Fintechs are underestimating cybersecurity; here’s how to make things better, says STX Next

Successful fintechs are rightly lauded for their innovative approaches, and their willingness to do things differently. However, the emphasis on relentless growth – a core characteristic of many startups in the financial sector – does mean that cybersecurity is sometimes put on the backburner. To tackle this problem, software development house STX Next, alongside partner and cybersecurity expert Aleksander Czarnowski of AVETINS, offer some advice to aspiring fintechs below.

Maciej Dziergwa, CEO of STX Next, said: “Running a fintech startup usually means growing the business with scant resources, especially in the early days. Sacrifices inevitably have to be made, and cybersecurity often suffers at this stage.

“It’s important that cyber doesn’t get neglected early on. You only have to look at the recent deluge of ransomware attacks to see that cybercriminals are honing their craft at great speed, and will target any company if they think they can make a quick buck.”

Fortunately, there are steps that fintechs can take in the here and now to improve their cyber hygiene and get themselves on the front foot.

Aleksander Czarnowski, Founder and CEO at AVETINS, added: “In the early days of a startup, cyber is often considered a bit of a cost centre, so capacity to focus on security often isn’t added in. There’s also a feeling in some fintechs that sufficient cyber skills can be learned from short online courses.

“Step one is to recognise the scale of work that needs to be done to make the business watertight. Cyber isn’t something that can be sorted overnight: it needs to be seen as an iterative, long-term consideration that gets adequate attention.

“Step two is to think proactively. Any threat being talked about in the news right now is already outdated. Whether it’s a new ransomware attack, phishing campaign or APT, once it’s in the public eye, criminals will be looking to evolve their methods further to escape new mitigation measures. Fintechs, therefore, need to prepare for unknown threats.

“Step three is to make the necessary preparations to guard against these unknown threats. This is the most crucial step of all, but it doesn’t necessarily have to be the most difficult one. Fintechs often operate with minimal resourcing, so automating and outsourcing cyber capabilities where possible is an effective way forward. Any good business leader will know that you don’t have to try and do absolutely everything internally: being the best often means accepting your weaknesses and trusting the expertise of others.

“Finally, there are basic measures fintechs should implement while the more complex cybersecurity matters are dealt with in the background. These include encryption of sensitive data, strong access control technology, multifactor authentication, static and dynamic testing of code for security flaws, and the banning of insecure cryptography.”

Dziergwa concluded: “The financial services sector is much better off because of fintechs. Their success means success for a multitude of other businesses, so tightening things up from a security perspective makes sense. Focus on cyber, and fintech’s reputation for forward thinking will be assured for many years to come.”