As
with
every
other
sector
that
has
embraced
digital
transformation,
cybercrime
has
become
a
more
prominent
threat
in
finance.
According
to
VMware’s
Modern
Bank
Heists
study,
since
the
COVID-19
pandemic,
there
have
been
238%
more
cyberattacks
on
companies
in
the
financial
sector,
a
shocking
rise.
The
recent
string
of
attacks
on
DeFi
platforms
shows
clearly
how
fintech
companies
tend
to
be
a
big
prize
for
bad
actors.
Fintech
apps,
especially,
tend
to
offer
the
potential
for
massive
payoffs.
Attackers
can
also
cause
more
damage
by
targeting
users
of
the
tech,
who
may
implement
less
rigorous
cybersecurity
measures.
One
malicious
app
can
strip
fintech
users
of
their
assets
and
leave
the
fintech
company
with
a
reputation
in
shambles.
Fintech
companies
are
having
to
rethink
how
they
approach
their
identity
and
access
control
strategy
to
ensure
that
their
platforms
are
equally
trusted
by
both
consumers
and
businesses.
As
this
industry
continues
to
adapt
to
the
cloud,
it’s
imperative
that
the
proper
controls
be
put
in
place
to
retain
an
organization’s
security
posture
—
and
this
comes
with
its
own
array
of
challenges.
Why
Fintech
Applications
Are
Hard
to
Secure
Cloud
development
has
made
new
types
of
apps
possible
and
existing
apps
work
better
than
ever.
However,
it
has
also
generated
new
opportunities
for
misconfigurations,
human
error,
and
identity
management
issues,
and
it
has
rapidly
expanded
potential
attack
surfaces.
Because
fintech
apps
are
leveraging
a
massive
range
of
technologies,
this
continues
to
be
one
of
the
most
challenging
areas
when
it
comes
to
security.
Whether
moving
a
legacy
app
to
a
new
and
better
cloud-based
architecture
or
expanding
existing
capabilities,
any
type
of
change
leaves
an
organization
vulnerable
at
cloud
scale.
This
can
make
the
blast
radius
of
a
single
attack
much
larger,
since
an
infrastructure’s
attack
surface
now
expands
and
is
dynamic
in
the
cloud.
Fintech
applications
also
must
meet
tight
regulatory
standards
that
vary
around
the
world,
and
often
face
steep
fines
for
noncompliance.
For
example,
in
2019,
the
Spanish
DPA
fined
a
financial
service
provider
1
million
euros
due
to
an
insufficient
legal
basis
for
data
processing,
which
violated
General
Data
Protection
Regulation
(GDPR).
Operating
in
the
financial
realm
means
providing
a
higher
level
of
accountability
to
customers
and
across
the
industry,
which
can
be
a
tall
order.
Fintech
demands
that
organizations
ensure
visibility,
reliability,
and
correct
configuration.
To
stay
competitive
in
this
very
crowded
arena,
fintech
companies
need
to
keep
a
tight
grip
on
security
and
privacy
from
day
one
of
development,
especially
as
third-party
services
continue
to
grow.
How
Third-Party
Services
Can
Increase
Security
Challenges
As
fintech
organizations
become
more
dependent
on
vendors
and
other
partners
such
as
manufacturers,
suppliers,
and
subcontractors,
as
well
as
increasingly
complex
supply
chains,
they
also
become
more
exposed
to
attackers.
Respondents
from
CRA
Business
Intelligence’s
recent
Third-Party
Risk
Survey
believe
that
third
parties
are
increasingly
the
cause
of
IT
security
incidents,
with
more
than
half
of
all
respondents
(57%)
reporting
they
were
victims
of
an
IT
security
incident
—
either
an
attack
or
a
breach
—
related
to
a
third-party
partner
in
the
past
24
months.
Organizations
often
lack
visibility
into
third-
and
fourth-party
partners,
and
with
that,
the
vast
scope
of
data
accessible
to
them.
In
today’s
software-centric
world,
interoperability
is
essential,
but
it
often
leaves
organizations
even
more
vulnerable
to
attackers.
Fintech
developers
must
remain
constantly
alert
for
potential
software
supply
chain
issues
and
the
security
challenges
third-party
services
can
bring
to
their
organizations.
Remaining
Compliant
Amid
Tight
Regulatory
Standards
In
direct
response
to
recent
high-profile
cases
of
fraud
within
cryptocurrency,
regulators
are
beginning
to
pay
even
closer
attention
on
the
already
highly
regulated
space,
creating
a
challenge
for
fintech
applications
and
companies
to
stay
on
the
pulse
of
these
changes
and
remain
compliant
and
protective
of
their
sensitive
information.
According
to
Gartner’s
Fintech
in
2022
Report,
fintech
leaders
ranked
regulatory
challenges
as
the
top
threat
to
their
business
right
now.
In
the
midst
of
these
shifting
regulations
and
requirements
that
vary
around
the
world,
including
Payment
Card
Industry
Data
Security
Standards
(PCI-DSS),
Anti-Money
Laundering
(AML)/
Know
Your
Customer
(KYC),
and
newly
established
California
Privacy
Rights
Act
(CPRA)
regulations,
companies
are
being
pushed
to
button
up
their
data
protection
and
privacy
standards.
So,
how
can
businesses
remain
compliant?
Every
enterprise
must
know
who
has
access
to
the
data
and
applications,
their
location,
and
what
they
do
with
it.
As
threats
continue
to
grow
exponentially
within
fintech,
implementing
identity
and
access
management
(IAM)
tools
will
be
essential.
It’s
important
for
an
enterprise
to
have
the
proper
technology
and
processes
in
place
to
not
only
ensure
they
remain
compliant
with
industry
regulations,
but
also
provide
consistent
protection
for
their
sensitive
data,
especially
in
the
cloud.
IAM
tools,
for
example,
provide
organizations
security
that
won’t
slow
down
development
or
add
more
work
for
their
teams.
The
security
threats
posed
by
financially
motivated
cybercriminals
will
unfortunately
only
become
increasingly
sophisticated.
The
fintech
industry
is
faced
with
much
pressure
to
protect
sensitive
customer
data
and
needs
to
be
prepared
for
cyber
threats
by
establishing
a
proactive
security
posture
and
robust
identity
and
access
management
strategy
that
can
handle
the
complexity
and
scale
of
today’s
cloud
security
challenges.
About Author
