Fintech or Finance-technology is today one of the fastest-growing industries across the world, encompassing segments such as payments and remittances, wealth management, credit technology, blockchains, regulation technology, online insurance etc., each of which are whole industries in their own right. Driven by digital innovation, fintech is rapidly changing the way individuals and businesses perform financial transactions, be it to shop online, pay insurance premiums, evaluate credit scores or pay salaries.
Revolutionising the experience of monetary exchanges globally, fintech is pegged to grow at a CAGR of 72.5% between 2015 and 2020, reaching USD 72 billion, in the Asia-Pacific region alone. In fact, according to a CB Insights report, just the top 250 global fintech companies have raised over $53B in aggregate funding across 947 deals since 2013, of which 30 businesses are already unicorns.
Given that it is literally the industry of money, fintech is an enticing target for cyber-criminals desiring to become rich instantly. At the same time, security breaches also affect individuals and businesses most adversely, as they risk losing their hard-earned savings or business wealth and reputation. For example, the Lazarus hacks of the SWIFT banking network in 2015 and 2016, leading to millions of dollars lost from several banks, have been remarked as “attacks that might put even the largest banks out of business.”
There is no silver bullet to security
One of the key reasons why a secure environment in fintech is complex to achieve is that the industry itself is heavily segmented and diverse in nature. Every fintech business has a unique proposition, and every product has been uniquely developed to solve very specific customer challenges. The risks and threats too, are varied and evolving rapidly.
In wealth technology businesses, for example, where algorithms are replacing human intervention, what really happens when the algorithm gets corrupted? In blockchain systems, where the platforms themselves are remarkably secure, how does one protect an application built over the blockchain platform from malicious attacks? In credit technology businesses that claim to rely more on the paper trail, than their digital platforms - how do we make up for information-thefts that cost millions of individuals their privacy?
Most businesses narrow their innovation horizons and focus only on problem-solving throughout product development. As a result, security takes a back-seat. In fact, most application developers do not even consider security as a primary investment concern. They wait until a few rounds of investment, or until after the product is completely ready to even bring in a security consultant to safeguard their asset.
What should businesses do?
Security is not an expense, it is an investment - this is something fintech businesses should recognise. They must embrace a culture of and proactively adopt a culture of security across all their functions. While they might perceive the cost of a security solution as being high, truth is that the cost of not implementing security from a very early stage would cost them several times more. In addition to the risk of a direct financial loss, businesses will also face the threat of a loss of critical information, customer trust and brand credibility.
Fintech businesses have not just the need, but also the responsibility to embrace security best practices and minimise risks and vulnerabilities. Here are some security practices, that are a very bare minimum for fintech businesses of every type and scale to adopt.
Integrate security into DevOps. Security needs to be a top priority, from stage one of product development. Provide skill training to product developers in security protocol appropriate not only for the technology, but also it's applicability to the industry, and the specific fintech segment.
Implement a bug bounty program, to discover and resolve bugs in products, before criminal hackers find and exploit them.
Adopt policies and best-practices in anti-phishing, risk-control management and dark web monitoring, to always stay one step ahead of malicious attacks
Have security and compliance scores regularly evaluated, and gradually improve the cybersecurity maturity index.
Entersoft has helped over 100 fintech businesses across APAC secure their assets against malicious attacks and compliance issues. We work not just as implementers of security software, but as advisors and partners taking complete responsibility of your fintech product’s security, and helping you adopt a culture of security across business operations.
If you are business in the fintech industry, aiming to achieve comprehensive application security, contact us and we would be happy to share our global expertise with you. Write to us at info [at] entersoftsecurity [dot] com