Approximately one-third of UK fintech organizations expose customer data to the potential threat of cyber attacks.
UK Fintech Firms Vulnerable to Cyber Attacks, New Study Shows
A significant proportion of UK fintech companies are putting their customers at risk by failing to adequately safeguard their digital infrastructure, according to a recent investigation by ethical hacking platform Ethiack.
Analysis of nearly 800 fintech firms' digital presence revealed that more than one-third of them (41%) unintentionally provide hackers with an advantage by publicizing software details on their web servers. Jorge Monteiro, CEO and co-founder of Ethiack, compared this practice to broadcasting the type and model of a lock, making it easier for intruders to unlock the digital door.
Furthermore, nearly one-fifth (18%) of platforms are using outdated or invalid SSL certificates, which serve as a digital lock for websites, potentially leaving customers at risk of eavesdropping or data interception. This shortcoming is noticeable to users as it necessitates acknowledging a browser security warning before accessing the fintech's site.
Interestingly, over half (52%) of fintechs utilize servers provided by Cloudfare, Nginx, or Apache to build their digital infrastructure. According to Monteiro, should any vulnerabilities surface among these providers, hundreds of fintechs and numerous clients could find themselves in jeopardy.
Recent reports indicate that worried by the escalating cyber threat, fintech firms are planning to expand their workforce by 32% by 2025. Marks & Spencer suffered a near £700 million cyber attack last month, and Adidas was recently compromised, exposing customer data. HSBC UK's CEO warned of imminent digital attacks during a Treasury Committee hearing, highlighting his concern for the lingering threat.
While not directly related to the study's findings, it is worth mentioning that implementing a multi-layered security strategy informed by industry best practices can help fintechs overcome cybersecurity hurdles. Addressing key areas such as data encryption, strong authentication, secure APIs, regulatory compliance, and continuous monitoring can bolster security and protect customer data.
Ultimately, proactive steps from fintechs are crucial to safeguard customers' sensitive financial information and keep trust in their platforms intact as the cyber threat landscape continues to evolve.
- The study by Ethiack demonstrates that insufficient cybersecurity measures, such as publicizing software details on web servers and using outdated SSL certificates, are common in UK fintech companies, potentially putting their financial data at risk.
- With the persistent threat of cyber attacks, many fintech firms are taking proactive measures, planning to boost their workforce by 32% by 2025, focusing on areas like data encryption, strong authentication, and regulatory compliance to enhance their technology infrastructure and protect customer finance.
