Building security from the ground up to avoid data breaches and tackle cybercrime

Cybercrime is rapidly growing, and this year, more so than ever, has been hit with hackers committing cyber-attacks. From Microsoft’s Exchange Server, taking Australian TV network off the air and disrupting fuel supplies so badly that drivers were filling plastic bags with gasoline it is not surprising to hear that cybercrime will reach $6 trillion this year.

This has costed the world more than all natural disasters, climate change and military spending. And then, the Pegasus Spyware scandal showed that state and state-affiliated actors are far more likely to be behind cyber-attacks than the stereotypical bedroom hacker. Like war, hunger, and climate change, we need a global response and a large and skilled workforce to combat cybersecurity.

Due to the types of information which could be breached and the financial impact, cybercrime is more pronounced in the finance industry. Even though they have their high investments in security, they are being attacked more commonly. Individual attacks can cost on average $18.3 million and 70% of companies report a security incident. On average, financial institutions spend 10.9% of their budget on cybersecurity. FinTech companies tend to be smaller and less established and so, they could be even more at risk. They are having less budget and expertise to devote to cybersecurity. Therefore, a vulnerability in a challenger bank’s mobile app or an unencrypted transfer of customer data could allow fraudsters to access banking details easily.

As the technology is always evolving, cybercrime will continue to rise. From developers leaving security vulnerabilities in their code, to office receptionists not asking the right questions of their callers, to employees leaving laptops on public transport or clicking a link in an email, 95% of breaches were attributable to human error. These were collected according to a report by IBM. In order to help reduce cybercrime, it is vital that companies develop a holistic approach in which cybersecurity is integrated into every part of the company.

While social engineering is often the cause of a costly data breach, and it is important for all organizations to do all they can to mitigate these by offering employees cyber security awareness training. And then, it is also important for IT teams to define who has access to the data. The mentality that once existed in cybersecurity, where passwords protected the outside of networks while employees were free to do as they wished inside will no longer work. Hardware security, such as Payment HSMs are a valuable tool to invest in. They are designed specifically for the card payments sector, providing optimized performance for processing, and encrypting sensitive data.

By using a fully managed service, FinTechs can convert capex to opex while deploying best-in-class security technology. In doing so, resources are freed up internally to focus on the core business. It is important for financial institutions of all sizes to understand and remain vigilant to the potential target for cyber-attacks. By implementing a holistic approach, adopting both best-in-class security solutions such as Payment HSMs and employee training and awareness, companies will be in the best position to tackle potential cyber-attacks.