Advanced mobile security strategies for fortifying FinTech in 2024: Interview with Manish Mimani, Founder and CEO, Protectt.ai

By Puja Sharma

Manish Mimani is the Founder and CEO of Protectt.ai, where he leverages his extensive experience in global technology platforms and digital transformation to drive the company’s growth and innovation.

In his discussion with IBS Intelligence, Mimani highlighted Protectt.ai’s advanced, multi-layered mobile threat defence solutions, which enhance security and provide a seamless user experience for mobile applications, devices, and transactions.

How important is it for organisations across industries, especially FinTech, to regularly update mobile apps and operating systems to protect against the growing number of security vulnerabilities?

For organisations across industries, particularly FinTech, regularly updating mobile apps and operating systems is critical. Mobile apps are the frontline of customer engagement, especially in sectors like Banking & FinTech, where sensitive financial data is constantly in transit. Security vulnerabilities are continually evolving, and cybercriminals are always looking for new ways to exploit weaknesses. In 2023, the Reserve Bank of India (RBI) observed that the surge in digital transactions has heightened the sector’s vulnerability to cybercriminals. By not updating, organisations leave themselves exposed to both known and unknown threats, such as zero-day vulnerabilities, malware attacks, or unauthorised access attempts.

Frequent updates help to patch vulnerabilities and enhance security features, ensuring apps are resilient against new cyber threats. Moreover, modern mobile operating systems come with enhanced security protocols, and failing to adopt these can create a gap between app security and the platform’s evolving security standards. In industries like FinTech, where trust and compliance are paramount, regular updates can safeguard not only the app’s security but also the organisation’s reputation and customer trust. In this fast-paced threat landscape, staying up-to-date is a fundamental step in a holistic Mobile App Security strategy.

What roles do two-factor authentication and strong, unique passwords play in enhancing digital safety, particularly in sectors handling sensitive financial data?

Two-factor authentication (2FA) and strong, unique passwords play a crucial role in enhancing digital safety, particularly in sectors handling sensitive financial data. The importance of these measures has grown significantly, especially as digital payment fraud in India saw a sharp increase, jumping to Rs 14.57 billion by March 2024, according to a report citing Reserve Bank of India (RBI) data. However, as cyber threats continue to evolve, it’s essential to emphasise the importance of integrating these practices into a broader security strategy, such as Zero Trust Authentication. These approaches, such as passwordless logins and continuous verification, assume no user is trusted by default, thus eliminating reliance on passwords and offering enhanced protection against sophisticated cyberattacks.

Additionally, Device & SIM Binding technology plays a key role in strengthening security by linking a user’s identity to a specific mobile device, creating a unique digital identity for each app user. This method helps to curb digital identity fraud by ensuring that only genuine users can access their accounts from their registered devices. Together, 2FA, strong passwords, Zero Trust Authentication, and Device & SIM Binding create a robust, multi-layered security framework crucial for safeguarding digital accounts in the increasingly vulnerable banking and finance sectors.

How can companies across industries raise awareness of cybersecurity threats, like unverified apps and phishing attacks, and stay ahead of emerging challenges?

To raise awareness of cybersecurity threats and stay ahead of emerging challenges, companies across industries can take the following steps:

• Cybersecurity Awareness Month (CSAM): Cybersecurity Awareness Month is a globally recognised campaign held in October across Industries. This Campaign is aimed at creating awareness towards cyber security best practices and initiatives. Companies can engage in this month by hosting events, distributing educational resources, and collaborating with industry partners to promote cybersecurity best practices. This initiative serves as a reminder for both employees and consumers to prioritise security and stay informed about emerging threats.
• Consumer and Employee Training: Regular training sessions are essential for fostering a robust security culture within organisations. Employees must be educated on recognising phishing attempts, understanding the dangers of downloading unverified applications, and implementing safe online practices. Additionally, consumers can benefit from targeted training that informs them about mobile app security risks and provides guidance on verifying app legitimacy before downloading.
• Awareness Campaigns: Implementing consumer awareness campaigns significantly enhances knowledge of cybersecurity threats. These campaigns can leverage various channels, including social media, blogs, and newsletters, to disseminate informative content that highlights the importance of cybersecurity and offers practical tips for safe online behaviour. Engaging visuals and interactive content can effectively capture attention and reinforce critical messages.
• Webinars and Workshops: Hosting webinars and workshops enables organisations to explore specific cybersecurity topics in greater depth. Featuring industry experts, these sessions can provide valuable insights into the latest threats and best practices for risk mitigation. Interactive formats encourage participants to ask questions and share experiences, fostering a deeper understanding of cybersecurity challenges.

What best practices should be adopted industry-wide to maintain strong cyber hygiene, including malware scanning, avoiding suspicious links, and regularly backing up critical data?

Best Practices for Maintaining Strong Cyber Hygiene in Organisations:

Runtime Application Self-Protection (RASP) for Mobile Application Security: The Next-Generation Shield:

• RASP is an advanced security technology that enables applications to defend themselves in real-time against cyberattacks.
• By embedding security features within applications, RASP detects and mitigates malicious activities at runtime, providing dynamic defence against evolving threats.
• It proactively detects and neutralises threats like code injections, reverse engineering, and unauthorised access.

Zero Trust Device and SIM Binding:

• Zero Trust Device and SIM Binding ensures that only verified devices and users access sensitive information by treating every access request as a potential threat.
• This approach involves continuous authentication and validation, and SIM binding links a user’s identity to their SIM card, enhancing protection against SIM swapping and device tampering.
• It’s a crucial layer of security for protecting mobile applications and transactions from sophisticated attacks.

App Hardening: Fortifying the Foundation:

• App hardening techniques protect mobile applications from reverse engineering, code injection, and other vulnerabilities.
• Key techniques include code obfuscation, which makes the code difficult to decipher, and RASP, which monitors and safeguards applications during runtime.
• Application hardening significantly reduces the attack surface and enhances the security of mobile banking applications.

Real-Time Threat Detection: Staying One Step Ahead:

• Real-time threat detection is critical for mobile banking, where rapid identification and response to threats are vital.
• AI and ML-driven systems analyse user behaviour to detect anomalies and respond to threats in real time.

Adhering to International Standards (ISO Certificates):

• Organisations can enhance their cyber resilience by following international standards like ISO, which outlines effective information security management systems.
• Compliance with such standards helps ensure comprehensive cybersecurity practices and boosts overall organisational security.

How can businesses foster a cyber-resilient culture through ongoing education, promotion of best practices, and encouragement of collective responsibility for digital safety across industries?

 Building a Culture of Cyber Resilience in a Digitalised Environment:

• Establishing Cyber Resilience:
  • A culture of cyber resilience can be achieved through continuous education and promoting shared responsibility for digital safety across sectors in India’s highly digitalised environment.
• Mandatory Cybersecurity Training:
  • Organisations must invest in regular cybersecurity training programs, which all employees, regardless of their role, are required to attend.
  • Training should cover modern cyber trends, phishing detection, creating secure passwords, and implementing Zero Trust Authentication methods.
• Encouraging a Cybersecurity Culture:
  • Incentivizing Cyber Awareness: Rewarding employees for following cybersecurity best practices or reporting potential threats to foster a sense of responsibility for digital safety.
  • Implementing a “Zero Trust” Model: Treating all network activity as a potential threat, ensuring continuous monitoring and validation of users and devices to minimise breach possibilities.
  • Collective Responsibility: Digital safety should be an organization-wide concern, not just a departmental responsibility. Leadership, including CEOs and CISOs, should lead by example to promote cybersecurity practices throughout the organisation.
• Proactive Cybersecurity Measures:
  • Integrating cybersecurity into organisational culture strengthens businesses’ ability to withstand evolving cyber threats.
• Securing Mobile Banking Apps:
  • Financial institutions must prioritise securing mobile banking apps as digital transactions become the norm.
  • Adopting advanced security measures helps ensure mobile banking platforms are safe and reliable and fosters customer trust.
• Investment in Security Technologies:
  • Continuous investment in security technologies and practices is essential for revolutionising mobile banking app security and ensuring its long-term success in the face of expanding cyber threats.