Cyberattacks the biggest barrier to financial innovation
Verizon’s analysis of more than 32,000 security incidents and 3,950 breaches has revealed that the financial sector ranks fourth among all sectors in security incidents (1,509 incidents), and seventh in data breaches (448 breaches).
In addition, these financial organizations suffer the third highest average cost per breach at $5.85 million, which is nearly $2 million more than the global average for all industries, according to Ponemon and IBM 2020 Cost of a Data Breach Report.
Fintech security challenges
The financial sector has always been a target due to the types of data it collects about its customers. This year, the sector is the favorite playground of financially motivated bad actors, just as it was in 2019.
According to Verizon, web application attacks compete with the miscellaneous error pattern for the top cause of most breaches, making employees’ mistakes account for roughly the same number of breaches as external parties.
“Pressure on DevOps teams to produce results quickly might lead to security not getting the attention it deserves. Leveraging cybersecurity to gain an edge over competitors leaves fintech organizations and their customers open to cyber risks.
But risks can originate from more traditional routes — like phishing emails — and it only takes one person losing concentration to expose the organization to ransomware, data theft, or more,” says Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams.
Hackers could target investment apps, online financial data processing systems, and cryptocurrencies, along with providing paid access to banks’ infrastructures and developing new strains of mobile banking malware based on a leaked source code.
“The most common threats fintech companies face are phishing attacks and data breaches, as well as cloud and application security breaches,” Gurinaviciute adds.
COVID-19 has increased the risk
According to a new report by the World Bank and the Cambridge Centre for Alternative Finance (CCAF), almost four in every five regulators count cyber threats among the top three risks that have increased during the pandemic.
The same report reveals that, over the course of the pandemic, fintech providers have seen a 15% increase in cybersecurity threats. However, only 29% of them say they have taken any action so far, as more needs to be done to consolidate frameworks and update the policy in this area.
With the COVID-19 crisis accelerating the need to become digital-first, financial services firms have been impacted in two fundamental ways. From a network perspective, organizations have had to act quickly to solve issues associated with network redirection and outrage caused by the mass move to remote working.
At the same time, they have also been tested to mitigate elevated threats, such as credential stuffing, account hacking, and fraudulent emails.
According to NordVPN Teams expert, “no industry is immune to cyber threats, but for financial services organizations the risk has always been significantly higher.
Fintech companies are perfectly aware that they’re prime targets for cyberattacks and are usually more secure than digital services in other industries.
However, the very nature of fintech companies involves them holding massive amounts of highly sensitive data. Therefore, even the smallest risk, if not taken seriously, could have devastating consequences.”
Fintech data protection
The fact that many fintech companies are relatively unsophisticated in protecting their data is both good and bad news. The bad news is this means financial and customer information is often not secure. The good news is there are some basic measures a fintech company can implement to prevent future data breaches.
It’s important for fintech companies to participate in developing risk assessments and frameworks for improving cybersecurity. Industry groups such as the Center for Internet Security can offer assistance and resources to growing fintech companies.
Mastercard works with other financial companies through the Financial Services Information Sharing and Analysis Center (FSISAC). And the World Economic Forum’s FinTech Cybersecurity Consortium continues to provide research findings for this sector.