Cyber-attacks: How to protect your financial data

Jul 28, 2016 posted by Brian Bokanyi under Technology

Cybersecurity Finance (1).png

Strong passwords, data encryption, two-factor authentication, creating air gaps, and a sound cybersecurity strategy is essential to ward off cybercrime threats and protect your financial accounts.

Evolution of Fintech

Financial technology, popularly known as FinTech,is applied to innovative methods of transacting businesses, right from inventing currency and coins to the principles of accounting and bookkeeping.

The mobile revolution has resulted in an explosive growth of FinTech through application of software technology in back-end operations and trading activities. Presently, the term describes a wide range of technological interventions in the field of commercial and personal finance.Evolution of Fintech_Kellton Tech.png

New Technologies in Fintech

Earlier, individuals and enterprises used the invisible hand strategy for financial decisions. But, modern technologies such as machine learning, predictive analytics, and big data will you arrive at wise business decisions.

Learning apps will understand user habits and also engage users through gamification in order to control unconscious spending and improve saving habits. Back-end support will also be enhanced; big data analytics will help your clients to make better, informed investment decisions. In addition, it creates new opportunities of financial innovation.

Who uses Fintech?

Broadly, Fintech users can be classified into four categories: B2B users for banks, B2B users for business clients, B2C users for small enterprises, and end-customers. Ever-changing trends in mobile banking, huge data streams, accurate data analytics, and decentralized user access will result in efficient communication among these user groups. 

Top Cybersecurity Threats for Fintech

  • Loss of financial data: Financial data breaches are on the rise due to lack of data encryption for sensitive data. Hackers can use the unencrypted data immediately.
    Solution: Use data encryption methods for customer’s account numbers, personal details, and other sensitive data. When data is not it use, encrypt it. This method is best to greatly reduce the costs of recovering lost data.
  • New opportunities for hackers: IoT and cloud computing has given new opportunities to hackers and cybercriminals. CCTV cameras installed in a bank can be converted into a botnet to steal the bank’s sensitive data.
    Solution: Banks and financial institutions need to adopt a holistic cybersecurity approach. Inspect for any suspicious activity on the institution’s network, identify symptoms, and then devise a careful approach to address each of the symptoms strategically.
  • Foreign-Sponsored Hacks: Several cyberattacks are sponsored by foreign governments. Enterprises must be vigilant as such attacks will increase in frequency and severity.
    Solution: Follow the NIST guidelines for conducting risk assessments to develop a strong cybersecurity policy; also stay updated about government alerts.
  • Third-party Financial Services: Financial organizations hire the services of multiple vendors, partners or third-party service providers. Unfortunately, few of these services may be risky for the partner organization in case their data is compromised. Preventive measures in advance are better than waiting for government regulations to avoid cybercrimes.
    Solution: Cybersecurity must be included as one of the primary objectives of third-party integration. Include a sound strategy for cybersecurity right in the initial stages of planning. Regular testing and updates can protect your enterprise from any security threat much before deployment of third-party solutions.
  • Risks of mobile banking: Users are increasingly using their mobile device for banking purposes as well as other financial transactions. Sensitive data stored on your mobile device is at a huge risk. How can financial enterprises deliver convenient banking options while preventing their sensitive data, stored on mobile devices, from being compromised?
    Solution: Data encryption of the complete dataset of the mobile device is a good solution. Store minimal sensitive data on the mobile device; instead of username and password combinations, simply store the username only. Cross-platform testing of mobile apps will help enterprises learn about potential security threats.
  • Manipulation/Alteration of Data: Minor errors in financial transactions can result in a loss of millions or billions; however, cybercrimes pose financial institutions at a greater risk. Hackers intentionally change or manipulate the user/organization’s data; this is worse than deleting data because the data is not trustworthy anymore. Solution: Enterprises must follow a practice of taking data backups regularly. IT security professionals can determine the risks and ensure that your customers are accessing accurate data. They also identify how your organizational data is being mirrored by the hackers.
  • Malware threats: End-user devices are at a huge risk of being targeted by cybercriminals in the coming years. The popularity of BYOD increases the opportunity of affected devices being present over the connected network. So, each time an infected device is connected, sensitive user data is accessed; hidden malware can hijack the customer data easily.
    Solution: Use proper methods of identifying backdoors; network security protocols like advanced firewalls can restrict website traffic.
  • Compromising business emails: Email accounts of several financial institutions have been hacked in the past, resulting in a loss of approximately billion dollars. Unfortunately, these scams weren’t detected early. Hackers adopt a meticulous approach and research well; C-suite and high-value accounts are at the highest risk.
    Solution: Educate employees about the various ways how spoofing activities can occur. Also share the essential measures to avoid such malicious attacks.
  • Sophisticated spoofing attacks: Hackers can hijack your bank’s website and steal user-related data. These types of attacks use similar URLs to mimic legitimate financial websites. The attack affected users who typed the correct URL. This kind of spoofing attack can become widespread.
    Solution: Use two-factor or multi-factor authentication to protect user accounts. Deploy solutions to control user access and equip your customers with security intelligence.
  • Chip/PIN attacks: EMV payments have secured the use of debit/credit cards for online shopping and brick and mortar retail stores. Even, financial enterprises are protected from liabilities. However, EMV payment processing has introduced alternate ways of stealing payment information. Some hackers have already implemented these ways.
    Solution: Financial enterprises must develop a data recovery plan; a stepwise approach to recover the complete set of sensitive customer data in case of a security breach. 

 JP Morgan Chase data breach in 2014

This cybercrime against JP Morgan chase bank compromised data of above 83 million customer accounts – 76 million households and 7 million small businesses- this attack is regarded as one of the most serious intrusions into the information system of an American corporation and also one of the largest security breaches until date.

In an article titled “Cybercrime Looms As Biggest 'Disruptive Threat' To Finance Markets”, Forbes has reported about cybercrime statistics and stated that the global spending on cybercrime is $200 bn annually; from the retail perspective, $670 million is spent on associated costs through theft, time loss, identity theft, etc.

Addressing Fintech Security

Gartner: “The global spending for cyber security was nearing $76.1 billion in 2015—and that number is expected to rise to $170 billion by 2020.”

New technologies have challenged the way law enforcement, businesses and individuals must think about protecting themselves. Enterprises can focus on the following strategies:

  • Investment in cybersecurity: You must make appropriate investment – including software and hardware along with training your employees about cybersecurity.
  • Regular updates: Constant communication and regular updates regarding efficacy of your cybersecurity program must be practiced across the entire organization.
  • Private/hybrid cloud storage: Public cloud makes your customer database susceptible to cybercrimes. Choose a reliable private cloud or hybrid cloud storage system to automate financial processes in your organization.
  • Audits: Audit your technology partners’ processes thoroughly to identify risk assessment and management procedures. Focus on the following points:
    • Board oversight i.e. defining the level of involvement of the Board in daily business activities.
    • Managerial expertise of employees
    • Robust internal audits
    • Procedures adopted in terms of data security and technology
  • Strict Vigilance: Monitor, analyze all types of attacks/threats at regular intervals. Fix all the gaps periodically.
  • Network security protections: Such protections avoid internal unauthorized access of the organization’s network.  
  • Data encryption of high value targets: Enterprises must classify terms of data access through strong firewalls and antivirus protection software.
  • Air Gaps: The term ‘air gaps’ refers to leaving behind some information on computers that is not present in the connected network and that can be accessed offline only 

Share this: