (Fintech Times). Hackers successfully exploited the overall anxiety and panic around Covid. A certain percentage of these cases offered loans for businesses or other nonexistent services.
According to Fintech Futures, of all surveyed financial services companies, 48% reported a cybersecurity attack. National Bank of Greece, Piraeus Bank, Alpha Bank were among those who suffered from a travel agency’s data breach. The banks called off 15,000 cards.
A bank in South Africa had to cancel 12 million cards. But in this case, it was not a hacker’s responsibility. The bank’s employees stole the 36-digit master key. Customers lost over $3 million, while card replacement cost was around $58 million. Sometimes a major threat comes from within.
Vulnerabilities and cybersecurity challenges
A chain is only as strong as its weakest link. Legacy systems and customer service systems are among the first vulnerabilities. Today, many are overloaded and inadequate. Integration issues is also a gateway for hackers. Many clients in fintech are using the traditional banks services at the same time. They are constantly performing transactions from one bank account to another. Here is the trouble: state-of-the-art technologies of fintech applications are difficult to integrate with bulky legacy systems of traditional banks. APIs must ensure seamless interaction of all systems.
The role of the human factor in cyberattacks is enormous. There are three reasons why: retaliation, reputation, and reward. The human factor in finance is more dependent on reward than reputation. There’s also a lot of retaliation coming in due to dismissal. Basically, these are the three reasons why hackers hack.
When working with third-party service providers, aligning security postures is vital. Partnering companies will be effective, when they share the same values, and cybersecurity is paramount for everyone.
For a robust fintech firm, disaster recovery is absolutely number one priority. Second, a fully-defined, tiered, and best-of-breed security policy must be in place. The third thing is taking a step back and analyzing what is actually happening.
Rather than reacting, institutions need to be proactive in terms of cyberattacks. A threat is not so much outside but rather inside — ‘cleaning up the house’ is crucial. Possibly, better screening of staff is a relevant measure to take. Staff training activities must not be a one-time event, but a consistent and systematic procedure. Sometimes cybersecurity is just a tick in the box. The gap between the policy, its executions and commitment to it does exist. It is a free pass to a hacker.
Artificial intelligence tools are advancing day by day which makes it hard for security pros to deal with deep fakes. Given this, there is a threat of impersonations during the onboarding stage. When a client of a fintech company creates an account, identity verification can be forged with a fake picture or artificially generated voice.
There is an entirely separate and sneaky way of using deep fake — impersonating people in authority positions. Let’s say, a cybercriminal can pretend to be someone from Forbes rankings or a CEO of a large company. A hacker can direct a fintech company to make payments to some offshore account. In this case, employees are the first line of defense which often falls short. The front line does not want that type of mistake(s)in the eyes of their boss.
In general, deep fakes assist hackers in fraudulent transactions, and or, payments. In this case, fighting fire with fire is appropriate: the application of AI tools can help detect the altered media.
Think before you transform
Before a financial institution undergoes digital transformation they have to make sure their systems are robust, scalable, and there is enough redundancy. To be innovative, institutions need to think about how they will change in the marketplace and adjust their products according to consumers’ demands. Technologies evolve at a breakneck pace. Banks need to analyze whether they are prepared to quickly react.
In terms of double authentication, periodically, if you go to your bank account, you have to go through a series of checks. But they are not hacker-proof. Giv