back Back

Mitigating your cyber exposure, whatever the scale of your business

Cyber Threats, Cybercrime, Cybercriminals, DDoS Attacks, Dolfin, Email Phishing, Financial Risk, Malicious Tactics, Panic Password, PIN, Ransomware, Risk Mitigation, Security Token, Shortcode, Social Engineering, Two-Factor Authentication

October 30, 2017

  • Cyber Threats
  • Cybercrime
  • Cybercriminals

Cybercrime is an ever-increasing risk for financial institutions. While the wealth management industry has thus far been less affected by major breaches than other sectors, wealth managers should be arming themselves with the right tools in the fight against hackers.

A DDoS attack is one of the biggest cyber threats currently faced by fintech companies. This ‘distributed denial of service’ occurs when cybercriminals flood a website with traffic in order to overwhelm it and shut down services. The very nature of their business makes financial institutions an obvious target for hackers; attacks are relatively easy to launch and smaller companies’ systems can be overwhelmed by them.

The motives for these attacks can vary but might include demanding a ransom in return for stopping the attack, or as a diversion to tie up security staff while hackers carry out a more significant assault. The good news for smaller companies is that, unlike their larger rivals, they are unhampered by cumbersome legacy systems. Agility, innovation and collaboration are key to combating cybercrime, and small firms can harness the power of cloud-based DDoS protection services.

It’s all down to your capacity

These services have a huge network capacity so they can filter out large amounts of DDoS traffic without being overwhelmed. This allows legitimate traffic from customers to get through without interruption. This can also be used to intercept scanning activity. ‘Scanning activity’ is used by hackers to attempt to scan a company’s computer systems by sending traffic to its network in the hope of finding software with known vulnerabilities that can be exploited.

Criminals may also try to gain access through social engineering. This often involves emailing or calling staff and tricking them into believing they are talking to a fellow employee. A workforce that isn’t sufficiently trained to know what to monitor for when it comes to phishing emails or other malicious tactics can leave its organisation very exposed.

While social engineering methods pose a major cybersecurity risk for any company, these malicious techniques are theoretically a greater threat to larger organisations with bigger workforces that are harder to train and monitor. Nonetheless, firms of every size and scale should have effective training and processes in place to help mitigate risks.

Combat the criminals

Increasingly sophisticated tools are available to combat the criminal on the street trying to log into, for example, a victim’s online banking or investment portal. A large number of financial services firms now use ‘panic password’ technology to protect their clients, whereby you can enter a special PIN code (i.e. not your actual password) if under duress, that will automatically notify your security teams that you are being coerced. Further to this, the app will appear to continue to work ‘normally’, leading the attacker to believe that they are able to steal funds and transfer them to a particular account.

Another way in which providers can protect clients is via two-factor authentication. Many large financial institutions require some extra information in addition to a password to log on to a service, often a one-time password or PIN that is sent to the customer’s phone via a text message or generated by an app on their smartphone. Other companies offer dedicated security tokens that generate a shortcode on a built-in screen.

Two-factor authentication provides better security than a password alone because even if a hacker can guess a user’s password, they can’t use it unless they have the smartphone or security token as well. This type of technology is relatively low cost, making it perfectly feasible for smaller fintech companies to implement. And in a world that is seeing an alarming rise in the size and scale of cyber attacks, firms must take every step possible to mitigate exposure.

Dmitry Tokarev

Chief Technology Officer, Dolfin

Previous Article

October 30, 2017

The universal digital identity – how to get it right?

Read More
Next Article

November 02, 2017

Rules of Engagement in KYC

Read More

IBSi News

July 19, 2024

Cyber Threats

Ecommpay & Mastercard partner to deliver Click to Pay in Europe

Read More

  • Daily insightful Financial Technology news analysis
  • Weekly snapshots of industry deals, events & insights
  • Weekly global FinTech case study
  • Chart of the Week curated by IBSi’s Research Team
  • Monthly issues of the iconic IBSi FinTech Journal
  • Exclusive invitation to a flagship IBSi on-ground event of your choice

IBSi FinTech Journal

  • Most trusted FinTech journal since 1991
  • Digital monthly issue
  • 60+ pages of research, analysis, interviews, opinions, and rankings
  • Global coverage
Subscribe Now

Other Related Blogs

May 16, 2024

Is Cybersecurity the key to customer loyalty for banks?

Read More

April 17, 2024

The sanctions job has changed – and it’s not going back any time soon

Read More

June 02, 2023

Chargeback fraud is growing – can AI and Big Data stem the tide?

Read More

Related Reports

Sales League Table Report 2024
Know More
Global Digital Banking Vendor & Landscape Report Q2 2024
Know More
NextGen WealthTech: The Trends To Shape The Future Q4 2023
Know More
IBSi Spectrum Report: Supply Chain Finance Platforms Q4 2023
Know More
Treasury & Capital Markets Systems Report Q1 2024
Know More