BENGALURU: The fintech sector is seeing a growing adoption of cloud services, IT modernisation and integration of traditional silos with artificial intelligence and machine learning solutions. The interconnected nature of the fintech sector, with its large number of third-party vendors and partners, makes it vulnerable to cyber attacks. According to the Computer Emergency Response Team-India (CERT-In), there will be 4,29,847 cybersecurity incidents related to financial institutions in 2023 alone, up from 6,168 in 2019.
A recent PwC report said the fintech industry is becoming more vulnerable to ransomware attacks due to its integration of advanced digital payment systems and other solutions for the banking industry that use complex AI/ML algorithms.
Beyond digital wallets, fintech companies also manage vast amounts of sensitive financial data, including transaction details, customer records and payment information, helping cybercriminals scale their attacks across different subsectors.
A PwC report, “Beyond the Cloud: Strengthening Fintech's Preparedness and Defense Against Cyber Threats,” noted that a data breach occurred at an Indian money lending platform in April 2022, resulting in sensitive customer data being leaked online, including more than 6.5 million files totalling more than one terabyte.
Main threats
Among the many threats, the key ones to watch out for in this space are GenAI threats, deepfakes, phishing and multi-cloud threats. “Fintechs need to be aware of the evolving landscape of advanced cloud-enabled cybersecurity threats. Moreover, the interconnected nature of cloud environments increases the risk of data security being compromised as attackers exploit a multitude of weaknesses,” the report adds.
Recommendations for fintechs can include:
1) Cloud-Native Security: Cloud-native security services and tools from cloud providers can be adopted to improve security parameters. Invest in cloud-native application protection technologies (open source is an option) to achieve real-time cloud visibility. With a strategic approach, adopt cloud infrastructure management platforms, cloud security assessment software, and solutions.
2) API Security and Secure DevOps: Integrate security mechanisms into your DevOps processes to ensure security practices are deployed from the earliest stages of development.
3) Implementing ML and AI solutions: Fintech companies can employ advanced AI/ML-powered models and algorithms to predict and potentially protect against emerging cyber risks.
4) Risk Analysis of GenAI and Large Language Models (LLM): In addition to maintaining an up-to-date risk matrix, we regularly perform comprehensive risk assessments for all implemented GenAI platforms/solutions and LLMs.
5) Regulatory Compliance: We ensure that we adhere to existing regulatory frameworks and stay abreast of new and upcoming regulations to ensure maximum data security and consumer protection.
