teissTalk: How are FinTechs mitigating risk against the evolving cyber-threat landscape?

Views on news

 

In Q1 of 2022, fintech companies experienced 2.5 times more attacks than in the two previous years. The growing rate of cybercrime has added to the market unrest and questioned fintech preparedness; some claimed that the industry players are more susceptible to virtual threats than traditional banking, with greater resources at their disposal.

 

Fintechs are typically small organisations often focusing on one product, which makes building their defences against cybercrime easier. On the other hand, being small and at the early stages of their lifecycle, they may not be able to employ even one full time person that focuses only on security. While security is baked into fintechs and their solutions from the start, humans are always important factors of the attack surface and raising staff awareness of cyber hygiene is key for fintechs too. Fintech is also looking to big banks for examples of security measures that they then can adopt more quickly thanks to being more agile. As the terms and conditions of cyber insurance are changing very fast, it’s a good idea for fintechs to do a cyber liability claim drill.

 

Where the fintech sector definitely has an edge is sharing intelligence. There is a level of scepticism about how much bandwidth a start-up can have for cyber security, and clients seem to share those concerns too. However, customers with a higher risk appetite are ready to trust a potentially less secure environment – although reality and customer perception may be different. Nevertheless, there is a lot to learn from the fintech sector, such as threat modelling applied to every part of the business, listening to stakeholders and learning about their workflows.

 

They also consider how diverse their customer base is and shape their communication with clients accordingly. In fintech, there can be a lower level of insider threat thanks to the psychological concept of us and more commitment from all members of the team to work towards a shared goal – although cyber attackers may be able to work with that tribe identification too. Risk appetite can also vary by country or region.

 

In the US, where the main focus is on maximizing revenues, they don’t use a pin with bank and credit cards and give the customer experience and the speed of the purchase priority. Established banks have also set up fintech offshoots, but there is no guarantee that they deploy the same level of security there as they do in their core operation. The challenges specific to fintech

 

The panel’s advice

 

To assess the cyber maturity of your organisation, check how you use the intelligence that you have. Can you fuse it? Can you translate the information you gained from an article or a discussion into a solution that the business can benefit from?

 

Fintechs rely on a lot of trust relationships (clients, partners, etc) and the only way to secure trust is through investing in security controls.

 

Security assurance and compliance certification programmes will give you a base layer of security to build your security controls on.