The sudden growth in the financial markets, cyber crime has found a new lease of life. The global investments in FinTech have increased at least 13-fold. This has attracted the attention of hackers from all over the world. Companies in the US are facing a major threat this year. 2015 witnessed 141% more hacking and threats as compared to 2014. The result was a financial loss of close to $20 million.
According to a report published by PwC in 2016, the leading American finance institutions like Wells and Fargo spend over $.15 billion per year on cyber security. Between June 2015 and April 2016, hackers have compromised data worth $400 billion from different companies around the world. Among them, over 10% financed businesses and services. According to Forbes, the investments in cyber security will skyrocket to a whopping $1 trillion by the end of 2019.
What are the most common causes of a data breach?
Sometimes, data-loss is a pure accident. For example, Piedmont Advantage Credit Union lost massive amounts of sensitive company and client information when they misplaced a company laptop. Judy Tharp, the SEO of the Winston-Salem wrote, “On January 31, our team realized that a credit-union owned laptop could not be located. It contained Piedmont Advantage Credit Union customer data”.46,000 members of the FinTechCompany were speechless by the incident.
Most commonly, insiders pose a significant threat in a data breach. This is very common for Finance Services. According to a Verizon Data Breach Investigator’s report from 2015, finance services and healthcare are two of the prime industries affected by insider activities and data leaks.
How to understand data breaches better?
Prevents any security and data breach requires a keen understanding of the nature of the threat. There is no better way to understand the risks than to study a few incidents from around the globe. Here are a few interesting cases of financial breach that have drawn our attention –
The Tesco Bank incident –
The Tesco Bank incident is one of the most scandalous debacles in the history of finance and planning. About 40,000 accounts at this bank lost sensitive data after a cyber-attack in November 2016. These customers lost real money from their accounts. These clients had as much as $763 deducted from their accounts. While some still suggest a third-party retailer involved in the attack, we believe, it was the work of some of the best hacker masterminds.
Morgan Stanley data breach –
This happened back in January 2015 when an employee stole account information of about 350,000 clients. This is the highest number of personal data breaches that occurred at a FinTech company. Although,it did not cost the consumers any money. The impact of the data loss was undeniable.
American Banking Association violation –
The American Banking Association or ABA suffered a massive record abuse in 2015. ABA declared that hackers had intercepted the name, emails, and passwords of over 6,400 shopping cart users. ABA discovered this on September 30, 2015. There were not sure as to how the breach occurred. Nonetheless, they were sure that the hackers stole 15 million customer records.
Foreign companies face a threat too –
UK-based finance companies are under constant threat as well. Some finance companies like the Chartered Institute for Technologies, Lloyds Bank, Barclays, and Credit Cared Company experience as many as 195,267 threats by the end of 2015.
Chinese exchange Bter suffered a major breach where it lost $1.75 million worth in bitcoins. It affected close to 20,000 customers. The attack was untraceable, and the company is tight-lipped about the source and nature of the attack.
The threat is increasing every day –
The rate and occurrence of cybercrime attacks against finance companies are increasing tremendously. Cybercrime organizations like DD4BC are becoming stronger and more active by the day. This is a particular extortion hacker group that asks companies to pay the ransoms in Bitcoins.
This makes the transactions untraceable. They use high-end encryptions for their messages and transcriptions. Akamai, a US-based firm has confirmed the increase in cyber-attacks in the last two years. In 2016, finance services and credit unions faced about 58% of all cyber-attacks, and other companies met about 35%. Even government-run organizations are not safe from similar threats.
How to combat cybercrime against banks, credit unions, and loan companies?
The easiest way is to stay in touch with a security firm that can monitor your firewalls. If you run a FinTech website, you should pay close attention to the updates these security companies send. Target, the US-based retail giant, lost about 56 million customer card details after the authorities failed to notice a mail from their security team.
Here are a few time-tested ways to make sure your website remains free from cyber threats –
- Refrain from using open source technologies
- Use custom code from reliable sources
- Use private hosting and private cloud storage
- Secure your database with best firewalls
- Invest in better DBA services and security services
Why are FinTech companies the prime target?
People seek the services of FinTech companies from time to time. The debt relief companies face a higher percentage of the threat since most people trust these companies with their account details and card details. Debt relief companies can provide debt counseling and debt management. Both of these services require the customers to provide their financial details.
Most finance services have tons of customer data on their cloud and website. If a hacker gets access to any one of the two, they can use it to breach account information, contact details, card details and identity details of customers. They can either ask for ransom against the sustained release of data, or they can use stolen data to siphon money from customer accounts.
Unless uniform regulatory measures become compulsory for all the websites, controlling cyber-attacks will be impossible. Websites need to take stronger steps to protect their customer information.
Author Bio:Isabella Rossellini is a website security expert. She works with FinTech companies to reinforce their firewalls and security. She has worked with debt relief companies to study the nature of threats and the most vulnerable user communities.