Wednesday, Dec 16, 2020

Fintech in the Crosshairs: Financial Cyber Crime is On the Rise

Imagine logging into a trading app only to find that all your positions have been sold and the subsequent funds siphoned out of your account. This was a reality for some Robinhood users recently. Without a phone number to call, many victims waited to be contacted by the company to understand the fate of their funds.

Forcepoint NGFW stops advanced intrusion techniques

A situation such as this is a nightmare for any management team, regardless of industry. Not responding  swiftly and effectively usually leads to negative consequences in terms of revenue impact, customer churn and brand reputation.

The scale of the problem

According to Yahoo Finance, an internal investigation revealed nearly 2,000 accounts were compromised as a result of hacked emails, with concern that the number may be much larger. For a company that reported $150 billion total transactions in 2019 alone, with 4.3 million daily average revenue trades, the potential for compromised accounts to wreak havoc on financial markets is a real possibility.

It’s not just Robinhood. Other fintech companies found themselves in hackers’ crosshairs this year:

  • In March, Finastra, one of the largest fintech companies in the world that works with 90% of the world’s 100 largest banks, suffered a ransomware attack due to a compromised network caused by an accelerated digital transformation in response to COVID-19. The intrusion led to compromised employee accounts and the installation of backdoors throughout their critical network infrastructure. Fortunately, they were swift with their response and able to pivot without being forced to pay the ransom.
  • In July, digital banking app and “tech unicorn” Dave.com admitted to a security breach that impacted 7.5 million users’ data that ended up available for download in a public hacking forum. The breach was caused by the compromised network of a third-party service provider.

Crimes of opportunity

For bad actors, when it comes to the financial industry, the motives are clear. According to Verizon, 71% of all data breaches are finanicially-motivated, an Accenture and Ponemon Institute study estimates the cost of cyberattacks is highest in the financial services sector—up to $18.3 million per company. And financial attacks are accelerating in the current environment. Each month during the pandemic, the Securities and Exchange Commission is seeing almost $1 billion worth of financial crimes.

With the massive move to remote work, lockdowns, and quarantines, criminals have capitalized on the opportunity to find ways to turn a profit online by targeting unsuspecting individuals. And bad actors exploit social media accounts and other tools like unsecured connected devices to gain the information needed to access personal accounts—financial or otherwise.

Photo by Markus Spiske on Unsplash

Security vs. Convenience

Think of security and convenience at two opposite ends of the technology teeter totter. When you place more emphasis on the side of security, you inevitably are sacrificing some level of convenience. The more secure a product, often the less convenient it is to use. The opposite is also true: the more convenient a product is to use, the less likely it will be secure. This is largely attributable to how corporations have traditionally approached software design.

Changing Security Paradigms

Traditional infrastructure-centric security is failing to address challges posed by the new work environments and people working from anywhere and accessing critical organizational data. Forward-thinking companies are now leveraging new team structures, such as DevSecOps, to integrate security into the software development lifecycle. It is no longer enough for organizations to just know how data is being accessed, but they just also know who is accessing that data and what they are doing with it.

In many cases, companies design systems with top-notch security that exceed compliance standards to curtail known threats that come with being connected. However, there is no such thing as a perfect system, as humans will inevitably find new and innovative ways around, or through, any given system.

Enabling anytime, anywhere, any device access is crucial to business success, but so is continuous monitoring of data interactions. By leveraging the power of automation to restrict and prevent data exfiltration and adopting the Zero Trust approach of “Never Trust, Always Verify”, you can arm your organization with a superior approach to security and effectively shift left of the breach.

About the Author

Cat Allen

Cat Allen is a Product Manager at Forcepoint, specializing in network security and public cloud partnerships. Her previous experience ranges from product marketing for cloud-native Software-as-a-Service (SaaS) organizations to digital marketing consulting for niche brands and non-profits. She is...