fintechview sat down with eSafe Solutions Ltd, CEO, Panicos Georgiou, to discuss the security risks the fintech industry is called to face and how viable solutions.
“Fintech and Brokers store their clients’ data on servers, which can be either self-managed or cloud-based. Cloud-based servers are rented from third-party hosting companies, whereas self-managed servers are owned and operated by the brokers themselves. Both types of servers entail security risks that require proper management by the brokers or their vendors.”
What are the most common cyber threats in the fintech industry?
Fintech and Brokers store their clients’ data on servers, which can be either self-managed or cloud-based. Cloud-based servers are rented from third-party hosting companies, whereas self-managed servers are owned and operated by the brokers themselves.
Both types of servers entail security risks that require proper management by the brokers or their vendors. For instance, brokers who use cloud-based servers may delegate the management to external vendors, which exposes them to potential threats from the vendors or the cloud providers.
Moreover, hackers may attempt to access the passwords and devices of the brokers’ executives and clients by using social engineering techniques. It’s therefore crucial to carefully examine the security risks that brokers face in order to be able to propose viable solutions.
“Hackers can access the unguarded client information and use it for malicious purposes, such as hacking the client device, blackmailing, extorting, or selling the data to other scammers on the black market.
Thus, any misconfiguration or lack of privacy settings can enable attackers to gain access to a server and the customer data, posing serious threats to the brokers’ business and reputation, as well as the clients’ security and privacy”
What options do fintech have when it comes to protecting their clients’ data?
As we’ve already established, brokers have two options for storing their data on servers: using a cloud-based service provided by a third-party hosting company, or setting up their own personal data center. Both options have advantages and disadvantages in terms of data security. Cloud-based services can reduce the operational costs and complexity for fintech, but they also depend on the competence and reliability of the external vendors who manage the cloud configuration.
A weakness by a vendor can expose the brokers’ data to attackers. This is exactly what happened in a recent case study, a well established forex broker, FBS, who left their Elasticsearch server unprotected and unencrypted. The Elasticsearch server of FBS contained client’s personal identifiable information such as IP addresses, mobile device models, full names, email addresses, phone numbers, passport numbers, Google ID’s and even unencrypted passwords – all of which fell into the hands of the hackers.
While personal data centers can give brokers more control and flexibility over their data, they also require the employment and payment of experienced IT professionals who can ensure proper security practices.
Brokers who use shortcuts or neglect security measures can also compromise their data, as well as face legal and reputational consequences. Therefore, brokers need to carefully weigh the pros and cons of each option and choose the one that best suits their needs and resources.
However, even if brokers choose the most secure option, they are not immune to the risks of hackers, who can exploit any vulnerability or loophole in the server configuration or the client device. Hackers can access the unguarded client information and use it for malicious purposes, such as hacking the client device, blackmailing, extorting, or selling the data to other scammers on the black market.
Thus, any misconfiguration or lack of privacy settings can enable attackers to gain access to a server and the customer data, posing serious threats to the brokers’ business and reputation, as well as the clients’ security and privacy.
What is the most common type of phishing attack that modern-day brokers face?
91% of successful data breaches started with a spear phishing attack. Spear phishing is a type of email scam that targets a specific individual or group of individuals within an organization.
Cybercriminals can either send emails that appear to be legitimate to a large number of targets and hope that some of them will click on the malicious link (also known as the spray and pray method), or send a customized email to a single target.
LinkedIn is a useful source of information for cybercriminals, as they can profile their targets based on their employment history and other details that are displayed on the social media platform. Spear phishing involves the following steps:
• Obtaining the target’s email address: Cybercriminals can use special software to extract email addresses from search engines or purchase the email data from other sources.
• Bypassing the antivirus software: Cybercriminals can use open-source software such as Metasploit, which was originally designed for testing security vulnerabilities, to detect the type of antivirus software or network vulnerabilities that the target has. Then, they can design the malware in the email to evade the antivirus software detection.
• Egress filtering: This is a process that checks all data that leaves a network, so cybercriminals use payload software to encrypt the information that is sent from the target’s network to the Metasploit server.
• Social engineering: Cybercriminals conduct research on their targets by checking their Facebook posts, LinkedIn profiles, etc. to find out personal information, such as their spouse’s name, children’s name, or vacation destinations. They use this information to craft a convincing phishing email that mimics the style and tone of a legitimate sender.
• Malware installation: Once the target clicks on the link in the email, malware is secretly installed on their system. This malware is usually a type of a key-logger software that records the target’s passwords and sends them back to the cybercriminal.
How do cyber criminals target a broker’s clients?
According to Forex Beginner UK, there has been a significant rise in cyberattacks that aim to steal the personal and financial information of brokers’ clients. Trading app users in particular are among a highly targetted group for cybercriminals, who have been exploiting the increased demand for online trading services since the onset of the pandemic.
Cybercriminals use various methods of phishing, such as SMS messages, emails, and cold calls, to deceive the users into revealing their app passwords, credit card details, or clicking on malicious links. Once the cybercriminals obtain this information, they can easily access the trading app and transfer funds out of the user’s account, unless the broker has strict withdrawal policies.
One way to enhance the security of a broker’s trading app is to implement two-factor authentication, which adds another layer of verification to the password layer. This layer could be an SMS message or an email message that contains a code that the user has to enter to log in. However, cybercriminals can also mimic this process and send fake verification SMS messages or emails to the users, in order to trick them into giving away their login information.
Therefore, users also beed to be educated on how to be vigilant and cautious when they receive any communication from their brokers or trading apps, and always ensure that they verify the authenticity and legitimacy of the sender and the content.
What are some common practices that can help brokers protect their data and clients against cyber attacks?
Some common practices that help brokers protect their data and their clients against cyber security attacks include:
• Not sharing sensitive information on social media. Social media platforms, such as LinkedIn, Facebook, etc., can provide cybercriminals with valuable information that they can use to launch phishing attacks against brokers or their clients. This information can help the cybercriminal craft a convincing phishing email that mimics the style and tone of a legitimate sender. Therefore, brokers should educate their traders and staff on how to use social media responsibly and securely, and avoid disclosing any sensitive or personal information that could be exploited by cybercriminals.
• Implementing organizational email policies. Brokers should have software in place that filters and scans the emails that their employees send and receive. This is important because cybercriminals can extract employees’ email addresses using complex scripts or purchase them from other sources, and use them to prepare spear phishing attacks. If a proper filtering and scanning system is in place, it can block or detect malicious emails and prevent data breaches.
• Providing education and training on cybersecurity. Both employees of brokerages and clients using their trading apps should educate themselves on cybersecurity periodically. A brokerage could organize training courses on cybersecurity for its employees and test their level of compliance by deploying dummy phishing attacks. Clients using online trading platforms should also be informed and instructed on how to recognize, prevent, and report cyber threats. Education and training on cybersecurity can help foster a culture of security and responsibility among employees and clients, and reduce the risk of human error or negligence.
• Enabling two-factor authentication (2FA) protocols for logging in to systems and apps. Authenticating with a password alone may not be enough, so 2FA adds another layer of verification, such as a code sent to a mobile device. This helps secure a trading platform and prevent unauthorized access, phishing, and identity theft. Clients using online trading platforms should also create strong alphanumeric passwords that contain capital letters, special characters, and numbers, and change them regularly.
• Adhering to anti-money laundering laws. Brokers should always look out for red flags and suspicious withdrawals from clients’ accounts. A client who rarely withdraws money and suddenly begins to withdraw is a red flag that could indicate a compromised account. Moreover, anti-money laundering laws require brokers to trace and stop money laundering activity by conducting due diligence on customers and reporting withdrawals above certain threshold limits to the relevant authorities. Doing this can help prevent loss of funds and aid fund recovery even after an account has been compromised.
• Managing employee disengagement. Organizations should ensure that disengaged employees are treated fairly and retrieve all official information from them. A malicious employee could sell organizational data and leak client information to cybercriminals or competitors. Although the law may catch up with them eventually, the damage would have already been done, as clients would be exposed to data breaches and lose money. Therefore, organizations should monitor and address employee disengagement and ensure that all sensitive data is securely erased or transferred from their devices
Who is Who
Panicos Georgiou is an accomplished IT Security professional with over 20 years of experience in the field of Cyber Security. Panicos is a successful entrepreneur representing some of the leading security vendors whilst providing cutting-edge technologies and extensive knowledge in this niche area. Over the years he has helped organizations mature their security posture while addressing their current and future needs.
He is in a privileged position to provide consulting and integration services, monitoring and incident response to a wealth of prestigious organizations such as government, banks, law firms, financial institutes, shipping and more.
