General News of Tuesday, 28 November 2023

Source: John Obeng Apea, Contributor

FinTechs need constant cybersecurity revamp

John Obeng Apea, Chief Executive Officer of eTranzact Ghana John Obeng Apea, Chief Executive Officer of eTranzact Ghana

The Financial Technology (FinTech) industry in Ghana just like anywhere else in the world has grown exponentially over the past few years, with many startups entering the market with new cutting-edge technologies providing innovative solutions.

While this growth has brought numerous benefits, especially providing the avenue for financial inclusion, it has also presented several cyber security challenges that FinTech companies must address to protect their customers’ data and ensure the integrity of their transactions.

Cybersecurity footprints are becoming increasingly complex, hence the need for businesses to constantly revamp cybersecurity to ensure the protection of their systems, data, and customers’ sensitive information.

In Ghana, over the years, several financial institutions, especially the banks have suffered numerous frauds and cyberattacks both from external sources and some employees or internal dealings as well.

The Bank of Ghana’s (BOG) fraud statistics for 2021 indicated a very alarming projection for fraud and cyber fraud. A total of GH¢114 million is the amount involved in fraud cases reported to the Bank of Ghana. About GH¢52 million of the reported amount was recovered whilst a little over GH¢61 million was lost to fraud.

The increasing prevalence of affordable, powerful, portable, and user-friendly digital devices and technologies has allowed many businesses and governments to automate their operations and create efficiencies, and so do criminals.

Perpetrators will want to explore areas of opportunities to commit fraud and go unnoticed and the Internet is certainly one of the most ideal options or medium to propagate fraud or fraud-related activities. Just like every other type of fraud, the ulterior motive is to illegally gain and leverage an entity’s sensitive information for monetary gain.

Actors can be internal employees who know the inside workings of an organisation or are in a position of power or privilege and therefore can leverage the knowledge or information to commit fraud under the rationalisation of economic pressure, or external – individuals outside of an organisation or other business entities that use various forms of attacks to gain an unfair advantage or acquire information that they intend to leverage upon for monetary gains.

Without constant investment and revamping of systems in place, it would be difficult or too late to detect attacks and insider dealings.

According to “The Race to Adapt,” an annual global cybersecurity report, the financial sector continues to be targeted by financially motivated organised crime, which often takes the form of data breaches, identity-based threats – such as malware, Ransomware, phishing, and social engineering attacks – and hacking, through the use of stolen credentials.

Globally, the survey also reveals the hugely damaging effects of financially motivated organised crimes, with businesses losing more than 10 percent of their revenue in the last 12 months. Beyond financial damage, network outages of 35 percent, compromised customer accounts of 29 percent, and data loss of 28 percent were among the key dangers making up a complicated threat landscape. On top of this, 86 percent are concerned that remote work is making securing their businesses harder.

How These Tools Work

Malware is also one of the principal fraud vectors. These harmful programmes are utilized by cybercriminals to obtain unauthorized access, erase files, and steal sensitive data, among other activities.

Ransomware, a type of malware, is used by hostile actors or fraudsters to encrypt the data of victims and demand money to decrypt them. Due to the complexity and difficulty of its limitation and mitigation, ransomware poses a significant threat to most businesses.

Social engineering scams, the most prevalent of all cyber fraud vectors are used by cyber fraudsters to manipulate individuals’ emotions to expose their personal information.

Typically, a criminal would begin these attacks by researching their intended victim. Once they identify a victim’s vulnerabilities, they get to work with a message (Smishing), email (Phishing), or phone (Vishing), offering a service.

Cyber fraud, in no doubt, will continue to increase as more computers are connected worldwide, giving global access to computer criminals. FinTechs must also ensure they have the relevant information security policies in place that are properly integrated with business processes.

Building Robust Operational System

Cyber threats are continually evolving, and hackers are finding new ways to breach security systems. FinTechs need to stay updated with the latest cybersecurity protocols and technologies to protect against these emerging threats.

Maintain Customer Confidence: FinTechs deal with the sensitive financial and personal data of their customers. Any data breach or cyber-attack can cause significant reputational damage and a loss of customer trust. Regular cybersecurity revamps help in maintaining customer confidence and loyalty.

Regulatory Compliance: Regulatory authorities are increasingly imposing stricter cybersecurity regulations on FinTech companies. Compliance with these regulations is essential to avoid penalties and legal issues. Again, regular revamps help FinTechs ensure their systems align with these regulations.

The Bank of Ghana has periodically increased mentioned intent to impose sanctions on financial institutions that do not comply with directives and do not deploy measures to control fraud and cyber fraud. This also transcends to financial institutions that do not report fraud cases and FinTechs must also monitor this space for their good.

Technology Advancements: With the rapid advancements in technology, new vulnerabilities and threats can arise. FinTech needs to adapt its cybersecurity measures and revamp its systems to address these new risks proactively.

Risk Mitigation: Cybersecurity revamps help FinTechs identify and mitigate potential vulnerabilities and weaknesses in their systems. By regularly assessing and updating its security measures, FinTechs can reduce the risk of potential breaches and data theft.

Continual Monitoring: Cybersecurity is not a one-time implementation; it requires constant monitoring and analysis. Regular revamps help FinTechs identify and respond to any potential threats or suspicious activities to minimize the impact of cyber-attacks.

Overall, in the fast-paced and evolving world of FinTech, constant cybersecurity revamps are crucial to protect sensitive financial data and maintain customer trust in the ecosystem.

Basic Underlying Practices Businesses

The Internet of Things means every business is going digital so businesses in collaboration with banks would continue to provide payment platforms and innovative solutions, therefore these simple techniques must be dear to all:

To constantly update the software on devices to ensure digital assets have the most up-to-date security upgrades.

To ensure that all the organisation’s devices are equipped with antivirus and anti-malware software. Individuals using smartphones must ensure they install updates from manufacturers when they are made available.

To use unique and separate passwords for all accounts whilst avoiding the use of easily guessed passwords such as birthdates or names.

Enable two-factor authentication to add an extra layer of protection and backup data.