back Back

Increasing demands on cybersecurity as finance evolves

December 19, 2022

  • Cyberattacks
  • Cybersecurity
  • Drawbridge
Share

The rise of Fintech is a challenge for regulators, as outlined by the IMF earlier this year. Yet legislation isn’t the only area which needs to keep pace with the evolution of finance. As digital services and infrastructure expand, cybersecurity has never been more important.

by Simon Eyre, CISO, Drawbridge

Cyberattacks are on the rise – increasing in both frequency and sophistication – and financial players are a prime target. For instance, research from the Anti-Phishing Working Group, shows the financial sector (including banks) was the most frequently victimised by phishing in Q2 2022, accounting for over a quarter of all phishing attacks. A successful attack of any kind can have catastrophic consequences: in February, cryptocurrency platform Wormhole lost $320 million from an attacker exploiting a signature verification vulnerability.

Simon Eyre, CISO, Drawbridge, discusses your cybersecurity needs
Simon Eyre, CISO, Drawbridge

As finance evolves, it’s imperative that institutions of every size are doing all they can to protect themselves from cybercriminals. But what does that look like in practice? Let’s examine some key actions all companies must take.

Strengthening weak links

You may not be looking for weak links in your security infrastructure – but your adversaries definitely are. A single vulnerability is an open door for criminals.

Businesses must continually search for weak links in their cybersecurity armour – such as through vulnerability management and penetration testing – to identify and strengthen these weaknesses before malicious actors do.

This is especially important as working habits also evolve, with remote and hybrid working established as the norm. These offer many benefits but can also greatly increase risk as employees access systems from numerous locations and devices move on and off networks. In fact, Verizon’s Mobile Security Index report found that 79% of mobile security professionals agreed that recent changes to working practices had adversely affected their organisation’s cybersecurity. This isn’t to say that companies should ban remote working but they need to be aware of their heightened risk and be proactive about managing it.

Educating the team

A crucial part of this risk management involves employee education. Many cyberattacks rely on social engineering techniques like typo-squatting (often used in conjunction with targeted phishing attacks) to impersonate trusted parties and fool employees into providing critical access or even direct funds. Therefore, employees at every level need to know the techniques that are being used against them and be trained in the appropriate cybersecurity response.

The way this education is delivered is also important. A one-off PowerPoint presentation won’t cut it – teams need continuous training and engaging exercises, such as attack simulations, tabletop exercises and quizzes, to ensure that crucial information is taken in.

Creating a cast-iron incident response plan

Part of protecting yourself from the damage of a cyberattack is planning what to do in the event of one.

An incident response plan is a critical part of a firm’s cybersecurity infrastructure, structuring the steps to be taken following an incident. Plans should include key contacts and a division of responsibilities, escalation criteria, details of an incident lifecycle, checklists to help in an emergency and guidance on legal and regulatory requirements. Plans can even include template emails to support communications and companies should draw on knowledge from private resources and industry experts, as well as their government’s resources, to help them create a cast-iron plan.

The road ahead for finance and cybersecurity

Over the coming years, the rate of digital change isn’t set to slow. With BigTech’s eyes on banking, traditional banks innovating to keep up with challengers, the rise of ‘superapps’ and cryptocurrency supporting the emerging metaverse – to name just a few – there’s significant change still yet to occur.

The finance sector’s cybersecurity response must also continue to evolve in order to keep up. Part of this will mean relying more heavily on AI, such as in continuously monitoring networks for threats, although this tech will also be leveraged by cybercriminals. Additionally, it will be crucial for the cybersecurity as a whole to close its skills gap: there is currently an estimated global cybersecurity workforce gap of 3.4 million people.

The future is exciting but without the right protections, it can be dangerous too. If firms are to protect their assets and customers, they must build cybersecurity into the heart of their practices. Reaping the rewards of the FinTech boom means keeping firm control of your security risk.

Previous Article

December 01, 2022

Why Online Payments Are the Next Big Thing in eCommerce Innovation

Read More
Next Article

December 22, 2022

Difference between Low Code & No Code development

Read More

IBSi News

the weekly wrap

December 06, 2024

Cyberattacks

The Weekly Wrap: all you need to know by Friday COB | December 6th

Read More

Get the IBSi FinTech Journal India Edition

  • Insightful Financial Technology News Analysis
  • Leadership Interviews from the Indian FinTech Ecosystem
  • Expert Perspectives from the Executive Team
  • Snapshots of Industry Deals, Events & Insights
  • An India FinTech Case Study
  • Monthly issues of the iconic global IBSi FinTech Journal
  • Attend a webinar hosted by the magazine once during your subscription period

₹200 ₹99*/month

Subscribe Now
* Discounted Offer for a Limited Period on a 12-month Subscription



IBSi FinTech Journal

  • Most trusted FinTech journal since 1991
  • Digital monthly issue
  • 60+ pages of research, analysis, interviews, opinions, and rankings
  • Global coverage
Subscribe Now

Other Related Blogs

August 09, 2024

DORA – A potential blueprint for Global Cyber Resilience Regulation?

Read More

May 16, 2024

Is Cybersecurity the key to customer loyalty for banks?

Read More

April 17, 2024

The sanctions job has changed – and it’s not going back any time soon

Read More

Related Reports

Sales League Table Report 2024
Know More
Global Digital Banking Vendor & Landscape Report Q3 2024
Know More
NextGen WealthTech: The Trends To Shape The Future Q4 2023
Know More
IBSi Spectrum Report: Supply Chain Finance Platforms Q4 2023
Know More
Treasury & Capital Markets Systems Report Q1 2024
Know More