Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

The rising challenge for fintech – how to manage cyber attacks

by wrich
Editorial & Advertiser disclosure

Gavin Knapp, Cyber Defence Technical Lead at Bridewell 

The finance and fintech industry has always been a prime target for cyber criminals but in recent times attacks have escalated. The sophisticated use of artificial intelligence by hackers, the growth of digital payments and the weaknesses in new homeworking practices are just some of the reasons why cyber criminals are increasingly targeting the sector. While financial gain is the main motive, cyber attackers also seek to achieve credibility and status by acquiring high profile data. There is also increased likelihood that the finance sector may be targeted because of the UK’s backing of Ukraine in the conflict with Russia. 

This exponential rise is illustrated by the recent survey from the Financial Conduct Authority (FCA) that revealed malicious attacks targeting financial websites and servers increased fivefold in 2022. A quarter of all incidents involved distributed denial-of-service (DDoS) attacks. Furthermore, Bridewell’s own research showed that 81% of cyber leaders in the finance sector have reported a rise in attacks since the start of the Russia-Ukraine war. 

Whilst the finance industry is not alone in seeing an increase, no other sector is more data-driven, digitised, or more attractive for cyber attacks. Rising rates of cyber crime mean rising costs for financial organisations as they reimburse defrauded customers. More than just money, cyber attacks erode customer confidence and breach required compliance standards. 

Organisations urgently need to shift to a modern defensive mindset to address the tactics, techniques, and procedures being used by 2022 cyber criminals and to develop proactive, intelligence led approaches to security operations that involve thinking like the adversary to test defences in a realistic manner, and to hunt for evil in their networks.

Cyber crime is a risk no fintech organisation can avoid 

Any fintech organisation can fall victim to cyber criminals whether this is ransomware related groups or groups associated with business email compromise and targeting phishing, recently we have seen other groups such as Lapsus$ compromising huge companies such as Uber for nothing more than the kudos and notoriety that comes with a high profile hack. In 2020, the world’s third largest financial services software provider, Finastra, was hit by a ransomware attack that caused disruption to its global operations and interrupted services for its 9,000-strong customer base. More recently, Revolut, the app-based bank, fell prey to a ‘highly targeted’ cyber attack. Whilst no funds were accessed or stolen, this phishing crime compromised the data of thousands of Revolut’s customers.

For fintech’s, the threat landscape is evolving in line with technological advancements, with cyber criminals leveraging insecurities in cloud configurations. For example, ransomware has rapidly evolved from being a simple malware issue requiring user interaction to a highly profitable and nuanced human endeavour.  Human-operated ransomware (HoR) sees criminals infiltrate an organisation’s on-premises or cloud IT infrastructure through a variety of methods, before moving laterally, harvesting credentials to elevate their privileges, exfiltrating data, and deploying ransomware to encrypt critical data. HoR has become a growing threat and a huge risk to financial organisations.

Russia’s invasion of Ukraine is also raising cyber risks worldwide. Even though these geopolitical tensions haven’t yet gone beyond Ukraine’s borders, major cyber attacks that could affect US and European systems are a growing possibility. We have already seen that pro-Russian hacktivist groups such as Killnet and Anonymous Russia have performed targeted DDoS attacks against US critical infrastructure included airports and financial services organisations. Bridewell’s recent survey of cyber leaders in CNI found that over three-quarters (76%) of IT decision makers in the finance sector are worried about the impact of cyber warfare. The need for organisations to collaborate more effectively and mount a proactive response to evolving security risks could not be more vital.

Changing the perspective on cyber security 

As the finance sector continues to undergo major digital and infrastructure transformation, it is more important than ever for businesses to reconsider their cyber security investments. Traditionally, senior leaders in finance have considered digital transformation and cyber security to be two separate strategies with independent objectives and goals. This approach is fundamentally flawed. 

When companies invest in advanced technologies, but don’t understand how best to use them, they can create significant inefficiencies and compromise cyber security. As companies explore the latest technologies, they must also establish and maintain good security protocols and practices to supplement them. Cyber and digital strategies should be inseparable. 

Financial organisations are making good progress in this area. Bridewell’s research found that, for many cyber leads in finance, the source of greatest pressure to improve cyber maturity came from the business itself and the need to support new technology and digital initiatives. It indicates that organisations are working to ensure they have a strong cyber security strategy that matches their digital transformation aspirations. 

An answer to the cyber security crisis

With a growing number of assets to monitor and manage, alongside the complexity and sophistication of cyber-attacks and the high number of incidents, preventative security is no longer an effective way of defending against cyber crime. A successful cyber security strategy must now include proactive network monitoring. Fintech organisations should embrace an integrated, well-considered, and proactive strategy centred around intelligence-driven managed detection and response (MDR).

Drawing on the power of cloud technology, MDR looks out for the symptoms of embedded vulnerabilities, rather than relying on set virus definitions. It combines technology and human expertise to perform threat hunting, monitoring, and response. Not limited to greater detection and response capabilities, an effective MDR strategy also provides proactive defence intelligence and insight of advanced threats, reducing the burden on overwhelmed security teams. Even better, it can also help an organisation improve the return on investment of the cyber security tools they already have and manage the sheer volume of cyber security alerts. 

Achieving resilience against cyber threats 

As cyber crime quickly supersedes conventional crime, the finance and fintech industry must protect itself against a diverse and escalating range of threats. They need to be able to define and truly understand the specific security risks facing their organisation and adjust their cyber strategy accordingly. Traditional approaches to security testing have become outdated. The types of vulnerabilities have evolved, and the way software is developed and delivered has changed. 

Innovation transforms how business is conducted, but as technology advances, so does the realm for cyber crime. More and more organisations in the finance sector are realising how cyber security can drive both digital transformation and business transformation. With its agility and reliability, emerging cloud-based technologies have helped to innovate security in a way that will frustrate hackers for years to come. 

Now is the golden opportunity for the finance sector to align their cyber and digital strategies and embrace a proactive security approach to safeguard their assets, their reputation and their future.

You may also like