In this digital era, massive cyber attacks to financial institutions are increasing significantly. FinTech banking servicesas one of the most rapidly growing sector, had becoming the main target of attacks. Starting with DDoS attack that can bring the whole system down, up to the phishing techniques which resulted in loss of customer funds and data..
People living in urban area and remote villages need online banking services, specifically Fintech solution to do transactions from their mobile devices. Based on APJII data in November 2016, there are 132 million internet users in Indonesia, this lucrative market attracting Fintech startups to enter this young, huge and dynamic market.
To prevent costly impact, it is better for us to understand types of cyber attacks which targeting fintech banking services.
Cyber Attacks Types On Fintech Banking Services
Here are some cyber attacks types that already targeting fintech banking services, detected throughout 2016 to early 2017.
DDoS (Distributed Denial of Services)
DDoS attacks to financial institutions increased significantly. Networks overwhelmly flooded with 1.5 Tbps of data to online banking services. This can cause online banking went off for several days. These attacks are in addition to impact on uptime, also has another possibility to target other attacks to transactions systems on their banking services. DDoS attacks generated by botnets that use “Zombie Computer” also attacked peer-to-peer system besides the client server. Botnet malware can then be run for advanced actions.
A very serious threat to digital banking services.
Phissing done not only through online, it can also done through SMS for SMS Banking transactions. Phissing attacks can steal customers login data and stealers can replicate activities like customer would do.
Malware / Ransomware
This kind of attack usually will lock the data base and system, then demand ransoms. This attack can be categorized as piracy,
but with disaster recovery with active-reactive configuration, your company does not need to pay for ransom. This malware attack could cripple hundreds of CCTV in a city in the United States recently. Especially in fintech application, which includes a fintech’s environmental such BYOD (Bring Your Own Device) it needs proper security to ward off such attacks before many customers could not access their accounts.
Several financial institutions had already responded regarding this issue. Since two years ago, JP Morgan, Wells Fargo, Citibank and Bank of America has spent more than USD 1.5 billion for cyber security. It has to be on top of companies which provide Fintech solution to provide security solution to; repel and combat hackers, spammers and protect customer accounts.
Transitory Data on Fintech Application
To secure activity in fintech application, a fintech banking services should implement a system of “Zero Trust Network“. To achieve this, companies can implement approach ephemeral data for a fintech applications. This because most of fintech applications are in the public cloud, your data should be treated separately from public clouds.
In a zero trust network concept, your company can make some route to reach local storage in the main data center. This can be useful as security layers. The impact is Fintech system will be better protected.
Cyber security authorities in Scotland recently put regulations which focusing in cyber attacks prevention on financial institutions, especially for online banking services and fintech.
After fintech application security is guaranteed, of course, there are other things to consider such as fintech application agility. Including ease of usability for financial transactions, is the most critical thing to be maintained.
Cyber attack techniques continue to grow in terms of method and implementation. Starting from combining engineering attacks to divert attention for stealing bank’s customer funds. And in fact, until now, no one is immune to cyber attacks.
In order to ensure agility of Fintech Application, companies must implement proper disaster recovery systems. Both on cloud or on-premise, fintech banking services disaster recovery should always on. It is one of the best solution to safeguard your day-to-day operations both from cyber attacks and other things that have impact to downtime of critical system.
When downtime occurs, your business costs will be much more expensive compared to if your company already implementing disaster recovery system. Therefore, disaster recovery is one of the most important thing to prepare for companies which provide fintech services.
Two-thirds (67%) of financial services companies experiencing pressure on profit margins related to the threat against FinTech, followed by the loss of market share of 59% (PwC, June 2016).
Elitery as a company that has extensive experience in providing DRC infrastructure, will help fintech companies in maintaining company’s day-to-day operations. With our Tier III certified data center infrastructure by Uptime Institute, with zero downtime since the beginning of operation in January 2012, also with ISMS ISO 27001 certification as well as supported by experienced and certified staffs, will ensure your company’s business continuity.
Safeguarding your business is our priority. Feel free to contact us, Thank you.