IBM Security Leader Talks Political Impact on Fintech

by · August 25, 2022

IBM Security Leader Talks Political Impact on Fintech

As partner director of IBM Security Services, Cory Hamilton oversees IBM’s global financial services sector. This task includes monitoring the state of cyber security in banks, financial markets and insurance companies. His day-to-day role involves working with the C-suite of the global 2000 to enable their digital transformations through security programs, enhancements, advancing their maturity, software technology deployment and providing general consulting services. Hamilton also has an internal role leading IBM’s global practice.

How does the current political instability affect global cyber security and the frequency of attacks in relation to FinTech?

You cannot ignore the geopolitical climate of the Russian war in Ukraine. We have certainly seen various attacks in the financial space as well as in government. Within Ukraine and Russia, banks have certainly been affected on both sides or in both countries. We have actually seen some of the largest distributed denial of service attacks ever reported due to this type of political instability.

See also  Future Competency Framework identifies key skills to increase Fintech competitiveness

We have not observed large-scale retaliatory attacks against the West or the Western financial banking system because of the wars. But we have certainly seen an increase in general organized crime.

The attacks are no longer immature people in basements. These are highly functional organizations that are focused on organized criminal activity within the cyber realm.

There is also the political climate with inflation as a result of the COVID 19 era. The political instability, as well as just the global economic landscape that we’re in, has certainly been a ripe environment for more impactful breaches, by an increase in the amount of breaches that we’re seeing.

The fintech and banking industries have become far more interconnected in the last two years. What is your view on open banking and embedded finance in terms of the level of vulnerability to cyber attacks? Have these innovations made things easier for cybercriminals?

When it comes to open banking and embedded finance, organizations are implementing those that are largely driven by customer demand. Increasing accessibility and facilitating the processing of transactions is an opportunity for organizations to increase market share and better serve their customers.

It has certainly been a challenge in terms of securing it for a couple of reasons. One, through open banking, when you open up through the use of APIs, customer data and potentially processing data, there is a risk that as it becomes more open, you inherently give others access that traditionally wouldn’t have. The fintech area, through open banking, was pushed down through regulations. Many fintech providers are not regulated or certainly not regulated to the same level as traditional banking organizations are.

See also  Capital Markets Veteran and Fintech Pioneer Kelley Millet Fo ...

Essentially, you have start-up organizations that are really growing from nothing every week, and they’re succeeding because they’ve got a new tool, a new process, which is very quick and easy – and can enable the customer to travel. They concentrate on speed to market and simple solution.

Well, if you have speed and ease, that doesn’t necessarily make it the safest. And usually these organizations, fintech providers, provide applications, provide software, but they are not security companies.

You can either have it [success] very fast, but ease of use and security may be lacking. It is a delicate balance that we see where fintech, certainly because of the limited regulatory requirements for controls, may not have the same level of security or practice the same protocols and practice the same scenarios as a more traditional banking institution would.

IBM recently released the Cost of a Data Breach Report. It says that a year after the Biden administration issued a cybersecurity executive order that centers around the importance of zero trust to strengthen the nation’s cybersecurity, only 21% of critical infrastructure organizations studied adopted a zero trust security model. 17% of these critical infrastructure breaches were due to a business partner being compromised, highlighting the risks posed by over-trusted environments. What does this mean for businesses going forward, especially in light of the expansion of IOT and digital ecosystems?

This year, the 2022 cost of a data breach, is our 17th year of publishing this report and the Biden administration, cybersecurity orders pushing for critical infrastructure and zero trust. As for the Biden administration’s cybersecurity order pushing for critical infrastructure and zero trust, I would say that critical infrastructure is a broad bucket.

See also  Tenet Fintech: Investor presentation

It’s not just financial services. There is also healthcare, manufacturing and energy. The financial industry probably makes up a majority of the 21% who have adopted a zero trust model. Financial services have traditionally had the most to lose. Since the beginning of banking, they’ve always had a currency, they’ve had that money, attackers go where the money is. It has only been in the last decade or so that the IOT devices have started to create data.

But data is the wealth that everyone is after. It is the new currency of the 21st century. In terms of the expansion of IOT and the digital ecosystem, it is certainly a concern… This is an opportunity to get security right. Traditional organizations via the construction of the internet, created the connections, and then added security afterwards.

Now, as organizations join the cloud through the use of regulated or industry-specific clouds, security is built in by design.

The challenges as other critical infrastructures that are less mature (such as healthcare, manufacturing and energy) as the legacy IOT systems come online, we will see a significant jump in the overall security posture of these organizations due to the shift from legacy Infrastructure that was never intended being connected online, is now moving to the cloud and therefore has integrated security by design, along with regulated cloud structures.

So what type of breach is most likely to occur specifically in fintech at this time and possibly going forward?

When it comes to cybersecurity, fintech is one of the areas likely to see the most success. But the most popular method of infiltration is phishing – and it’s going to happen. When people join some of the new fintech technologies, they may not be as familiar with how that organization is reaching out to them. A simple phishing email saying “Hi, this is such and such an organization. Just want to confirm that… Please reply back with your account number and password so we can ensure this transaction goes through”, is very common.

Stolen and compromised credentials are certainly a concern for organizations because they may not have a very robust security program. The security personnel may be one or two personnel working within the fintech. Cloud misconfiguration is certainly a concern for fintech as well.

When it comes to ransomware and malware, that’s a concern. We’ve seen cases where ransomware attacks have occurred, although I wouldn’t say that fintech is more vulnerable to malware or ransomware attacks than a traditional bank.

Related posts:

  1. Financial wellness platform Cleo raises $ 80 million
  2. Fintech files: The FBI is hunting for CryptoQueen while Vauld signals more market turmoil
  3. Fintech Landscape of Senegal 2022
  4. Amid broader VC decline, investment in fintech startups is falling

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Headline Posts