With the sudden growth of companies dealing in financial technologies, the potential risk of cyber attack has also been growing alarmingly. Since these companies deal in digital financial transactions and have crucial data related to financial dealings with customers, they are more vulnerable to cyber attack than any other industry. Reports suggest FinTech institutions experience cyber attack four times higher than any other sector does.
As compare to 2014, 2015 witnessed 141% hacks which result in financial losses to the tune of $10 million to $ 20 million, says a report by PwC. Another report by Accenture suggests that 90% FinTech firms realize the gravity of cyber attack and plan to increase their investment in the risk management capabilities in the next two years.
Who breaches protected data?
A FinTech faces data security risk from various elements – An employee of the company, an end user or customer and a professional hacker or a group of cyber attackers.
Sometimes accidental reasons also cause huge data loss, like the one that took place in USA-based Piedmont Advantage Credit Union when the company informed its 46,000 members that it lost a laptop that contained their data.
Security experts believe that insiders’ role pose the biggest potential threat to data security of any company. An employee of any company understands the security protocols very well.
He or she knows what is available on the network and the level of safety for the purpose of theft. Sometimes employees of one company have colluded with the rival company, and resorted to hacking only to cause loss of image and branding of its company.
Many experts say that if an employee leaks the crucial information to the public domain, it can manipulate the company’s share value. They believe, traditional frauds and cybercrime are less effective than this one for making a profit.
So an insider can harm the company in ways more than one. For instance, he/she can make undesired disclosure of confidential customer and account data which can jeopardise the organization’s most valuable relationship.
He or she can indulge into fraudulent activities, cause loss of intellectual property, disrupt critical infrastructure, monetary loss, destabilize and disrupt and destroy cyber assets of financial institutions.
According to Verizon 2015 Data Breach Investigations’ report, two sectors which were most affected regarding breach of data due to insiders’ malicious activities were financial services & healthcare industries.
The report also reveals that trusted and responsible employees, who were handed over crucial positions, were involved in the data breach in collusion with outsiders, end-users or cashiers.
In 55% cases, internal employees of the company in cahoots with end users and cashiers betrayed the company’s trust and leaked vital information and data.
Many experts view that financial technology companies should rethink their security aspects and strategies to protect their clients’ data.
Major financial breaches in 2015 due to Cyberhackers
Financial institutions across the globe have suffered huge trust deficit due to data breaches by cyber hackers. The highest number of instances of data breach took place in Morgan Stanley in the USA in January 2015 in which an employee of the bank stole account information of 350,000 wealth management client.
The second higher data theft was reported from Italy’s RosBusiness Consulting whose 151,000 clients’ data was breached by some malicious insider of the company.
Other US companies suffered a massive violation of records in 2015 are Piedmont Advantage Credit Union, North Shore – Long Island Jewish Health System and American Bankers Association (ABA). In the case of ABA, the company accepted that the names, email address and passwords of 6400 shopping cart users were compromised.
Not only the USA, companies in the UK such as Clouminr.io, Chartered Institute for Securities and Investment, Credit Cared Company, Lloyds Bank, Barclays witnessed total 195,267 number of records breached in 2015 by various reasons which include accidental loss, identity theft or the role of some malicious outsider.
DD4BC, a cyber-crime organisation, has terrorised financial companies and institutions in the UK. This extortion hacker group asking companies to pay extortion in Bitcoin, else it would take down their websites.
US firm Akamai, in its cyber security report, said that in one year the DD4BC attacks have significantly increased on banks and financial institutions. Out of all attacks, 58% were targeted at the financial service sector while banks and credit unions received 35% of the attacks.
Financial technology companies in Asia Pacific Region (APAC) too reported similar incidents. For instance, Chinese exchange Bter admitted to a hacking of $1.75 million worth bitcoin from its cold wallet which affected its 20,000 customers.
According to a report by NetDiligence Study, 17% of total insurance claim came from financial services in 2015, which is 5% less from the previous year of 2014. Both financial and health care sector accounted for more than 50% of insurance claims in 2015 in which employees of companies were involved.
What should FinTech companies do for cybersecurity?
Cyber security experts suggest that companies should maintain a strict vigilance of customers’ personal information and plug all possibilities of the leak of important information related to company’s investment and trading decisions.
Sharing security threat information with concerned authorities helps detect the fraud on time. Delay in the detection of breaches provides ample time and opportunity to cyber hackers to execute their plan. Cases of data fraud show that delay in detection has led to largest losses to companies.
For instance, the second largest discount store retailer in the US, Target got a notification from a cybersecurity provider ‘Fire Eye’ for a breach of customers’ cards, but the retailer firm missed the information for about 15 days, and by the time it realised its mistake, hackers breached 56 million cards. Had the infiltration noticed on time, the company wouldn’t have suffered such a huge setback.
The payment card skimming, through which thieves steal the card details, is usually detected from a few hours to few days and with the technological enhancement of security measures, the detection time has improved a lot. Only 28% cases take weeks and months in discovery.
Experts warn Fintech firms of being lax in protecting client’s data as its consequences can be disastrous. Customers’ trust is the biggest asset of any FinTech company, and if it loses this asset, it will be out of the business very soon.
Various reports say that the volume, scale and financial loss due to cyber hacking is so huge that, besides chief information security officer, even senior executives and board members have to deliberate upon the immediate measures.
Interestingly, the cyber hackers have targeted big financial institution such as Citigroup, HSBC, Fidelity Investments, etc. which increase the cost of successful cyber attack to $20.8 million per financial service company in 20114, according to Ponemon Institute.
In the past few years, regulatory authorities have imposed heavy penalty on enterprises that have lax security standard due to which customers’ financial safety were compromised.
In 2009, the USA-based company, the Heartland Payment Systems was fined $12,5000,000 for breach of its computer system in 2008 in which the attackers took away 100 million debit and credit cards in one of the largest data breaches in the history of cyber attack.
Countries like the USA have taken adequate regulatory measures that mandate every financial technology company to maintain high security standards to protect customer information.