Mitigating your cyber exposure, whatever the scale of your business

Cybercrime is an ever-increasing risk for financial institutions. While the wealth management industry has thus far been less affected by major breaches than other sectors, wealth managers should be arming themselves with the right tools in the fight against hackers.

A DDoS attack is one of the biggest cyber threats currently faced by fintech companies. This ‘distributed denial of service’ occurs when cybercriminals flood a website with traffic in order to overwhelm it and shut down services. The very nature of their business makes financial institutions an obvious target for hackers; attacks are relatively easy to launch and smaller companies’ systems can be overwhelmed by them.

The motives for these attacks can vary but might include demanding a ransom in return for stopping the attack, or as a diversion to tie up security staff while hackers carry out a more significant assault. The good news for smaller companies is that, unlike their larger rivals, they are unhampered by cumbersome legacy systems. Agility, innovation and collaboration are key to combating cybercrime, and small firms can harness the power of cloud-based DDoS protection services.

It’s all down to your capacity

These services have a huge network capacity so they can filter out large amounts of DDoS traffic without being overwhelmed. This allows legitimate traffic from customers to get through without interruption. This can also be used to intercept scanning activity. ‘Scanning activity’ is used by hackers to attempt to scan a company’s computer systems by sending traffic to its network in the hope of finding software with known vulnerabilities that can be exploited.

Criminals may also try to gain access through social engineering. This often involves emailing or calling staff and tricking them into believing they are talking to a fellow employee. A workforce that isn’t sufficiently trained to know what to monitor for when it comes to phishing emails or other malicious tactics can leave its organisation very exposed.

While social engineering methods pose a major cybersecurity risk for any company, these malicious techniques are theoretically a greater threat to larger organisations with bigger workforces that are harder to train and monitor. Nonetheless, firms of every size and scale should have effective training and processes in place to help mitigate risks.

Combat the criminals

Increasingly sophisticated tools are available to combat the criminal on the street trying to log into, for example, a victim’s online banking or investment portal. A large number of financial services firms now use ‘panic password’ technology to protect their clients, whereby you can enter a special PIN code (i.e. not your actual password) if under duress, that will automatically notify your security teams that you are being coerced. Further to this, the app will appear to continue to work ‘normally’, leading the attacker to believe that they are able to steal funds and transfer them to a particular account.

Another way in which providers can protect clients is via two-factor authentication. Many large financial institutions require some extra information in addition to a password to log on to a service, often a one-time password or PIN that is sent to the customer’s phone via a text message or generated by an app on their smartphone. Other companies offer dedicated security tokens that generate a shortcode on a built-in screen.

Two-factor authentication provides better security than a password alone because even if a hacker can guess a user’s password, they can’t use it unless they have the smartphone or security token as well. This type of technology is relatively low cost, making it perfectly feasible for smaller fintech companies to implement. And in a world that is seeing an alarming rise in the size and scale of cyber attacks, firms must take every step possible to mitigate exposure.

Dmitry Tokarev

Chief Technology Officer, Dolfin