How fintech organisations can improve cyber resilience

By Jon McGettigan, regional director Australia, New Zealand & the Pacific Islands, Fortinet

Australia has one of the fastest growing fintech sectors in the world. It’s transforming traditional ways of paying and borrowing money with cashless payments, virtual currencies, and buy now pay later services. The sector has experienced significant growth in recent years due to the COVID-19 pandemic as well as the rising popularity of cryptocurrency and stock trading.

However, this rapid growth has also made it a prime target for cybercriminals who are launching more attacks on fintech organisations without effective cybersecurity measures in place. According to the Office of the Australian Information Commissioner’s (OAIC) Notifiable Data Breaches Report for July to December 2021, the finance sector experienced 12 per cent of all notifiable breaches.

Because many fintech organisations rely on cloud-based platforms for financial services, such as internet banking and digital wallet applications, it provides the perfect opportunity for cybercriminals to access sensitive data, especially on platforms that don’t offer secure encryption or authentication.

Some of the key risks facing fintech organisations are:

• An expanding threat landscape: the threat landscape is constantly changing and expanding the potential attack surface cybercriminals can exploit. Digital financial services and mobile banking have played a major role behind the attack surface expansion and increased the risk of ransomware, phishing, and spyware attacks. Fintech companies must adapt to the changing threat landscape by building a strong cyber resilience strategy that lets them prepare, prevent, respond, and swiftly recover in the event of a cyberattack.

• A new threat of highly skilled, well-funded adversaries: skilled adversaries are typically well-funded, experienced teams of cybercriminals that use sophisticated techniques to infiltrate high value organisations. These adversaries conduct thorough research to identify vulnerabilities within an organisation’s cybersecurity system. To combat advanced adversary tactics, fintech companies must implement the right network security architecture or risk significant operational and reputational damage.

• Rising amounts of data and increasing costs of cybercrime: fintech companies hold large amounts of highly sensitive data, which means their security needs to be at the highest level possible. When a fintech company is caught up in a cyberattack, it only makes sense that the costs associated are significant. According to a recent global report, the average cost of a data breach has increased 2.6 per cent, from US$4.24 million in 2021 to US$4.35 million in 2022. To reduce the cost of a data breach, fintech companies must develop cyber risk strategies that take preventative action to reduce risks and their associated costs.

• Data breaches caused by poor hygiene: underpinned by the growing popularity of cryptocurrencies and cashless payment, the opportunity for cybercriminals to commit a data breach is greater than ever. Poor cyber hygiene is one of the leading causes of data breaches which can result in financial loss, operational downtime, and damage to reputation. To keep sensitive data out of the reach of cybercriminals, fintech companies must practice a layered cyber hygiene approach. This type of approach builds multiple layers of protection throughout the IT environment and meets regulatory requirements for data protection and data privacy.

• External COVID-19 disruptions: despite the rapid growth of the fintech sector during COVID-19, there has been a substantial increase in phishing, suspicious scanning, and malicious activity. In fact, regulators have identified cybersecurity as the main risk to the fintech sector in the wake of the pandemic. Cyberattacks are more likely to impact fintech startups without a unified strategy against cyber threats compared to well-established fintech companies that adequately invest in strong cybersecurity frameworks to become cyber resilient.

The increasing threat of cyberattacks on fintech organisations is driving a major focus on cybersecurity and the steps needed to reduce risk. While most industry leaders understand the importance of mitigating those risks, it’s possible that they are inadvertently creating further risk by taking a piecemeal approach to cybersecurity.

Investing in the right security fabric will let fintech organisations monitor, detect, and remediate threats from a single pane of glass. Choosing a security fabric approach to cybersecurity can reduce complexity and significantly improve cyber resilience. Furthermore, a security fabric solution unifies security technologies across the digital network into one integrated security system, eliminating security gaps and increasing response times to attacks and breaches.