We do a lot of things online. We shop at online marketplaces. We rent movies at online video libraries. We manage our finances in online banking apps — all from the comfort of our homes. On the downside, criminals don’t have to stand up from their couch either, to rob your bank or steal your private data. Internet crime and assaults on cybersecurity occur in increasing numbers. Banking institutions are a popular target, as are their little, nonconformist peers: Fintech companies.
Online Banking — A Hacker’s Favorite Target
The playing ground for cybercriminals is vast. As Ipsos MORI found out in a 2017 study, 99% percent of all businesses in the UK offer some form of online service. Moreover, 3 out of 5 businesses view this service as a central aspect of their company’s portfolio. Their customers appreciate it: Providing options for online interaction are not as much a competitive factor as a mere necessity.
However, not all businesses are worthwhile targets for online crime. Banks and fintech firms find themselves on the receiving end of cybercrime often. But not their liquid funds make them popular targets. It’s their rich treasuries of digital, personal and financial data. Data piracy is one of the prevalent cybercrimes, second only to deploying malware or so-called ransomware — usage-locking software which takes a computer hostage until money is paid. But more than anything, personal datasets are the most valuable items hackers can lay their hands on. They can use the data to commit fraud under a false name or simply be sold to other criminals.
A Big Threat for Banks
Banking institutes have some of the largest piles of data at their disposal. And they know what awaits them if they lose it. A data breach not only means a loss of money — the damage caused could come to millions. It also means their reputation with customers suffers and the trust put in their services erodes. In addition, due to interrelations, other industries, and supposedly unrelated projects can suffer as well. A large bank suffering from a cyberattack can impact a whole economy, in the worst case.
Consequently, regulations for banks are strict. The German BaFin published a set of regulatory requirements for bank IT in November 2017. One of its goals was to raise awareness of cyber threats. The banking institutions have indeed increased their security measures. Most of them invest heavily in cybersecurity experts and IT solutions. Still, digital thievery is a huge problem: Out of around 80 attacks, at least one third is successful… per bank. What’s more, PSD2 threatens the information monopoly of banks. Actually, customer data can be distributed among third-party providers, which makes it harder to control.
An Even Bigger Threat for Fintechs
What’s true for banks is all the more true for fintech companies. In our time of agile disruption, many fintech firms are either small or medium-sized enterprises (SMEs) — and a favorite target of cybercriminals. Fintech SMEs are often lacking a systemic approach to cybersecurity. While they must operate within the standards proclaimed by their respective legislators — in Germany, they must adhere to the IT-Grundschutz — they have a harder time to do so than banks.
Also, many fintechs concentrate on disruption and volatility. Keeping the pace of the digital market, they often don’t have the time to finetune their systems for years until they are ready to cope with all kinds of sophisticated cyber threats. Plus, aside from cybersecurity they also have to deal with KYC requirements, customer services, etc. without bringing the resources of a large bank to bear.
All this makes it harder for fintech companies to fend off cybercrime, which is also true for non-fintech SMEs. In only 14% of SMEs view their own cyber threat protection as highly effective. Concurrently, the impact of a successful data breach is much worse for low-tier fintech enterprises even. 60% of all small enterprises go out of business within six months after a cyber attack.
Cybersecurity for Fintech — What Can We Do?
Finding countermeasures against the ever-shifting dangers of cybercrime will be one of the foremost challenges in digital finance. And there is already good news: Companies begin to rethink cybersecurity and offer support for institutions, who struggle with it. There are even fintechs for example, who have specialized in preventing data breaches by providing secure data-processing systems. Take WebID Solutions, who won the Golden Garage Award for their online identification solution.
AI is also a technology to keep an eye out for. Cybersecurity systems backed by machine learning technology might be able to identify threats before they even occur. It’s true that artificial intelligence is only as strong as the data it is fed. But if applied with care, AI can give banks and fintechs an edge over digital thievery.
Last but not least, blockchain and other flavors of distributed ledger technology can help protect data from hackers. Due to the decentralized nature of such a system, a cybercriminal would have to destroy a data set on every computer connected to the chain instead of just one server. Adoption will not be an easy task, but it is well worth it.
So, all in all, cybersecurity is a field, that’s just waiting for innovation to strike.
Originally published at https://trimplement.com on February 6, 2019.