By Erick Reyes, ANZ Director, Data Security, Thales
By 2030, the global fintech market is expected to be five times bigger than it is today, according to The Boston Consulting Group, as it heads towards US $1.5 trillion revenue. The APAC region is home to the fastest growing fintech industry in the world, making it an intrinsic part of that growth
Ongoing developments in innovative technologies, including Artificial Intelligence (AI), Generative AI, and quantum computing, offer significant advancements across this data-driven industry – they also make it an even bigger target for cybercriminals.
Working with a high concentration of sensitive and high-value information means financial services (FinServ) organisations are often victims of large-scale ransomware attacks, insider threats, and more. As a direct result of the fast-growing threat landscape, the industry is now home to some of the biggest cybersecurity budgets in the world.
The good news is that global investments in cyber security are starting to create an impact. Thales’ latest 2024 Data Threat Report for Financial Services organisations showed a drop in data breaches against financial services organisations. While the proportion of FinServ organisations that have ever been breached remains high (39%), it is 10 percentage points lower than other industries. What’s more, breaches in the last 12 months decreased by nearly half.
Data breaches might be dropping, but don’t get comfy
While this snapshot of activity is an encouraging sign, it’s likely to be short lived. While FinServ organisations propel their industry forward using sophisticated technologies, cyber criminals are leveraging the exact same method to launch ever-advancing attacks.
Data breaches are an important indicator of an industry’s vulnerabilities, but we must look at the entire cyber threat landscape to fully grasp the precarious position Fintech organisations are in.
While ransomware attacks continue to grow – two in ten FinServ organisation report experiencing an attack in the past 12 months – only a quarter of organisations have a response plan in place.
FinServ organisations also continue to struggle with cloud security; a significant concern considering the sensitive nature of the data they manage. On average, 43% of data stored by FinServs in the cloud is sensitive, while human error and the exploitation of previously unknown vulnerabilities remain the leading causes of cloud-based data breaches.
Understanding the next wave of AI and quantum-driven threats
What makes securing financial services organisations so complex is the often disparate and highly distributed architectures that support a range of users: from executives and HQ staff to retail branches and customers. Their security perimeter is vast, and the rise of emerging technologies is not only increasing the attack surface but also weakening perimeter defenses.
On top of this, cybercriminals are investing in AI to attack AI, creating the next generation of cyberattack weaponry. The advancement of GenAI is one of the main reasons automated traffic – particularly bad bots that are used to evade security controls and identify vulnerabilities at scale – has increased over the past year.
The world may still be years away from fully entering the quantum era, but technology is progressing rapidly, and all too soon a quantum cyberattack will become a real possibility. Armed with quantum power to break traditional encryption algorithms, cybercriminals will be able to analyse massive amounts of data, crippling large networks in a matter of minutes. Everything we rely on today to secure connections and transactions – keys, certificates and data – will be at risk.
In particular, the threat of Harvest-Now-Decrypt-Later (HNDL) attacks are creating a concern amongst the security community. Such attacks enable criminals to collect encrypted data today with the intention of decrypting it in the future when the capabilities become available.
What does “being ready” really mean?
Future threats yet to be created by advanced technologies are a huge source of unease but ultimately, they are out of our control. The concern today must turn to an overall lack of preparedness.
Going head-to-head with attacks driven by AI and soon, quantum computing, means having technology, human resources and response scenarios in place.
In environments where critical workloads are hosted, IT and OT are continuing to converge. Here, successful cybersecurity strategies will be the ones that include comprehensive DevSecOps programs, strong cloud security and access management tools, as well as continuous assessments of risk exposure to emerging threats.
In a world of growing cybersecurity unknowns, Fintechs must take proactive measure that they can control.