Cyber security development in fintech

The convergence of technologies such as the internet of things (IoT), artificial intelligence (AI), machine learning, big data and data analytics has played a significant role in the adoption and evolution of several fintech applications. However, with the adoption of new technology comes the risk of those applications becoming a primary source of weakness and point of entry for cyber-attacks.

The importance of strengthening cyber security strategy – particularly for main infrastructure networks due to a reliance on computer systems and digital information – has been emphasised by recent attacks. Certainly for fintech applications, new prevention strategies need to be developed, and it’s worth understanding what additional innovation is needed.

Combatting biased machine learning
The adoption of innovative digital technologies has led to venture capital investment into fintech increasing by 7% between 2015 and 2016. However, as investment increases with the adoption of new technology, so does the risk of the number of entry points being leveraged by cyber attackers. Data breaches compromise the security and reputation of the victim business, which then undermine the confidence in new fintech applications, leading to lower adoption rates.

Machine learning is an example of how new technology may be at risk, however, heavy reliance on this technology can make it harder for a system’s human administrator to comprehend the behaviour and responses of their designed system.

When building machine learning-based platforms, system designers should be conscious of the biases that can be inadvertently built into machine learning solutions, which may be exploited to mask cyber security vulnerabilities. This can be achieved through what is commonly referred to as cyber threat intelligence, by addressing external and internal sources of risk; implementing technologies which are suited to both present and future types of threats; and learning from past experiences and mistakes

Growth in mismatch between technology and regulation
Due to rapid technology evolution and the extremely slow changes in regulatory frameworks, the gap between technology and regulation is becoming even more evident. Regulators could be tempted to rush to implement hasty regulations, which ultimately stifles innovation. However, this does not mean that policy makers should remain idle either.

One of the most publicised examples of this is the high-level of bureaucracy involved with EU cyber security legislation, a highly regulated area that limits flexibility and compromises reaction speed, to the benefit of cyber criminals.

Regulators should be proactive, establishing an open dialog between fintech entrepreneurs and cyber security experts, which will aid them in gaining a holistic understanding of the technology at hand.

An example of this is the National Cyber Security Strategy (NCSS) run by the European union’s agency for network and information security (ENISA); which enables a range of national objectives and priorities that must be achieved in a specific timeframe. This ultimately helps combat cyber security risks, and promotes economic prosperity.

Millions of inexperienced workers will gain access to financial services
Businesses whose strategy is based on low profit margins are less likely to invest in robust security protocols. They will also have a high proportion of users who are new to financial services and may have little or no previous experience with cyber security risks, thus making it more likely that these businesses will be hacked. This type of issue was highlighted after the large-scale cyber attack that was carried out on Tesco Bank in November 2016, which resulted in the theft of £2.5 million and impacted over 9,000 customers.

The solution could lie with companies who create programs that educate these new users, improving their digital finance literacy. Additionally, businesses could include training on best practices which would ensure the safe management of their accounts and transactions. An example of this is Kasperksy Lab Protection, a security technology provider who delivers interactive cyber security training in the form of online training platforms, cyber-safety games and interactive protection simulations.

How can we help?
Despite rising complexities to the way in which businesses need to review and implement cyber security, there are ways to improve processes and applications. This kind of innovation can also be considered for research & development tax relief, as well as funding opportunities. At Moore Stephens we understand these developments, and provide a range of information and cyber security services and assist companies in securing funding to develop their innovation (tax rebates/subsidies).

If you would like to discuss the points raised in this article further, please contact Eyad Hamouieh with regards funding and R&D opportunities.

Leave a comment

 Security code