Ethical hacker, Terry Cutler states that data storage issues, weak encryptions, data leakages, are just some vulnerabilities frequently discovered in fintech apps
Almost 772 million passwords are stolen or emails leaked due to hacking, leading to a security calamity for businesses globally. Terry Cutler, CEO of Canada’s Cyology Labs Canada, and an ethical hacker says that there are ways to halt it. He is expected to participate in the 20th Annual Regional Audit Conference hosted by the UAE Internal Auditors Association at the Dubai World Trade Centre (DWTC) from April 12 to 14, 2020 under the theme ‘Future Technology Shaping Internal Audit’.
Cutler will be conducting a session titled ‘Insider Secrets to how hackers are getting in, and why’. Cutler will offer a behind-the-scenes look at how hackers harvest as much information on organisations before launching a targeted attack. He shares his opinion on why the BFSI is a soft target for hackers and how enterprises can protect themselves from this attacks.
Why is the BFSI segment a big opportunity for hackers, especially in a growing economy like India?
Let me recall what Arun Sukumar, head of the cyber initiative at the Observer Research Foundation think tank told BBC recently – "India's financial systems are extremely vulnerable, because we still rely on international banking networks like Swift to make transactions. International gateways are open vectors of attack for India." This is especially since 1.2 million debit cards were made available online. It is a goldmine for hackers.
Do you think hackers target end-users since consumer-facing mobile applications, especially those developed by third parties, are not developed keeping security in the forefront?
I agree. Developers are usually under deadlines and aren’t building code with security in mind. Data storage issues, weak encryptions, data leakages, are just some of the vulnerabilities frequently discovered in FinTech applications.
How often should an enterprise conduct a cybersecurity assessment?
Assessments should be done one to four times a year at minimum to help improve the understanding of the level of an organization’s security and also identify security deficiencies as well as areas of strengths and weaknesses. These will go a long way in helping them to correct security issues before leading to downtime. It can also assist them to identify problems that are causing slow performance, frequent virus attacks or communication problems. Additionally, they can develop an action-plan to correct dangers and reduce the associated risks.
How can the BFSI industry adopt a real-time and proactive cybersecurity approach to ward sophisticated hacking attacks?
Companies need to adopt a comprehensive solution that should include ongoing internal vulnerability detection, alerts, and remediation options.