Amid rising inflation and interest rates, and the growing number of cyber threats, businesses are constantly evolving in order to be resilient. This month, The Fintech Times is highlighting how businesses are showing this resilience against a myriad of factors – some within, and some beyond, their control.
Having explored various facets of working from home and the increasing role of generative AI in the workplace, The Fintech Times now turns its attention to another important topic for business resilience: fintech cybersecurity.
To gain a better understanding of what the cybersecurity scene currently looks like, we reached out to the experts to ask them what are the biggest fintech cybersecurity trends they have seen so far in 2023.
“Faced with a rising tide of attacks and threats”
Antanas Kedys, CISO of payments solution provider Nexpay, explains how the fintech sector has had to adapt to the seemingly ever-growing number of threats: “The escalating threat landscape worldwide underscores the growing significance of cybersecurity each passing year, particularly in technology-driven sectors like fintech.
“Faced with a rising tide of attacks and threats, coupled with more stringent demands for compliance with cybersecurity laws and regulations, the fintech sector is intensifying its focus on such security measures as third-party security. This includes risk assessments and compliance tests.
“Concurrently, there’s an emerging trend toward enhancing the efficiency and quality of incident responses. Given the increasing frequency of attacks and incidents, it necessitates the adoption of sophisticated tools such as Extended Detection and Response (XDR) to swiftly counter any active threats.
“The upcoming year of 2024 and beyond present numerous challenges as threat incidents such as ransomware and supply-chain attacks proliferate, and threat actors grow increasingly sophisticated. The need to innovate, stay ahead, and effectively guard against evolving threats poses a significant challenge. Moreover, ensuring compliance is a pressing concern as new standards, including the Digital Operational Resilience Act (DORA), are introduced.
“These standards exert additional pressure on fintech firms, requiring them to adhere to broader and stricter rules, incorporating a range of organisational, technical, and operational measures. This necessitates fintech companies to implement robust countermeasures and calls for cybersecurity firms to offer comprehensive solutions.”
Prevalence of ransomware and malware-related attacks
Daniel Wood, chief information security officer at New York-based enterprise software company Unqork, also offers his take on the biggest security trends in 2023: “Beyond the concern surrounding generative AI and data leakage, other trends in cybersecurity that continue to impact fintech (and most other industries) include ransomware and other malware-related attacks, unauthorised third and fourth-party access to systems and data, software supply chain risks, and complex systems and platforms leveraging cloud computing services.
“Other concerns include business resiliency concerning data integrity, business continuity and disaster recovery; especially as it relates to legacy and unpatched financial systems with poor built-in and granular role-based access controls and a secure software environment.”
“Fintechs must invest in R&D, collaborations, and stay abreast of emerging trends”
Michele Tucci, chief strategy officer and MD Americas of B2B SaaS fintech Credolab, said: “Generative AI, as well as machine learning (ML) and Large Language Models (LLM), have revolutionised fintech, transforming customer services, reinforcing financial data analysis and fraud detection.
“With vast volumes of data handled by financial organisations, data protection is paramount. Notable trends in 2023 include increasing ransomware, cloud-based, phishing, and insider threats. Future challenges involve accelerated AI and ML adoption, quantum computing, complex fintech systems, open-source software, and more third-party vendors.
“To address these challenges, fintechs must invest in R&D, collaborations, and stay abreast of emerging trends. One such trend is behavioural insights gleaned from AI and ML-driven technologies during customer interactions on web pages and mobile applications. This data provides valuable information, including user device features, typing patterns, and session duration, enabling institutions to bolster fraud detection and reduce risk-associated costs. Importantly, this approach ensures the complete anonymisation of data, safeguarding personal information.
“Compliance management software streamlines risk assessment, policy management, and training, improving efficiency. Security information and event management (SIEM) solutions collect and analyse security logs from diverse systems, facilitating quicker threat identification and response. Threat intelligence platforms offer real-time insights from various sources, keeping fintechs informed about the latest threats. Incorporating Data Loss Prevention (DLP) and fraud detection solutions with AI and ML techniques safeguards sensitive data and prevents fraudulent transactions.
“Embracing these technologies enables fintechs to not only reduce cyberattack risks but also enhance efficiency, visibility into compliance and security, and ultimately reduce costs, reinforcing trust and resilience in the evolving financial landscape.”
Doing more with less
Sam Crowther, founder and CEO of Kasada, the provider of real-time protection against automated attacks, explained: “With current economic pressures, companies are hyper-focused on driving revenue and keeping costs down.
“Fintech companies are being asked to do more with less, while still mitigating risks like online fraud caused by bots. From a security perspective, the challenge is striking the right balance between fraud and friction.
“Some think that visible security validations, like CAPTCHAs, provide comfort to consumers. However, CAPTCHAs create friction, hinder conversions, and provide a poor user experience. Additionally, AI-based told can easily bypass CAPTCHAs.
“Fintech companies are choosing security strategies that optimise the user experience. Collecting more data signals, for example, can help companies make informed decisions without impacting the user experience. As do invisible challenges that serve as a modern, effective alternative to traditional CAPTCHA methods.”
