How to mitigate fintech cybersecurity threats

by James · December 8, 2022

Gerhard Mentz, IT manager, Altron Fintech.

As modern organizations become more digital, they inevitably generate a greater number of cyber security risks. Therefore, the focus is on ensuring that the company’s IT department can react quickly to any such risk, as well as on implementing innovative solutions that will improve security.

According to Gerhard Mentz, IT Manager at Altron Fintech, the biggest threats organizations face today are ransomware and social engineering, both of which target employees who are not sufficiently security aware.

“Although companies can implement technologies to reduce cyber security threats and conduct audits to ensure that security processes are followed correctly, their weakest point is still the employee. Therefore, it is crucial to spend enough time and money to ensure that all employees receive the necessary training in cyber security, he says.

“At Altron Fintech, for example, the most critical data we protect is the card information we store, so this is obviously properly masked and encrypted, and we ensure our network is compliant with the Payment Card Industry Data Security Standards (PCI-DSS). ).”

Exposure of payment data, Mentz explains, is one of the biggest risks a business in the financial sector faces. Such an event would have serious consequences for the organization, and to prevent such a scenario, it is important to have partnerships in place to ensure a high level of PCI-DSS compliance.

He further notes that in this sector it is important to expose systems to constant vulnerability and penetration testing, while implementing security policies to ensure that employees and customers use the correct security processes at all times.

“Security starts at the software development level, and developers complete annual training to ensure the code they write is secure. It is also crucial not to forget legislation such as the Personal Information Protection Act (POPIA), thereby ensuring you have the relevant processes in place to keep this important data secure.”

“It is also recommended that your business undergo regular audits, as well as external penetration and vulnerability scanning. Ideally, you should bring in a third-party device that can not only help identify weaknesses in the system, but actually try to exploit them, so you can learn the best way to defend against a real attack.”

Mentz indicates that the damage that can be done to a business by failing to follow the above advice is enormous. Not only are fines punitive – and therefore large – but any forensic investigation that follows a breach will have further ramifications. And this is without taking into account the potential financial, brand and reputational damage a breach can cause.

“What the above shows more than anything else is that cyber security, and indeed security in general, requires a multi-faceted approach. To be able to claim that your business is secure, you need to have all the elements mentioned above in place – the latest technology, regular security testing, continuous security training for employees and the implementation of software that is PCI-DSS accredited – to ensure that you have a 360-degree security focus.

“Ultimately, if you’re running a digital business of any kind, but especially one in the fintech arena, security needs to be top notch at all times. This means understanding everyone’s roles and responsibilities, implementing and maintaining relevant policies and processes, and consistently spend time, effort and money to ensure that the systems, employees, networks and business environment are kept as secure as possible,” he concludes.