Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Finance

Reducing the risk of encrypted communications in Fintech

Published by Uma Rajagopal

Posted on September 16, 2022

Featured image for article about Finance

For highly regulated industries, like finance, protecting sensitive data is not only a foundational requirement of regulation but it must also be prioritised due to the heavy weight of the duty-of-care that organisations have for their customers. Personal financial information is a highly coveted, valuable and ultimately saleable asset for cybercriminals looking to maximise profit, making the industry a prime target. As we’ve seen from past high-profile incidents, and examples of poor network security practices, the reputational damage and financial penalties for organisation found to be breaking data security legislation can be severe – like JPMorgan’s $200M fine for failure to monitor employee data practices.

This affirmative action is evidenced with 62% of the top 1,000 global websites now supporting TLS 1.3, the current best-practice standard that ensures strongly encrypted communications. Apple is also no longer supporting the initial versions of TLS 1.0 and TLS 1.1, now only supporting TLS 1.2 and strongly encouraging the adoption of TLS 1.3.

We are increasingly seeing attackers that breach an organisation’s perimeter are able to hide malicious activity within legitimate encrypted network traffic. This introduces a substantial blind spot for security teams. In the first three quarters of 2021 alone, attacks over encrypted channels increased by 314% from the previous year. These attacks aren’t necessarily cutting edge, but the lack of visibility into encrypted traffic gives intruders much greater freedom to operate on private networks with reduced risk of being caught. So, active decryption and inspection could be the answer. However, significant costs and complexities are created by trying to decrypt vast traffic volumes. What’s more, modern-day encryption protocols use Perfect Forward Secrecy, an encryption style that produces temporary private key exchanges between servers and clients, making generic decryption even harder.