Overcoming cybersecurity challenges in the evolving fintech landscape

Of Gavin Knapp, Technical manager for cyber defense at Bridewell

The financial sector is a lucrative target for cybercriminals. Attacking fintech organizations offers a range of opportunities for profit through theft, fraud and extortion, while nation-state-backed groups increasingly target the sector for political and ideological influence.

As such, the heat is on for businesses. The Financial Conduct Authority (FCA) recently revealed that malicious attacks targeting financial websites and servers increased fivefold in 2022, with a quarter of all incidents involving distributed denial-of-service (DDoS) attacks. To add fuel to the fire, 81% of financial sector cyber executives have reported an increase in attacks since the start of the Russia-Ukraine war, according to Bridewell research.

As the financial sector continues to undergo major digital and infrastructure transformations, it is more important than ever for businesses to reassess their cybersecurity investments. Organizations should seize the opportunity to adopt a proactive approach to security operations and implement a robust cybersecurity transformation process so they can continue to improve services while minimizing cost and risk.

Threats to finance

No other sector is more data-driven, digitized or more attractive to cybercriminals than the financial sector. As both a vital component of the UK’s Critical National Infrastructure (CNI) and a treasure trove of sensitive data and financial capital, the industry continues to be targeted by hackers worldwide. And these criminals are becoming increasingly sophisticated when it comes to finding and targeting weak points in the financial environment.

For fintechs in particular, the threat landscape is evolving in step with technological advances, with cybercriminals exploiting insecurities in cloud configurations for easier access to sensitive personal data and valuable corporate intellectual property. For example, ransomware has rapidly evolved from being a malware problem to a highly profitable and nuanced human endeavour. Different from traditional commodity ransomware attacks, human-operated ransomware (HoR) sees criminals with high levels of offensive security knowledge gain access to organizations and survey the environment for extended periods of time, before launching devastating attacks on data and systems.

Even the big players in fintech can fall victim to sophisticated, multi-layered ransomware. In 2020, the world’s third largest financial services software provider, Finastra, was hit by a ransomware attack that caused disruption to its global business and disrupted services to its 9,000-strong customer base. Fortunately, customer and employee data remained untouched in this case – but attacks like these can have far-reaching negative consequences, including a wider loss of consumer trust.

When escalating geopolitical tensions are added to the mix, the stakes for financial organizations are even higher. Bridewell’s recent survey of CNI cyber leaders found that over three-quarters (76%) of IT decision makers in the financial sector are concerned about the impact of cyber warfare. Following the recent increase in cyber attacks in the wake of the Russian invasion of Ukraine, the need for organizations to collaborate more effectively and initiate a proactive response to evolving security risks could not be clearer.

Adjusting cyber strategy

Today, fintech organizations must protect themselves against a diverse and escalating range of threats. As cybercrime is rapidly displacing conventional crime in both volume and sophistication, it is important for all business leaders to be able to define and truly understand the specific threats facing their organization. This understanding should include all potential adversaries, motivations and tactics. By asking themselves some challenging questions, fintechs can gain a decisive edge in defining clear security goals and adjusting their cyber strategy accordingly.

Traditionally, many senior finance leaders have considered digital transformation and cybersecurity as two separate strategies with independent goals and objectives. This approach is fundamentally flawed, as it causes organizations to overlook the security and system vulnerabilities that accompany rapid technological change. As always, criminal groups are ready to take advantage of any business that quickly deploys new tools or completes rapid upgrades without securing systems and defenses first.

Instead, cyber and digital security strategies should be considered inseparable, allowing organizations to plan and integrate both into their transformation projects from the very beginning. Financial organizations are already making good progress in this area. Bridewell’s research found that the source of the greatest pressure to improve cyber maturity for many online customers in finance came from the business itself and the need to support new technology and digital initiatives. This suggests that organizations are taking steps to ensure they have a strong cyber security strategy that aligns with their digital transformation strategy.

From reactive to proactive

For financial organizations, the next step towards cyber maturity and resilience involves shifting mindsets from reactive – based on meeting minimum requirements – to proactive. This change in attitude is the key to staying one step ahead of cybercriminals.

While legislation such as the NIS regulation has undoubtedly helped to improve security in finance, it is important that business leaders do not use regulation as a primary driver for cyber security improvements. Nor should they simply build cyber security walls higher and only react to breaches after they have occurred. To become truly mature in the face of threats from all angles, fintech organizations should embrace an integrated, deliberate and proactive strategy centered around intelligence-driven managed detection and response (MDR).

An effective MDR strategy consists of threat intelligence, threat hunting and penetration testing, along with the deployment and management of security monitoring and incident response. By blending artificial intelligence (AI), automation and human analytics, MDR provides increased visibility across networks and systems, enabling organizations to detect and prevent both internal and external attacks. This holistic view of cybersecurity allows organizations to gain full visibility across people, skills and technologies as well as processes, leading to far-reaching improvements in their overall cyber posture.

Transforms safely

Innovation is the lifeblood of any successful fintech, so no organization should be afraid to transform. The good news is that the jump to the cloud and modern technologies doesn’t have to come at the expense of cybersecurity.

More and more financial sector organizations are realizing how cyber security can drive both digital and business transformation, rather than holding them back. As such, a golden opportunity exists for fintechs to align their cyber and digital security strategies from the start. By ensuring that security is woven into their DNA, organizations can implement a proactive cyber posture to keep critical services running while building a broader security culture.