FinTech: The Threat Landscape and Promising Initiatives Information Security Conference for the Financial Sector Doha, Qatar 5 November 2017
The FinTech landscape • In the first nine months of 2016, global investment in FinTech reached 21 billion US D • New investment has propelled innovation, which is revolutionizing the FinTech sector • Just as FinTech continues to evolve, so too does the threat landscape and the stakes involved with not employing cybersecurity measures (Financial S tability Board, 2016) FinTech: The Threat Landscape and Promising Initiatives Doha, Qatar 5 November 2017
Costs of FinTech Cyberattacks
Costs of cyberattacks • The costs of not employing sound cybersecurity measures can be accrued in the following ways: – Direct costs: the actual monetary values – Indirect costs: the amount of time, effort, and other organizational resources devoted to cyberattack resolutions – Opportunity costs: the lost business opportunities as a consequence of negative reputation, which usually occurs after the attack is publicly reported, including to victims FinTech: The Threat Landscape and Promising Initiatives Doha, Qatar 5 November 2017
Costs of cyberattacks • According t o t he Ponemon Inst it ute, companies incurred t he following direct cost s aft er suffering a cybersecurit y breach: FinTech: The Threat Landscape and Promising Initiatives Doha, Qatar 5 November 2017
Possible Threats
Types of cybersecurity threats 1. Loss of financial data: Financial data breaches are on the rise due to lack of data encryption for sensitive data 2. Internet of things and cloud computing weaknesses: Easily hacked by cybercriminals 3. Third-party financial services: S ome of the services provided by third parties to financial institutions may be prone to cyber-attacks FinTech: The Threat Landscape and Promising Initiatives Doha, Qatar 5 November 2017
Types of cybersecurity threats 5.Risks of mobile banking: More and more people are conducting banking transactions on their mobile phone. However, sensitive data stored on your mobile device is at a huge risk 6.Manipulation/Alteration of Data: Hackers intentionally change or manipulate the user/ organization’s data, in order to compromise it 7.Malware threats : The popularity of ‘ Bring Y our Own Device’ (BYOD) increases the opportunity of affected devices being present over the connected network. Hidden malware in one device can then hij ack customer data from devices easily FinTech: The Threat Landscape and Promising Initiatives Doha, Qatar 5 November 2017
Types of cybersecurity threats 8.Sophisticated spoofing attacks : Hackers can hij ack your bank’s website and steal user-related data 9.Chip/PIN attacks : attacker can capture what is called Track 2 data that's transmitted from the card to the card reader using a small Raspberry Pi computer. The captured data, which is sent unencrypted, can then be used to create a normal magstripe card for use on older, offline systems 10.A TM cyber-attacks: Massive financial losses to be incurred by such attacks FinTech: The Threat Landscape and Promising Initiatives Doha, Qatar 5 November 2017
Possible Risks
What are the potential risks? National legal and Under-resourced and Risks in market regulatory risks unskilled personnel behaviour Cross-border Cyber-threats Macro-financial risks legal issues FinTech: The Threat Landscape and Promising Initiatives Doha, Qatar 5 November 2017
Further potential risks? Rapid innovations Third party reliance FinTech: The Threat Landscape and Promising Initiatives Doha, Qatar 5 November 2017
Promising Initiatives
Advancing cybersecurity Compliance software Machine learning Promising Public-private Capacity-building initiatives in partnerships to protect the FinTech consumer data Sector Regulatory balance Awareness raising and coherence campaigns FinTech: The Threat Landscape and Promising Initiatives Doha, Qatar 5 November 2017
UNICRI Cybersecurity and Technology Misuse 2004- 2013- 2016- 2013- 2013- 2014- 2013 2007 2015 onwards 2015 2016 2016 Hackers Profiling Cybercrime and the risks SECURED Projeecct for the economy SECURitty at and enterprises UNICRI Strategic Engagement the network Edge at the European Union In Technology: and Italian levels Supporting The Fight Against Crime And Responding To Information Shharing ePOOLICE The Misuse Of Technology and “early Pursuit against Public-Private Paarttnnerships Organizzed crime using envirOnmental scanning, the Law and COURAGE IntelligenCE systems” Cyber Crime and Cyber Terrorism European Research Agenda
Current UNICRI initiative: SIRIO-Security Improvements through Research, Technology and Innovation • Analyse emerging and future security risks; • Identify emerging technology to match security needs; • Promote the use of technology based-solutions to increase security; • Raise awareness and inform policy-makers about risks and solutions. Common solutions Common solutions
Francesca Bosco UNICRI Programme Officer bosco@ unicri.it Twitter @ francibosco FinTech: The Threat Landscape and Promising Initiatives Doha, Qatar 5 November 2017
Recommend
More recommend
