By Gavin Knapp, Cyber Defence Technical Lead at Bridewell

The finance sector is a lucrative target for cyber criminals. Attacking fintech organisations offers numerous avenues for profit through theft, fraud, and extortion, while nation-state-backed groups are increasingly targeting the sector for political and ideological leverage.

As such, the heat is rising for businesses. The Financial Conduct Authority (FCA) recently revealed that malicious attacks targeting financial websites and servers increased fivefold in 2022, with a quarter of all incidents involving distributed denial-of-service (DDoS) attacks. To add fuel to the fire, 81% of cyber leaders in the finance sector have reported a rise in attacks since the start of the Russia-Ukraine war, according to research by Bridewell.

As the finance sector continues to undergo major digital and infrastructure transformation, it is more important than ever for businesses to reconsider their cyber security investments. Organisations should seize the opportunity to adopt a proactive approach to security operations and implement a robust cyber security transformation process, so that they can continue to improve services whilst minimising cost and risk.

Threats facing finance

No other sector is more data-driven, digitised, or more attractive to cyber criminals than the finance sector. As both a vital component of the UK’s critical national infrastructure (CNI) and a treasure trove of sensitive data and financial capital, the industry continues to be targeted by hackers around the world. And these criminals are becoming ever more sophisticated in finding and targeting weak points across the finance community.

For fintechs in particular, the threat landscape is evolving in line with technological advancements, with cyber criminals leveraging insecurities in cloud configurations for easier access to sensitive personal data and valuable corporate intellectual property. For example, ransomware has rapidly evolved from being a malware issue to a highly profitable and nuanced human endeavour.  Different from traditional commodity ransomware attacks, human-operated ransomware (HoR) sees criminals with high levels of offensive security knowledge gaining access to organisations and surveying the environment for extended periods of time, before launching devasting attacks on data and systems.

Even the big players in fintech can fall prey to sophisticated and multi-layered ransomware. In 2020, the world’s third largest financial services software provider, Finastra, was hit by a ransomware attack that caused disruption to its global operations and interrupted services for its 9,000-strong customer base. Fortunately, customer and employee data remained untouched in this instance – but attacks like these can have cascading negative impacts, including a broader loss of consumer confidence.

When escalating geopolitical tensions are added to the mix, the stakes for financial organisations are even higher. Bridewell’s recent survey of cyber leaders in CNI found that over three-quarters (76%) of IT decision makers in the finance sector are worried about the impact of cyber warfare. Following the recent rise in cyber attacks in the wake of the Russian invasion of Ukraine, the need for organisations to collaborate more effectively and mount a proactive response to evolving security risks could not be clearer.

Adjusting cyber strategy

Today, fintech organisations must protect themselves against a diverse and escalating range of threats. As cyber crime rapidly displaces conventional crime in both volume and sophistication, it is important for all business leaders to be able to define and truly understand the specific threats facing their organisation. This understanding should encompass all potential adversaries, motivations, and tactics. By asking themselves some challenging questions, fintechs can gain a crucial head start in defining clear security objectives and adjusting their cyber strategy accordingly.

Traditionally, many senior managers in finance have considered digital transformation and cyber security to be two separate strategies with independent objectives and goals. This approach is fundamentally flawed, as it causes organisations to overlook the security weaknesses and system vulnerabilities that come with rapid technological change. As ever, criminal groups are poised to take advantage of any business that quickly deploys new tools or completes fast upgrades without properly securing systems and defences first.

Instead, cyber and digital security strategies should be thought of as inseparable, enabling organisations to plan and integrate both into their transformation projects from the very beginning. Financial organisations are already making good progress in this area. Bridewell’s research found that, for many cyber leads in finance, the source of greatest pressure to improve cyber maturity came from the business itself and the need to support new technology and digital initiatives. This suggests that organisations are taking steps to ensure they have a strong cyber security strategy that matches their digital transformation strategy.

From reactive to proactive

For financial organisations, the next step towards cyber maturity and resilience involves shifting mindsets from reactive – based on meeting minimum compliance – to proactive. This change of stance is key to staying one step ahead of cyber criminals.

While legislation like the NIS Regulations has undoubtedly helped improve security within finance, it is important that business leaders do not use regulation as a primary driver for cyber security improvements. Nor should they simply build cyber security walls higher and only respond to breaches after they occur. To become truly mature in the face of threats from all angles, fintech organisations should embrace an integrated, well-considered, and proactive strategy centred around intelligence-driven managed detection and response (MDR).

An effective MDR strategy consists of threat intelligence, threat hunting and penetration testing, along with deployment and management of security monitoring and incident response. By blending artificial intelligence (AI), automation, and human analysis, MDR provides enhanced visibility over networks and systems, enabling organisations to detect and prevent both internal and external attacks. This holistic view of cyber security allows organisations to gain full visibility across people, skills, and technologies as well as processes, driving far-reaching improvements to their overall cyber posture.

Transforming securely

Innovation is the lifeblood of any successful fintech, so no organisation should be afraid to transform. The good news is that the jump to cloud and modern technologies needn’t come at the expense of cyber security.

More and more organisations in the finance sector are realising how cyber security can drive both digital transformation and business transformation, rather than holding them back. As such, a golden opportunity exists for fintech’s to align their cyber and digital security strategies from the outset. By ensuring that security is weaved into their DNA, organisations can implement a proactive cyber posture to keep critical services running whilst building a wider culture of security.