OK, so 2021 wasn’t a good year, and 2022 hasn’t fared any better where cybersecurity and vulnerabilities are concerned. Ubisoft is one of the latest firms to fall victim to a cyberattack; the US feels vulnerable to Russian cyberattacks, and every news report says 2021 was one of the most turbulent years for cyberattacks. Plus, hackers now have no shame – the Nvidia hackers have laid claim to their work infiltrating Ubisoft. Naturally, financial firms and the rise of fintech applications begs the question, are they heading towards impending cybersecurity doom? Let’s explore.
Fintech Applications
Forrester’s State of Application report in 2021 revealed that applications remain the top cause of external security features. Fintech apps aim to close the gap between technology and finance to benefit the consumer – but the inherent security risks plague fintech applications. Static application security testing analyzes source code while components are at rest, revealing custom source code vulnerabilities that hackers may exploit. A simple coding error is enough to give hackers the doorway they need. Still, that solves only one part of the problem.
Fintech companies have to battle with coming external sources – as in, the applications their application is connected to. For example, Google Pay users can connect the fintech application to checkouts to complete a secure payment; but simultaneously share the details with that website – thus, creating a two-for-one security risk.
The Digital Race
One report revealed that the financial sector saw a 238% increase in cyberattacks from February 2020 to the end of April. The increase in cyberattacks can largely be attributed to the digital race – many businesses are investing heavily into their eCommerce capabilities. But all that comes at a cost.
Why does that create a problem for financial institutions? The whole point of the digital race is to enable consumers to browse and complete transactions within a few clicks of a button – or if you’re Amazon, one click. Consumers do this by saving their card details onto applications like Amazon or store websites, which is one of the leading ways hackers can tap into linked bank accounts. What’s even more worrying, hackers now have the technology to send text messages in the threads that financial institutions send consumers messages.
While companies are competing to keep up with the digital race and throwing all the security measures and testing they possibly can at it, hackers are also developing new tools that make it easy to infiltrate. The ability to present as a financial institution in text messages is the perfect example of how hackers are evolving to keep up with the ever-growing list of security features.
What Are The Other Causes Of Increased Cyber Attacks?
The digital race isn’t solely to blame for the increase in cyberattacks, new technologies, and software, like ransomware, are partly to blame. The triple-digit increase in cyberattacks in 2021 saw a notable increase in the number of ransomware attacks. That’s where hackers tap into a database or network and display a ransomware message – usually demanding ransom for the return of the network or database.
The increase also links to increasing web shell activity. Web shells are malicious scripts that allow hackers to compromise an entire server and initiate additional attacks. Think of a web shell as a permanent doorstop. The hackers infiltrate a server or network and then install a web shell. That shell then becomes the doorway.
Financial institutions find themselves at the heart of the increase in cyberattacks – becoming one of the five industries noted as the most vulnerable. Why? Because that’s where the money is. The interconnectivity of banking applications creates a spillover risk to the institution themselves. Then you have factors like people not changing their passwords or falling victim to phishing emails to contend with – there’s no end to the potential security risks.
How Can Consumers And Financial Institutions Prevent Cyber Attacks?
Consumers and financial institutions both have responsibilities to protect their private data and prevent cyberattacks. Consumers have an endless list of ways to protect themselves; changing passwords, not opening spam emails, not sharing bank details over the phone; the list could go on. Consumers should also avoid shopping using public Wi-Fi. Public Wi-Fi is an open door as it doesn’t come with the same security features as a private network.
Financial institutions have more of a challenge on their hand as the number of fintech and digital financial solutions continues to rise. There has never been as much of a need for banks to assess their infrastructure and cybersecurity measures – even the basics of asking employees to change their passwords regularly are essential. Ubisoft, for example, has instructed all their employees to change their passwords as they reveal this is how the hackers made their move on the company.
Similarly, implementing logging and monitoring of all activity within the institute can provide some protection. It’s easy to track suspicious activity using artificial intelligence that pulls up discrepancies instantly.
Financial institutions will always come with a target on their back. Their growing interconnectivity with widespread applications only increases the risk – and is directly associated with the increase in cyberattacks. Financial institutions should most definitely brace for a further boost in attacks in 2022.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.
