Prepping fintech platforms for the next cyberattack

Prepping fintech platforms for the next cyberattack
It’s critical for fintech firms to have incident response plans if a catastrophic event and subsequent cyberattack were to happen.
SEP 08, 2021

In observance of the 20th anniversary of the September 11 terrorist attacks, the InvestmentNews team has written a series of reports looking at how the financial industry has changed in its aftermath and been preparing for the next 9/11 event. Though the specter of something worse continues to be a frightening possibility, rather than pushing 9/11 out of mind or writing it off as an aberration, InvestmentNews contemplates the impact and potential consequences of being unprepared for the next attack from several industry perspectives.

In the second installment of the series, Nicole Casperson asks experts in digital risk management for a gut-check on fintech's preparedness in case of a cyberattack.

Today’s tech-fueled world has made every business dependent upon a vast and expanding digital infrastructure, making online security measures a national imperative. 

The Biden Administration has made it clear that a cyberattack that could result in the degradation, destruction, or malfunction of systems that control infrastructure upon which firms depend could cause significant harm to the national and economic security of the United States.

For firms with prominent digital businesses, like online brokerages with millions of user accounts, it’s critical to have action plans in place to defend against bad actors who would take advantage if another catastrophic event, such as Sept. 11, 2001, were to happen again, says John O’Connell, president and founder of The Oasis Group, a fintech-focused consulting and coaching firm to wealth managers and technology providers.

It’s not a far-fetched reality that a bad actor gets into the U.S. financial system and causes it to fail, especially in times of crises, O’Connell said. This could be done through misinformation, he said, in a similar way that political propaganda contains misinformation. 

“Let’s say for example a bad actor hacks sensitive information about bank executives like salaries or contact information, and starts floating it around as misinformation,” he said. “For example, misinformation where the bank president is stealing from the bank or maybe there's been a lawsuit associated with the bank, all of which can be propagated via social media rapidly.”

That type of misinformation can cause clients to think their bank, brokerage, custodian or wealth manager is corrupt or financially shaky, causing them to remove their funds. 

In order to manage a potentially catastrophic scenario, businesses should have action plans in place for a degraded environment, like a Plan B if communications and systems fail due to an uncertain event, said Gilles Hilary, a professor at Georgetown University who specializes in risk management. 

Communications are likely to be cut first in a degraded environment, like a terrorist attack, cyberattack or a natural disaster, Hilary said. Larger institutions make easier targets, so it’s critical for those institutions to have a plan -- like who will make immediate decisions when the centralized command or control system is compromised.

That response plan should include contact information for local FBI field offices and a cyberattack response team, as well as alternative methods of communication in case it’s difficult to get in touch with these incident response experts. 

With the rapid expansion of fintech, a lot of firms have adopted technologies that they have not clearly vetted from a security perspective, O’Connell said. 

But there are actions tech-driven firms can do today to prepare for something catastrophic down the road. First, review the cloud security of vendors, O’Connell said. Almost all information is in the cloud, and firms should be consistently reviewing what their cloud security looks like. An expert tip: Ask vendors if they have artificial intelligence to monitor potential threats, O’Connell said. 

Look at what data encryption is put in place within your firm’s partners. Having strong data encryption protects data confidentiality by converting it to encoded information. Another practice is limiting the number of people that have access to a firm's server.

When reflecting upon catastrophic events, it’s worth thinking of other emergency responders, like firefighters or even the military. Those experts are training every day for what they call mass casualty events.

“They do that training so that when something happens, they know precisely what to do, and that training has uncovered for them, over time, holes, gaps, mistakes, process problems, that they just continually improve upon and weed out," O’Connell said.

“You need that same level of professionalism and coordination in a financial services firm for incident response.” 

More articles in this series:

How the advisory industry has been preparing for the next 9/11 event by Mark Schoeff Jr.

Latest News

Estate planning becomes a client retention issue for financial advisors, survey finds
Estate planning becomes a client retention issue for financial advisors, survey finds

Clients are saying they would consider switching advisors if another professional offered estate planning services, according to a new Trust & Will survey.

Candidly adds AI agents for Trump Accounts, workplace benefits
Candidly adds AI agents for Trump Accounts, workplace benefits

CEO Laurel Taylor says the fintech's composable AI stack helps workers optimize dollars across Trump Accounts, 529s, 401(k)s, and other employee benefits.

BMO adds three advisors in Dallas amid Y'all Street wealth boom
BMO adds three advisors in Dallas amid Y'all Street wealth boom

The bank has swiped three private banking veterans from BNY as the city climbs the ranks of America's fastest-growing wealth hubs.

UBS moves toward full-service US bank as plans to extend wealth business
UBS moves toward full-service US bank as plans to extend wealth business

Employee accounts, crypto trials and job cuts frame a pivotal year for the Swiss lender.

$5B broker-dealer NBC Securities has a new name after almost 30 years
$5B broker-dealer NBC Securities has a new name after almost 30 years

New name draws on founder's family history as consolidation reshapes the broker-dealer landscape.

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income

SPONSORED Why direct indexing stopped being optional

Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.