SUMMARY
According to Gartner, API attacks will be the most frequent attack vector in 2022, causing data breaches across enterprise web applications
During his masterclass at the Inc42 Fintech Summit 2022, Dean Houari of Akamai Technologies shared his insights into how India’s fintech startups can shield themselves against common cyberattacks
He stressed the need to identify the level of digital maturity to develop an efficient API protection plan and other security measures
In May 2022, Bengaluru-based digital payment gateway firm Razorpay registered a complaint with the city’s cyber cell, alleging a loss of INR 7.3 Cr as hackers siphoned off the money over three months by manipulating its authorisation process.
It was not a one-off case. In the past few years, the fintech sector has become an extremely lucrative target, constantly threatened by data breaches and fast-evolving forms of cybercrime.
According to a report by Akamai Technologies, a cybersecurity and edge technology company, out of the 6 Bn web attacks in 2020, the financial services sector alone saw 736 Mn incidents. Additionally, a 2022 report by US-based network operator Verizon showed that ransomware breaches globally (including India) rose by 13% last year — more than the past five years combined.
“The rise in applications and digital services across the fintech sector is increasing the threats of cyberattacks every day,” said Dean Houari, Akamai’s director of security, technology and strategy, Asia Pacific and Japan (APJ), speaking at the recently concluded Inc42 Fintech Summit 2022.
During his masterclass titled Indian Fintechs’ Guide To Mastering The Art Of Scaling Securely, he elaborated on how fintech companies, big and small, could navigate the maze of sophisticated cyberattacks, instil confidence among users and scale securely.
Watch Houari explain the most common cyberattack tactics and how fintechs can deal with those.
Identify Threats Before Taking Action
“Fintech companies are under a lot of pressure to develop adequate security measures. But striking the right balance between security and customer experience (read ease of use) is not easy,” noted Houari. “Oversecured and, therefore, limited customer experience will open the door for competitors.”
It is a double whammy as fintechs cannot compromise on user experience or user data. Hence, businesses must choose the right cybersecurity tools to achieve cyber resilience.
The first step is identifying the cyberattack vectors unique to the fintech industry.
“It is common to think that attackers will breach your firewall, but that is rarely the case. Hackers know that breaching a firewall can instantly send an alert, and it is too much work for them,” said Houari.
Instead, fintech players must watch out for some common cyberattack vectors, including API attacks, DDoS (distributed denial of service) and in-browser threats.
“Cybercrime has now evolved into organised crime. Attackers work in groups and may use all these tactics to create a diversion and open a door (into the system) somewhere else,” he warned.
Credential abuse is another common ploy. “Attackers today are spending a lot of time developing malicious botnets to steal a fintech user’s login credentials,” said Houari.
But among these vectors, APIs are the most targeted as these are at the centre of customer experience, especially in the Indian context.
“India ranks fifth in API attack targets worldwide. APIs are more performant and less expensive to attack than traditional web forums,” said Houari.
“Attackers can exploit app vulnerabilities and third-party integrations through APIs. Also, these are still not very secure and have different attack vectors that can lead to data breaches, ransomware and credential theft,” he added.
According to research and consulting firm Gartner, API will be the most frequent attack vector in 2022, causing data breaches across enterprise web applications. Houari claimed that most attacks would take place in the ecommerce and financial services sectors.
How Fintechs Can Create A Security Shield
During his masterclass at the Inc42 Fintech Summit, Houari urged each fintech company to identify its level of digital maturity and develop an API protection plan accordingly to ensure security and scale in the competitive digital climate. He further advised them to partner with security enablers (like Akamai) to enhance security measures and reduce such attacks.
According to Houari, a few more measures to mitigate cyberattack risks include establishing a WAAP (web application and API protection), preferably with bot security, and investing in DDoS mitigation and DNS security to protect online user experiences.
“APIs are code-based; so, securing your code is also essential. Teaching your developers to ensure in-built security via design and not as an afterthought is also critical,” he added.
Catch all the sessions and insightful conversations from The Inc42 Fintech Summit 2022. You can find the takeaways from some of the most prominent names from the fintech community right here at the Fintech Academy.
