Fintechs could be risking everything from a lack of simple cyber strategy

Even businesses that you’d think would have a good cybersecurity strategy in place to mitigate any security issues or data breaches can still fall foul to risks and attackers. That is the stark warning from ImmuniWeb‘s COO, Ekaterina Khrustaleva. Businesses including banks, as well as other financial institutions and organisations. Ekaterina shares with Fintech Review her thoughts on the best cyber strategies for fintech companies. Here is some specific advice on how to avoid any potential cyber issues… Thanks to having a cyber strategy in place from Day One.

Organizations increasingly rely on their online networks to conduct business. As a consequence, implementing a robust cybersecurity program is more important than ever. The lack of an effective cybersecurity strategy against hackers and other cyber threats could lead to harsh consequences for a business. Such as loosing profits, customers, employees, reputation and ability to recover from a cybersecurity incident.

Enough cybersecurity protection

In the banking and financial sector, cyber security is of the utmost importance. Even then, organizations fail to ensure that they are sufficiently protected against a cyber-attack. In a recent e-fraud case hackers managed to remotely steal millions from one of the Indian banks. They did so through phishing emails that delivered a Remote Access Trojan (RAT). The investigation into the incident found that the financial institution did not protect itself. It had no proper network infrastructure and lacked many basic security controls. Furthermore, it took no measures to isolate head office applications from its branches and failed to implement a security awareness training program. Las but not least, it did not have a valid license for its firewall at the time of the intrusion.

According to a survey by Accenture, many financial services firms believe that they have adequate cybersecurity capabilities. Some 78% of large enterprise security executives surveyed expressed confidence in their cybersecurity strategies and 76% believing they have actually embedded effective cybersecurity into their cultures.

At the same time, the report shows that a typical financial services organization will face an average of 85 targeted breach attempts every year. More worryingly, a third (33%) of which will be successful. 59% banks admitted it took them several months to detect breaches that occurred, whilst 48% of respondents cited internal breaches as having the greatest cybersecurity impact. Also, some 52% expressed a lack of confidence in their organization’s ability to detect a breach via internal monitoring.

Give me the money

Another alarming fact is that a staggering number of financial institutions (74%) experienced one or two ransomware attacks in the past year, and 63% of those victims paid the ransom. It was also found that 63% of financial institutions experienced an increase in destructive attacks, up 17% from a year ago.

More worryingly, organizations are struggling with the range and sophistication of cybersecurity threats and the accelerating pace of technological change. 61% respondents admitted they are only “fairly confident” in their organization’s ability to manage cybersecurity threats. In addition, 40% of those interviewed believe that their current cyber strategy will be outdated within two years. While 37% expect it to be irrelevant within three years.

Furthermore, almost 85% respondents admitted they struggle with detecting or identifying the occurrence of a cybersecurity event or threat and the same proportion (85%) struggle with third parties failing to disclose breaches in a timely manner.

It is not only the financial sector that is facing significant cybersecurity risks. Critical infrastructure as well, such as modern airports, as they are dependant on technologies and equally vulnerable to cyber-attacks. A research into the current state of aviation transportation security revealed that 97 out of 100 of the world’s largest airports have security risks. That is related to vulnerable web and mobile applications, misconfigured public cloud, Dark Web exposure or code repositories leaks.

According to research findings, 97% of the websites analyzed contained outdated web software, 24% of sites contained known and exploited flaws, and 24% of websites had no SSL encryption or used obsolete SSLv3. Furthermore, 66% of the airports were found to be exposed on the Dark Web, 87% of the airports had data leaks on public code repositories, and 3% failed to protect sensitive data.

Bad guys are getting smarter

As the tech world is ever changing and evolving, malicious actors are adapting. They are continuing to develop new attack methods, tools and techniques, which would allow them to penetrate a company’s security measures. Therefore, organizations should keep an eye on modern technologies and cybersecurity solutions that offer protection against cyber security threats. The effective way to prevent from cyber security threats is Attack Surface Management. This includes asset discovery, security ratings, and dark web and continuous security monitoring.

As in the previous years, cybersecurity will remain a top priority among businesses. Some of the biggest cyber challenges companies and other organizations are set to face in 2022 include a surge in ransomware and software supply chain attacks, attacks targeting known and zero-day vulnerabilities, cloud infrastructure and technologies like Java, Adobe Flash, and WebLogic, as well as nation-state attacks, staff and skills shortage.

A cybersecurity policy establishes a set of rules designed to protect an organization’s network from malicious activity. It outlines technology and information assets that must be protected, threats to those assets, rules and controls to ensure that those assets and a company’s business are sufficiently protected against damage. An efficient cyber incident response plan is a critical component of a cybersecurity policy.

Coherent cybersecurity strategy

One of the biggest problems is the overall lack of coherent cybersecurity strategy. Many companies chaotically invest in various emerging technologies. That is only jumping from one problem to another without any measurable processes or rationale behind. Worse, many large companies do not properly map the risks and threats to solutions and remediation. They end up spending instead on irrelevant or even useless products. Machine Learning and AI can significantly reduce the human time required for various tasks. Which in turn can free up valuable human time for more complicated tasks. However, if there is no well-defined strategy, policies, processes and procedures behind it then no AI will ever help.

Organizations should invest into cybersecurity baselines and implement a consistent information security strategy. Otherwise, even technically unsophisticated attacks will continue their surge.