Ransomware is one of the industry’s most pressing cybersecurity problems. Criminals exploit vulnerabilities within internal systems to gain access to an organisation and keep it hostage, holding out that the company will pay a ransom. For the criminals, it can be an easy payday – but what can fintechs and financial institutions do to stave off the threat?
We asked James Derbyshire, browser isolation expert at Garrison.
Can you tell us how much of a threat ransomware poses to the industry?
Ransomware poses a growing threat to the fintech and wider financial services sector, with 64% of financial institutions globally already hit by an attack in 2023. The fintech industry is projected to continue its growth to become a US$1.5tn industry by 2030, which is making it a particularly attractive target amongst cybercriminals looking for significant financial gain. Despite handling the same valuable financial data as traditional banks and financial services, the digital-centric interconnectivity and international scale of fintech businesses can render them more vulnerable to attack.
Ransomware attacks, which work by locking away critical company data until a ransom is paid, have increased exponentially over the past decade. And the effects can be devastating. Victim companies not only have to contend with a costly ransom, but due to the ability of the malware to conceal key data, systems and networks, may also find themselves unable to operate. Inaccessible services combined with potential breaches of personal and financial customer data can irreparably impact a fintech’s reputation with customers, leading to significant revenue loss.
The fintech sector is increasingly integrated with the traditional financial services industry, and this integration is expected to increase over the coming years. It is possible, therefore, that the security gaps within fintechs can be exploited to compromise other financial institutions with whom they do business. It’s no surprise that almost three quarters of traditional banks consider data security in fintech to be a priority concern.
How big a factor is human vulnerability in ransomware risk?
Before looking at possible solutions, it is important to understand how ransomware works. Much of the success of ransomware attacks can be put down to the fact that threat actors exploit a vulnerability that exists in every business – human error. A company’s network can be breached allowing ransomware to infiltrate an organisation with just one click on a malicious link.
While employee training is often used to address this issue, human error cannot be completely eliminated. Even the most well-trained and security-conscious employees are prone to mistakes. And a single slip-up can open the door to a company-wide attack.
Employing malware detection and response tools is another common security strategy, but this too has its limitations. The biggest drawback is that these technologies can only identify malware after it has entered a network – which is often too late. What’s more, they are known to be ineffective against zero-day attacks, as they can only defend against behaviour that is already known to be suspicious.
If the continued rise in ransomware attacks tells us anything, it is that our current security measures aren’t working.
How can companies defend against ransomware attacks?
Web-based attacks pose a growing threat to organisations, especially as fintechs turn increasingly to cloud-based tools and services as a way to cost-effectively scale. And at the same time, the vulnerabilities of web browsers are growing due to increased functionality. While various security measures come built into the browser as standard, these do not solve the security threat on their own.
Many companies are turning to Browser Isolation in the fight against web-based threats. The technology allows users to access web content without exposing their devices to web-based malware attacks, providing protection against threats such as phishing emails with malicious links.
Browser Isolation creates a barrier between the user’s device and the internet, meaning that the user is fully protected against web-based malware, even if they click through to a compromised webpage. The gold standard in this area is a technique called ‘Pixel Pushing’ to convert browsed web content into pixels, meaning that rather than coming into contact with risky code, users are in fact seeing an interactive video.
Browser Isolation is a security model that does not rely on detection. Instead, it provides protection by assuming that all content is malicious unless proven otherwise. Critically, the browsing experience remains unchanged for the end-user, meaning that day-to-day operations are unaffected.
Is it important to ensure only users who need access to a certain system have it?
In 2022 a set of new cybersecurity regulations came into play for the telco sector, and some industry experts predict that it may not be long until something similar is introduced in the financial sector. A core focus of this security framework is the thorny issue of privileged access users. Enterprises across the financial sector – including fintechs – tend to restrict access to sensitive functions within their organisation, ensuring that only those who need to carry out privileged tasks, such as systems administration, have the permissions to do so.
But while a sensible approach, this does not eliminate the risk. If a privileged user’s machine was to be compromised, attackers would have complete access to enterprise data and networks. The importance of addressing the security of privileged user accounts cannot be overstated.
Browser Isolation enables companies to get ahead of any future regulation by maintaining the security standards that have been mandated by the UK government for the telco sector, and could be extended to financial services.
The final word: keeping fintechs safe
The UK has one of the highest fintech adoption rates globally, with 14m adults banking using digital-only services, a number that is expected to reach 23m by 2027. This continued success has led to the sector becoming a treasure trove for threat actors seeking to exploit data for financial gain.
At the same time, many fintechs and neobanks are scaling rapidly. For example, in the UK, Revolut now has 20m customers – ten times more than in 2018 – while Wise has almost 16m. However, this growth also increases their attack surface.
Our current security approach is broken. New security strategies that involve protection, rather than detection, are the only way to mitigate the growing ransomware threat and to ensure that fintech businesses, the wider financial ecosystem, and their customers are fully protected from the growing ransomware threat.