Technology
Why outsourcing is a great option to help fintechs overcome their cybersecurity challenges
By Mark Nicholls, CTO at Redscan, A Kroll Business
In the last decade, financial services giants have lost ground to start-ups with digital and cloud-first business models. The Bank of England estimates that billions of pounds are invested into fintechs ever year, and that more than a third of the globe’s digitally active population regularly use fintech services.
Unfortunately for them, fintechs are not only garnering positive attention from consumers, but also catching the eye of cybercriminals. The volume and value of data, as well as the intellectual property (IP), held by fintechs has made them an extremely attractive target for criminals.
Since the reputational impact of a data breach in this competitive sector can be so costly, hardening defences must be a top priority for all fintechs. For many, this will mean outsourcing sections of their security to a specialist provider of managed services.
The challenges
There are several common cyber security challenges within fintechs. Some are widely accepted as part of being a rapid growth company, others are specific to the nature of fintechs. However, they all need to be recognised and addressed:
- Fast product development leaves gaps in security: In a crowded market, being first to market can be vital to success. As such, fintech product development is often extremely fast, especially when creating applications, platforms and portals. Despite using the latest cutting-edge technologies in their development methodologies, security misconfigurations are common, and vulnerabilities often slip through gaps whilst speed is prioritised.
- Rapid growth in data and infrastructure can become unmanageable: Many fintechs can appear to go mainstream almost overnight, gaining huge traction with consumers very quickly. With the rapid onboarding of customers, high-growth fintechs suddenly have a massively expanded footprint and are faced with the task of protecting more data and assets. As a result, the attack surface that cybercriminals are able to target also grows.
- Slow hiring processes leave skills gaps: Amid all this fast growth and development, fintechs must recruit, but the hiring process can be slow, and budget simply might not extend to recruiting large teams of dedicated security professionals, particularly in the early phases of growth. This often leaves fintechs with skills gaps in their cybersecurity function as the customer onboarding outstrips the speed at which they can recruit security pros.
- Compliance: FCA, PRS, PSD2, GDPR, PCI, DSS – more than just acronyms, but vital legislations and standards to protect assets and data. Companies, both large and small, have the same compliance challenges, but fintechs often have to navigate this minefield without the resources and knowledge that more established players have.
- Detecting and responding to threats: Unifying visibility over a huge range of infrastructure can be very difficult for fintechs as they grow, meaning that breaches may go unnoticed, especially if they don’t have the resources or staff to carry out 24/7 monitoring. Even if monitoring is in place, the large volume of security alerts that are generated can lead to alert fatigue, in which case many threats can simply slip through the net.
Why outsourcing is the answer
Fintechs must overcome all these hurdles to remain safe and compliant but doing so can be overwhelming. This is why outsourcing some security functions can be beneficial.
Bringing in a trusted third party can really help to ease the cybersecurity burden on fintechs, particularly for the fastest-growing companies. Of course, each security provider has its own area of expertise, so choosing one based on your own individual needs is important. Good providers will have the field experience, technical knowledge, 24/7 support capabilities, and tools that can be onboarded much faster than new hires. They will also have a better awareness of the security landscape and the latest threats affecting financial companies, as they have oversight across multiple organisations and the ability to apply actions at scale to numerous customers when they spot suspicious activity.
A fintech may have very little expertise in detection and response to security threats – which is crucial, since a faster response invariably results in less damage. Many young fintechs would be advised to outsource this function as they focus their resources on growing their business. They then might need help penetration testing their app and platform against the latest security threats before taking it to market. As it matures, a fintech will require more proactive threat hunting and a thorough evaluation of their systems, or perhaps some guidance on the latest compliance updates. A good cyber security service provider should be able to deliver all of these services, and truly partner with a fintech to become an extension of the in-house security team.
Although fintechs are often considered to have a leg up on more traditional financial institutions on issues like cybersecurity, there are still plenty of challenges for fintechs to overcome. In my experience, bringing in a trusted third party in the most urgent areas to supplement their own cybersecurity team can really help fintechs to alleviate some of the security pressures they face.
-
Top Stories4 days ago
Australia’s ANZ Group to settle credit cards class action for $37.4 million
-
Top Stories4 days ago
Analysis-Spain’s battle of the banks as BBVA narrows gap to Santander
-
Top Stories3 days ago
Talgo’s top shareholder in talks with Stadler over takeover bid, report says
-
Top Stories3 days ago
Google, Apple breakups on the agenda as global regulators target tech