Fortinet calls for joint review of critical cybersecurity areas to maintain data protection and address compliance requirements
Fortinet has said that the general lack of cybersecurity safeguards in fintech companies has raised serious concerns around data protection and compliance, especially with the implementation of European Union’s GDPR in May 2018. The recent spate of global cyberattacks has also emphasized the need for application security and cloud protection.
“While the majority of banks view these partnerships as necessary, 71% have also expressed concerns with the cyber risks associated with fintech firms, while 48% cited regulatory risks as deterrence. The report highlights that fintech companies typically have fewer human and capital resources to spend on security, let alone address other regulation requirements. More specifically, these security concerns especially surround application security and cloud use, which are the most important development inflection points that the market is demanding.
Fortinet further states that fintech companies have been able to innovate at a rapid pace, as they are not bound by legacy IT or, especially, extreme governance. This has allowed them to churn out new products and updates at an increased rate that regulatory bodies have struggled to keep up with. “However, as fintech becomes more engrained in consumers’ everyday lives, accessing and storing the sensitive personal data that cybercriminals covet is an increasing challenge, and regulatory crackdowns are inevitable,” noted the report.
To remain competitive in the new digital era, Fortinet advises banks and fintech companies to find a way forward that allows for technical innovation and performance without compromising security by focusing on the following key security areas:
Application Security: Fintech largely relies on applications that can access users’ financial profiles to perform a variety of real-time transactions. Applications are an increasingly common attack vector, and vulnerable code can be exploited as an entryway into financial networks. Banks and fintech need to ensure that a robust application security infrastructure is in place to protect user data. This should include a web application firewall enabled with current threat intelligence to identify and mitigate known and unknown threats, as well as detect and patch vulnerabilities.
Cloud Security: Many fintech companies utilize cloud services to provide consistent, scalable performance with lower upfront costs. However, the cloud must be secured differently than a traditional network or datacenter, and disparate point solutions often amplify data movement while reducing visibility across these distributed environments. Banks and fintech firms must ensure that the same security standards they apply to their own networks are applied in the cloud. In addition to detection and prevention, this security must also be dynamically adaptable and scalable to ensure that is can grow seamlessly alongside cloud use. Additionally, to secure financial data, firms need to implement internal segmentation, along with cloud access security brokers, to improve data visibility while integrating industry security standards.
Automated Threat Intelligence: An integrated defense needs to be enabled with automated threat intelligence to become a holistic system. As banks and fintech firms enter into partnerships, it will be impossible for IT teams to manually gather and assess all of this threat intelligence in a timely manner. Machine learning will be integral to this process. Cybercriminals are already leveraging automation to make attacks more effective and persistent. Likewise, machine learning and automation integrated into network security tools enable the detection and prevention of attacks in real-time, allowing organization to keep pace with cybercriminals.