Site icon IT World Canada

Understanding cybersecurity management for FinTech: cybersecurity vulnerabilities and risk in FinTech (Article 4)

FinTech revolves around technologies such as cloud, blockchain, AI, and mobile devices that are used for financial transaction payments, cryptocurrencies, money transfers, trading, and regulatory compliance. With so much monetary value associated with all these technologies, perpetrators are always lured to breach security by exploiting vulnerabilities that exist in these technologies, and posing risks to FinTech.

Security threats disrupt business and hence, financial stability. The attractiveness of financial gain and access to confidential data are the two most important reasons for making the financial sector one of the biggest targets. Therefore, identifying cyber vulnerabilities and risks is vital to every financial organization.

This article investigates cybersecurity vulnerabilities and risks in FinTech. It brings forward some common cybersecurity vulnerabilities that were exploited in the past. It presents some general policies to mitigate cyber vulnerabilities in FinTech. Cyber risks induce different uncertainties in FinTech which are addressed towards the end of the article. The content in this article is based on the extensive research work behind our book titled “Understanding Cybersecurity Management for FinTech” published by Springer this year.

Introduction

A vulnerability is defined as a weakness which can be exploited by a cyber-attack launched by a threat actor. In other words, vulnerability is a flaw, loophole, error, limitation, oversight, or susceptibility in any aspect of FinTech, especially the IT environment. If vulnerability is exploited, it can cause severe losses or damage to the assets. These losses or damages are referred to as risks.

National Institute of Standards and Technology Special Publication (NIST SP) 800-28 Version 2 defines cyber risk as “A measure of the likelihood and the consequence of events or acts that could cause a system compromise, including the unauthorized disclosure, destruction, removal, modification, or interruption of system assets”.

Figure 1 highlights the timeline of cyber risk trends in the global economy. Apparently, cyber risk began to trend in the third quarter of 2014 and then declined till the first quarter of 2016. It remained stable in 2016 and started to increase gradually until the third quarter of 2017. With a consistent value in 2018, it has been decreasing since 2019.

Figure 1: Cyber risk trends in the global economy (2014-2020)

Common cyber vulnerabilities in FinTech

Despite the fact that innovative technologies have contributed to the evolution of FinTech, these technologies also bring the fear of exposing several vulnerabilities that can be exploited at no extra cost. Some of the general vulnerabilities in the technologies, platforms, frameworks, and related solutions used by FinTech are summarized below.

General policies to mitigate FinTech cybersecurity vulnerabilities

Based on the types of vulnerabilities discussed above, every FinTech institution designs a policy to implement basic regulations to avoid or treat the identified vulnerabilities. These policies are based on factors influencing the budget, market value, infrastructure cost, and reputation of the institution. Some essential policies for providing fundamental security for the financial work of an institution are streamlined below.

Kinds of uncertainties resulting from cyber risks

FinTech uncertainties can be broadly divided into three categories:

  1. The dominance of banks over technology: Despite growing technologies, there are still many banks that prefer to work in the traditional way. These banks fear technological disruption. Their reluctance to emerging technology and preference for traditional working culture makes the future of FinTech uncertain.
  2. Data breach: Information theft or data breach is one of the important challenges for FinTech. FinTech companies deal with sensitive financial data that includes credit card details and personally identifiable information. Cybercriminals steal information and sell it for monetary gain. Stolen information is also used by hacker groups to send phishing emails, emulate personal identity, illegally transfer money, money laundering, and fund nation-state terrorist activities. Surging data breaches is a cause of concern for financial institutions since it adds to the uncertainty of FinTech security.
  3. Cyber risk: The unrivalled threat of cyber risk is creating havoc in the FinTech industry. Only a handful of cyber incidents are reported from a massive pool of total cyber incidents per year. Many financial institutions believe that concealing cyber incidents helps them not to reduce their market value. However, reality is something else. A financial institution may be attacked again if the vulnerabilities are not fixed. Implementing a cyber risk management solution is necessary to compute cyber risks in advance and plan some measures to mitigate them at the earliest.

Handling uncertainty for FinTech cybersecurity risk

Based on the types of cyber risks and uncertainties resulting from them, following measures can be adopted to reduce the impact of these uncertainties.

What’s next

This article introduces cyber vulnerabilities and risks in the FinTech industry. It puts forward common cyber vulnerabilities and risks posed by them. The mitigation measures for dealing with uncertainties are also discussed. The next article of the Understanding cybersecurity management for FinTech series explores security issues on the financial market infrastructures.

Exit mobile version