This year has been hit hard by cyber-attacks, with many major companies experiencing compromission by hackers, such as
Microsoft’s Exchange Server, and
Australia’s Nine Network, which was taken off air. Most recently, a hacker stole $600m in
cryptocurrencies from a blockchain finance platform in what could be the biggest hack ever, and T-Mobile in the US faced a data breach (the latest in a series of 4 since 2015) affecting data of more than
50 million customers.
Unfortunately, cybercrime is not set to slow down any time soon. In fact, it is estimated to grow by
15% year on year for the next five years, reaching $6 trillion this year, costing more than
all natural disasters,
climate change and
all military spending. To further exemplify, the money taken by criminals, spent on deterring them or lost in the wake of attacks could
end world hunger nearly twenty times over.
FinTechs are at risk
The finance industry is particularly at risk from cybercrime despite typically spending more than
10% of budgets on cybersecurity. This is due to the types of information that could be breached and the resulting financial impact; on
average, individual attacks cost $18.3 million, and 70% of companies report a security incident. It is also likely that this figure would be even higher if there was more technology and expertise deployed to recognise attacks.
FinTechs tend to be smaller and less established than other players in the finance industry, so they typically have fewer experts in this field and a smaller budget for cybersecurity. Any vulnerabilities in a challenger bank’s mobile app or an unencrypted
transfer of customer data, for example, will invite hackers to take PIN numbers and CVVs with impunity.
Considering the scope of these challenges and the radical changes needed to rise to meet them, what can be done?
Cybersecurity from day one
We’ve all seen how rapidly technology is evolving, but without proper education and implementation, instances of cyber-attacks will simply continue to soar.
Proper training for all staff members is critical - IBM reported that
95% of breaches were attributable to human error, for example, from developers leaving security vulnerabilities in their code, or employees clicking a phishing link in an email – but the buck doesn’t stop there. Companies must develop a holistic approach,
integrating cybersecurity into every part of the company, and that’s where the role of cybersecurity professionals come in. Not only should FinTechs consider employing security professionals from day one, the role must be elevated in importance rankings, with
Chief Security Officers being as vital as CFOs or COOs.
Alongside employing the right personnel, adequate systems must be in place to both prevent and handle the fallout from cyber-attacks. For example, social engineering is often the first step towards a costly data breach, and beyond training employees on how
to identify cybercrime, it is also crucial for IT teams to define who has control of the credentials to access that data, by implementing security from the ground up. Passwords are no longer enough in a world of increasingly sophisticated attack vectors, distributed
work and service delivery models.
Harnessing cloud-based Payment Hardware Security Modules
Hardware security tools such as Payment Hardware Security Modules are a valuable asset to invest in as they are designed specifically for the card payments sector and provide optimised performance for processing and encrypting sensitive data. The use of
a Payment Hardware Security Modules in the financial services industry is also mandated by PCI Security Requirements and are a fundamental requirement to become PCI PIN compliant. If customer data is encrypted, then they will be useless to cyber-attackers.
However, smaller FinTechs may not have the budget available to adopt such resources into their security systems.
Instead, using a fully managed service allows companies to convert capex to opex while deploying best-in-class security technology. This will free up resources that can be allocated to focus on the core business, while external experts shoulder the responsibility
of the security, compliance, and management of the payment infrastructure.
Of course, financial organisations of any size are never fully exempt from cyber-attacks. However, implementing a holistic approach to cybersecurity that pairs best-in-class security solutions with employee training and awareness is the best defence to mitigate