The global financial ecosystem has become increasingly reliant on digital infrastructure, and it’s a problem.
A new countless amount of cyberattacks and threats have put the financial industry, including fintechs at greater risk of being exposed to bad actors. These incidents have made it increasingly difficult for fintech companies and startups to grow their influence among existing and new consumer markets.
Only manufacturing, finance, and insurance have seen the highest number of known cyberattacks between 2020 and 2021 according to an X-Force Threat Intelligence Index 2022 by IBM.
Other industries such as professional and business services energy, retail and wholesale, transportation, and government, among others have witnessed an increased number of cyberattacks during the same period.
In the geographical arena, the Asia-Pacific region took the top spot for the most cyber-attacked region in 2022 according to the IBM index. The region accounted for about 31% of all incidents remediated worldwide.
The onset of the pandemic helped fuel the financial industry’s digital transformation. Yet, at the same time, it has come with a perpetual objection, prompting governments and institutions to introduce more stringent data and privacy regulations for fintech companies.
Our global reliance on digital infrastructure, specifically in the finance category has yet to clarify who is responsible for protecting the system against any possible threats.
And while fintech continues to grow, helping to break down financial barriers and accessibility for millions of consumers, cyber threats are relentlessly introducing new problems for the industry, consumers, and businesses.
Global Industry Connectivity
One of the wonders that fintech has brought to the world stage is its almost seamless compatibility on a global scale. Traditional banks and new-age financial institutions are increasingly connected, despite not being within geographical range or proximity.
With the development of more advanced digital infrastructure and software systems, fintech companies can deliver a simple, yet reliable software service to consumers located in remote corners of the world.
Piggy-backing on existing infrastructure, or simply becoming a third-party service delivery agent has meant that even if fintechs do not have the frameworks in place, they can rely on the groundwork that came before them.
While on paper the relationship between these institutions seems like a viable long-term solution, it often complicates matters at both ends if flaws in the system are detected by bad actors or malicious intruders accessing data sources.
The risk of data loss, misuse of information, operational disruptions, and other known threats are now interchangeable, as companies and institutions are linked with information technology (IT) infrastructure.
It only further brings about more complications such as legal actions and reparations. Which side of the communication channel was responsible for the intrusion, and who will be held liable for repairing the damages? Other facets including costs, and upkeep of cybersecurity infrastructure place another burden on all involved parties.
While it has made the world a more connected place and provided that it delivers safe, trustworthy, and authoritative services to consumers globally, flaws in the system serve as an entry point for bad actors that have become more interlinked than ever before.
The Rise Of Cloud Computing
Fintech companies and startups have for quite some time leveraged the possibilities of cloud computing, enabling them to develop and grow their frameworks into untapped consumer markets.
The rise of cloud computing has given life to new forms of understanding and transacting with money. Massive volumes of data and information can now be instantaneously accessed and shared among involved parties.
For financial services, cloud computing enabled them to develop services and products such as digital wallets, payment gateways, neobanking services, and digital form filling.
All the while these services provide consumers and businesses with a seamless financial experience, it also poses both short and long-term risks.
The scalability of cloud computing has taken a more principal position for malicious players. By accessing local data centers, these bad actors now have access to an unlimited amount of private information and data.
Although security measures have been implemented over the years as the complexity of cloud computing developed, conventional systems still exist and can act as a gateway for hackers and daring cybercriminals.
Incidents relating to data centers being infiltrated and hacked are plentiful.
In January 2023, around 12 of Costa Rica’s Ministry of Public Works servers were attacked by ransomware, shutting down all of its servers. During the same time, the Albanian government was witnessing daily cyber attacks following a major incident linked to Iranian hackers in 2022.
Even the U.S. government and the National Security Agency (NSA) have been accused of committing several cyberattacks against Northwestern Polytechnical University in China. The Chinese government claims the NSA and U.S. authorities are stealing user data and tapping into its digital communications networks.
Threats at a geopolitical scale only highlight further the important role cybersecurity plays for the financial sector. It’s a disheartening thought to consider, that if a country’s national computing servers can be infiltrated, how quickly will hackers and cybercriminals be able to jump over the barriers imposed by financial providers and fintech companies?
That’s still only the tip of the problem.
Mass issues such as these aren’t the only challenge fintech companies are facing. The number of consumers that access data and networks using unprotected and underhanded internet connectivity in different regions of the world also pose a different threat to the integrity of the system.
Internet connections are often protected by a VPN, and for consumers and small businesses that do not have a VPN installed on their computer, open themselves to wider scrutiny from hackers and malicious actors.
Often hackers are able to tap into a computer or system without a person being aware of their presence, tracking and monitoring activity, infecting devices and spreading malware on devices. To avoid these risks, it is recommended to learn how to use VPN properly and to ensure that all internet connections are secured with a reputable VPN service.
With smaller and less secure fintech companies relying on other traditional existing systems, or newer infrastructure specially erected for digital finance, how much easier will it become for malicious actors to access conventional data centers?
Digital Compliance Matters
Although not solely related to the increased risk some fintech companies are exposed to regularly, compliance matters across different regions have made it harder for some fintech companies to operate in their target markets. Perhaps not because they are unable to provide a reliable service, but because they are unequipped with the proper cybersecurity infrastructure required by local authorities.
Lawmakers have for several years been looking to introduce more stringent and reliable compliance matters that can help protect its national financial service ecosystem and consumers' private information and data.
As some economies are spearheading this trend, others are seeing slower adoption of progressive regulatory factors due to a lack of information, knowledge, and the proper resources to implement these structures.
Issues of diplomacy not only strain some fintech companies from operating in specific geographical regions, but it means that companies that are not required to monitor consumer activity, are only helping to fuel an illicit industry operating under the nose of the authorities.
Where companies are not required to monitor, track or report any suspicious activity which they may deem a threat to both themselves and consumers, bad actors are often able to freely roam without needing to stress about regulatory consent.
In itself, it brings different questions to mind relating to consumer privacy and data collection factors that have for some consumers lead them to become victims of cybercrime in more than one possible way.
Another question is, how much is too much regulation? The rise of digital currencies and decentralized finance (DeFi) has meant that some users are disconnected from more traditional institutions, and are solely using blockchain technology for their financial activities.
Using this sort of technology makes it harder for regulatory institutions to properly monitor any possible malicious activity that may be taking place. For fintech companies on the other hand, it poses a risk to their cyber frameworks and customers if they have more lenient standards by which they operate.
When we start to mix how some fintech companies can provide consumers with a broad range of services and products in one part of the world, while withholding it in another due to regulatory concerns, it still puts countless consumers and businesses in direct contact with cyber threats that are often unknown to them.
Fintech has a growing number of possibilities that provide consumers with direct access to financial services that enables their financial autonomy.
While large-scale fintech adoption has seen vigorous growth, it’s an industry that is yet to mature and understand the cyber challenges that come with democratizing the finance industry.
Although there is no correct solution to the evergreen problem, understanding how cybercriminals are an ongoing threat to not only small-scale financial services, and the global finance ecosystem will enable fintech companies to go to work on reliable cybersecurity frameworks that is complicity with standardized regulations, but set the tone for the years head.