The importance of a holistic approach to tackling cyber attacks in fintech

As the fintech industry has experienced exponential growth, Eyal Worthalter, Vice President – Global Solution Sales at MYHSM by Utimaco, writes on the importance of having security built from the ground up in order to prevent future data breaches.

Eyal Worthalter

This year has seen a steep rise in data breaches and may go down in history as the year of the cyberattack. Most recently a hacker stole $600m in cryptocurrencies from a blockchain finance platform in what could be the biggest hack ever. We also saw cybercriminals compromise Microsoft’s Exchange Server, which took an Australian TV network off the air and disrupted fuel supplies so badly that drivers were filling plastic bags with gasoline. 

With that said, it is estimated that the cost of cybercrime will grow by 15% year on year for the next five years, reaching $6 trillion by the end of this year – that’s more than all natural disasters, climate change and all military spending. Like these, combating cybercrime requires a global response and skilled workforce, which we are currently lacking. There is a shortfall of almost four million cybersecurity professionals, while just 42% of the top 50 computer science courses in the US teach “Cybersecurity”.

Why FinTech companies are at risk

Despite companies in the finance industry having high investment in security, they are not immune from breaches. So much so that individual attacks cost on average $18.3 million, and 70% of companies report a security incident. Financial institutions typically spend over 10% of their budget on cybersecurity, which although is a large percentage, the risk and reward attached to penetrating banks, lenders and insurance companies attracts the most sophisticated criminals.

As FinTechs are typically less established and have smaller budgets than traditional banks, they are even more at risk from cyber-attacks. With the lack of resources, a weakness in a challenger bank’s mobile app or an unencrypted transfer of customer data could allow fraudsters to take banking details up to and including PIN numbers and CVVs with impunity.

Implementing cybersecurity measures from the get-go

Cybercrime is not going to simply stop one day, and although technology is advancing, for it to become effective, it must be implemented in the correct way. According to a report by IBM, 95% of breaches are a result of human error such as using passwords which are easily guessed, leaving laptops open and unlocked when commuting, or office receptionists not asking the right questions of their callers. Therefore, this shows how crucial a holistic approach in which cybersecurity is integrated into every part of the company really is. 

Whether a company offers seminars and workshops on ways to spot and reduce fraudulent activity, recruits or upskills their cybersecurity experts, or hires a Chief Security Officer, financial institutions must act now. 

For FinTechs, this means having security at the front of mind from day one. As this last year has proven, cybercrime can be detrimental to a business, and those who are starting out in the industry cannot afford to become a victim of an attack. While social engineering is normally the first step towards a costly data breach, all organisations must mitigate these risks by offering employees cyber security awareness training. And, IT teams must define who has control over the credentials to access the data by implementing security from the ground up. Therefore, the institution is able to secure concrete processes into their product development processes from the get-go. 

The mentality that once existed in cybersecurity, where passwords protected the outside of networks while employees were free to do as they wished inside will no longer work, as attack vectors, distributed work and service models become more and more sophisticated.  

How cloud-based Payment Hardware Security Modules (HSMs) can help

Investing in first-rate hardware security, such as Payment HSMs are of course a powerful tool to assist in mitigating fraud. Designed specifically for the card payments sector, they provide optimised performance for processing and encrypting sensitive data, meaning that cyber-attackers cannot access any customer details. However, the typically large investment that comes with adopting such resources and tools means that not all FinTechs, especially those that are start-ups with small budgets, will have access to such resources which can operate and manage these mission critical Payment HSMs. 

Using a fully managed service allows FinTechs to convert capex to opex while deploying best-in-class security technology. Additionally, resources can be allocated to focus on the core business, with external subject matter experts shouldering the responsibility of the security, compliance, and management of the payment infrastructure. 

Regardless of the size and budgets available, it is important for all financial institutions to remain on top of security protocols and be constantly vigilant to the potential target for cyber-attacks. To achieve best results, it is important to adopt a holistic approach, implementing a mixture of employee training as well as best-in-class security solutions such as Payment HSMs – this way, the company will be in the best position to tackle any attacks that come their way.