Building security from the ground up to avoid data breaches and tackle cybercrime in FinTechs

Cybercrime is rapidly growing, and this year, more so than ever, has been hit with hackers committing cyber-attacks. From Microsoft’s Exchange Server, taking Australian TV network off the air and disrupting fuel supplies so badly that drivers were filling plastic bags with gasoline it is not surprising to hear that cybercrime will reach $6 trillion this year, and is set to rise by 15% for the next five years, costing the world more than all natural disasters, climate change and military spending. Furthermore, the Pegasus Spyware scandal showed that state and state-affiliated actors are far more likely to be behind cyber-attacks than the stereotypical bedroom hacker.

Like war, hunger, and climate change, we need a global response and a large and skilled workforce to combat cybersecurity. However, there is shortfall of almost four million cybersecurity professionals and yet, only 42% of the top 50 computer science courses in the US teach “Cybersecurity”. Here, I’ll explain the importance of deploying technology correctly to mitigate cyber-attacks.

Cyber-attacks on FinTech’s

Due to the types of information which could be breached and the financial impact, cybercrime is more pronounced in the finance industry, despite their high investments in security. Individual attacks can cost on average $18.3 million and 70% of companies report a security incident and it is likely that this number would be even higher if more technology and expertise were deployed to recognise attacks.

On average, financial institutions spend 10.9% of their budget on cybersecurity which although eats up much of their money is necessary– the risk and reward of penetrating such companies attracts the most sophisticated cyber-criminals.

Because FinTech companies tend to be smaller and less established, they could be even more at risk, having less budget and expertise to devote to cybersecurity. Therefore, a vulnerability in a challenger bank’s mobile app or an unencrypted transfer of customer data could allow fraudsters to access banking details, including PIN numbers and CVVs. So, considering these challenges, what can be done to tackle cybercrime?

The importance of implementing cybersecurity from the beginning

Although technology is always evolving, unless we educate and use it properly, cybercrime will continue to rise. From developers leaving security vulnerabilities in their code to office receptionists not asking the right questions of their callers to employees leaving laptops on public transport or clicking a link in an email, 95% of breaches were attributable to human error, according to a report by IBM.

In order to help reduce cybercrime, it is vital that companies develop a holistic approach in which cybersecurity is integrated into every part of the company, whether that be hosting occasional seminars on how to look out for fraudulent activity, to considering promoting cybersecurity professionals, who typically sit beneath the IT function in most companies, to a higher level.

For FinTechs, this means having security at front of mind – systems need to be in place for preventing and dealing with the fallout from cyber-attacks from day one. While social engineering is often the cause of a costly data breach, and it is important for all organisations to do all they can to mitigate these by offering employees cyber security awareness training, it is also important for IT teams to define who has access to the data and credentials to access that data. Fintechs can do this by implementing security from the ground up, where they build security processes into their product development from the beginning.

The mentality that once existed in cybersecurity, where passwords protected the outside of networks while employees were free to do as they wished inside will no longer work, as attack vectors, distributed work and service models become more and more sophisticated.

Adopting cloud-based Payment Hardware Security Modules

Hardware security, such as Payment HSMs are a valuable tool to invest in. They are designed specifically for the card payments sector, providing optimised performance for processing, and encrypting sensitive data. If customer data is encrypted, then they will be useless to cyber-attackers, and therefore budgets should always be set aside to give your company the very best security. Of course, we cannot assume that all Fintechs have the resources to operate and manage Payment HSMs and purchasing the hardware requires significant investment.

By using a fully managed service, FinTechs can convert capex to opex while deploying best-in-class security technology. In doing so, resources are freed up internally to focus on the core business, with external subject matter experts taking on the responsibility of the security, compliance, and management of the payment infrastructure.

It is important for financial institutions of all sizes to understand and remain vigilant to the potential target for cyber-attacks. By implementing a holistic approach, adopting both best-in-class security solutions such as Payment HSMs and employee training and awareness, companies will be in the best position to tackle potential cyber-attacks.