Cyber Security of FinTech Part 3: Technology Challenges

In the previous posts on cyber security of FinTech, we identified 4 main categories of challenges which are faced by the FinTech companies: Business Model Challenges, Technology Challenges, Algorithmic Challenges, and Human Challenges. We have also looked at Business Model Challenges in detail and even zoomed in on one of the Business Model issues - cyber security landscape of the FinTech secret sauce. Today we will look at Technology Challenges.

What Are Technology Challenges?

Even thought over 2/3rd of cyber security threats involve some degree of social engineering and exploit human psychology, much industrial effort is streamed at thinking how cyber security threats could be "patched with technology" - such as implementing zero trust solutions, software upgrades, etc. Technology challenges for FinTech, therefore, refer to cyber security issues or threats, faced by the sector, which are delivered by technology and, in principle, may be solved by technological improvements. When we think about cyber security technological threats for FinTech, it would appear that cyber criminals are applying a multi-vector threat strategy to attack the sector. To achieve their goals, adversaries use a wide variety of tools from simple malware innovations to sophisticated AI-enabled algorithms. Even though most technological challenges are easily fixed by cyber security technology providers or even by cyber security units of the attacked companies, a typical zero-day vulnerability (software-enabled vulnerability, which is unknown to a particular company) can do a lot of damage before it is discovered and mitigated. The technological FinTech challenges include, but are not limited to:

Innovative Malware Malware attacks are constant and on-going type of threat for FinTechs. Recently, the Society for Worldwide Interbank Financial Telecommunication (SWIFT) became a lucrative target for cybercriminals. Most financial institutions and banks utilize SWIFT systems in one way or the other. SWIFT also carries and stores significant amounts of valuable information. Of the modern malware, Odinaff (usually it manifests itself as a sophisticated Trojan, which takes regular and frequent screenshots of infected systems and sends them to adversaries) is the new generation adversarial technology. Essentially, Odinaff works as a "dropper", allowing the cybercriminals to download and discharge selected adversarial attack tools onto infected victim's systems. This means that Odinaff attacks are very difficult to detect as it can keep its presence in a computer system for a very long time. Recently, the Symantec Security Response team identifies the Odinaff malware attack on the SWIFT systems, which was designed to spy on customer's message logs. While, according to Symantec, the SWIFT network itself was not harmed, this examples shows that malware attacks become more and more frequent as well as more and more sophisticated.

Data Breaches and Digital Identity Theft often go together as most data breaches (between 62% and 75% according to different estimates) target identity data. FinTechs thrive on data. Data is their main asset as well as major revenue generator. Obviously, financial data is always of interest to adversaries. Usually, payment card details and user information are easily harvested by hackers, who exploit the gaps within the FinTech systems. Such information leaks are especially difficult to control due to heterogeneity of financial organizations, their cybersecurity systems, as well as the speed within which they are able to address security issues.

Legacy Banking Risks is probably one of the most difficult problem to address in the banking sector as many financial institutions are trying to deploy advanced services on vulnerable (i.e., "non-patched") systems. Specifically, when organizations try to harmonize a new piece of technology (FinTech app, etc.) with the system, the resulting synergy becomes open to many different threats, primarily suffering from such issues as cyber theft.

Cloud-based Risks become increasingly severe in the FinTech sector, as most FinTechs now work with digital wallets and online payment gateways. Furthermore, modern FinTechs now need to do a lot of work with these solutions at scale. Under these circumstances, cloud computing becomes one of the main services for the FinTech sectors, and, naturally, financial companies need to think about securing this service. Cloud-based issues involve making systems stable to avoid data losses or losses of confidentiality. Another important problem is conducting analytics in the cloud, which requires additional security measures as well as additional cybersecurity process management.

AI-driven threats are related to active cyber defence. For example, in recent years, active cyber defence strategies in the financial sector involve AI-driven smart honeypot or custom honeypot intelligence systems, where certain nodes (e.g., machines) in the system are set-up as "traps" to attract adversaries and catch them as attacks unravel. Yet, the problem with these systems, although some of them are incredibly effective is that adversaries possess the same if not better technology compared to the financial institutions. That way, as the FinTech AI determines where to position the honeypots and how to spread them across the system, adversarial AI applies testing mechanisms to detect them.

Application Security Risk arises from the fact that FinTech apps are utilised not only by the FinTechs themselves, but also by many banks, who use FinTech services. Usually these apps work in real-time, delivering timely and efficient services to customers. For example, FinTech apps allow customers to quickly transfer money internationally or exchange currency. Yet, these apps often have many vulnerabilities, which could be easily exploited by the adversaries. For example, common mistake of many apps is that while they secure app features, they fail to secure advertisements, opening the gate for identity theft.

Take Aways

FinTech cybersecurity strategy requires dealing with many Technology challenges, which are usually delivered as well as solved by technology. “Patching with technology”, to date, represents the most widespread way of dealing with cybersecurity threats. A cybersecurity “patch” refers to a set or series of technological measures, changes or alterations of programming code, supporting data, underlying algorithms, or programming system logic aimed at improving the system’s security, fixing existing bugs, addressing vulnerabilities, and updating defence mechanisms. White technological patches are powerful, they are only effective if applied together with other measures aimed to alleviate Business Model Challenges, Algorithmic Challenges, and, most importantly, Human Challenges.

#patchingwithtech #cybercrime #cyberrisks #cyberthreats #datasecurity #cyberattack #hacking #risk #infosec #security #ransomware #cybersecurity #dataprotection #informationsecurity

This post was originally written by Ganna Pogrebna for the CyberBits blog in 2020