Cyberattacks the biggest barrier to financial innovation
The financial sector has always been a target due to the types of data it collects about its customers. This year, the sector is the favorite playground of financially motivated bad actors, just as it was in 2019. According to Verizon, web application attacks compete with the miscellaneous error pattern for the top cause of most breaches, making employees’ mistakes account for roughly the same number of breaches as external parties.
“Pressure on DevOps teams to produce results quickly might lead to security not getting the attention it deserves,” said Juta Gurinaviciute, chief technology officer at NordVPN Teams. “Leveraging cybersecurity to gain an edge over competitors leaves fintech organizations and their customers open to cyberrisks. But risks can originate from more traditional routes — like phishing emails — and it only takes one person losing concentration to expose the organization to ransomware, data theft, or more.”
The fact that many fintech companies are relatively unsophisticated in protecting their data is both good and bad news. The bad news, is this means financial and customer information is often not secure. The good news, is there are some basic measures fintech companies can implement to prevent future data breaches.
1. Improve cloud security. Adding a cloud data loss prevention (DLP) service can dramatically reduce the risk of data exfiltration, which is the risk of data ending up somewhere it doesn’t belong.
2. Encrypt sensitive data. This safeguards both the end user and corporate environment, ensuring that no one is able to decipher sensitive data traffic.
3. Secure authentication. Secure and precise identification and authentication is vital for fintech software. Role-based access control, password expiration, shorter session lifetimes, and tracking of failed sign-in attempts could help mitigate some of the risks.
4. Multifactor authentication. Multifactor authentication (MFA) across the ecosystem can prevent hackers from moving across the network and gaining additional controls. In more sensitive areas, physical MFA devices and/or biometric authentication is also vital.
5. Security education. Last but not least, although fintech firms are digital natives, one should not assume they do not need digital security training. Security education sets the team for success and should be the backbone of any security strategy.
It’s important for fintech companies to participate in developing risk assessments and frameworks for improving cybersecurity. Industry groups such as the Center for Internet Security can offer assistance and resources to growing fintech companies. Mastercard works with other financial companies through the Financial Services Information Sharing and Analysis Center (FSISAC). And the World Economic Forum’s FinTech Cybersecurity Consortium continues to provide research findings for this sector.