show image

#FTW16: “We’re losing the battle on cyber crime – can startups save us?”

Kirsten Connell is MD of cyber security accelerator Cyber London and HutZero, a cyber security bootcamp that helps potential entrepreneurs turn their ideas into startups

Although we are still feeling the initial effects of Brexit, the UK is still respected globally as a leader in financial technology innovation, with London in particular recognised as a hub of activity in the sector.

Fintech startups in the UK are thriving, offering financial services in new formats that are better suited to the modern, digitally-savvy generation. Peer-to-peer lending services for example, offer ways to borrow and lend money at better prices than banks can offer, while currency exchange services provide opportunities to avoid high rates and charges when transferring money abroad.

The line between the traditional banking sector and fintech, however, is becoming increasingly blurred as banks search for new ways to build trust and improve customer experience. The reality is that, as well as adding convenience, fintech introduces new challenges to add to the pile of existing security threats that the financial sector is facing.

Midway through 2016, Bangladesh Bank and up to 12 other financial institutions were hit after hackers targeted Brussels-based interbank cooperative, SWIFT. Security analysts have now linked this attack with the Sony Pictures hack in November 2014, because the same code was seen in use in both cases.

This doesn’t necessarily indicate that the same threat actor group was responsible. It does, however, demonstrate how easy it is for hackers to access tools to bring down large organisations, and how the same malware can be used by criminals with different motivations and goals.

Losing the battle

The UK’s National Crime Agency recently stated that cyber criminals are winning the technology race. Last year, a UK government report found that 65 per cent of large businesses had fallen to a cyber attack or breach, while 25 per cent experienced a breach at least once a month.

All financial companies are a target for hackers. Online banking services have been an object for ‘Trojan’ malware for many years and there’s no sign that attacks are slowing down, particularly now given the existence of both skilled technical gangs and low-level off-the-shelf tools widely available for purchase from the Dark Web.

Long gone are the days when an anti-virus solution is an adequate defence. Cybercriminals have become so skilled that they are able to evade some of the most sophisticated threat detection systems. The idea that breaches can be altogether prevented has become outdated.

This situation paves the way for startups like CyberLytic, which identifies unusual digital activity to speed up company response times, and Intruder, which helps companies to identify weaknesses in their infrastructure before hackers do.

Billion-dollar opportunity

Cyber security has quickly become the fastest-growing sector in IT – Gartner said that the market reached a value of $75 billion in 2015, expecting it to reach $170 billion by 2020.

Commentators and investors the world over are now watching it for signs of the next big tech success story. Darktrace, another UK-based startup, which analyses cyber threats in real-time, recently made headlines when it raised $65 million.

As the frequency of attacks against the financial sector increases, there has been a tidal wave of investment in companies and organisations looking to develop new cyber defence products and services, such as the new cyber security incubator at fintech specialist Level39.

With so much risk and potential for loss, it’s only natural that financial services organisations have become inextricably linked to cyber security. Just this month, Startupbootcamp, a combined fintech and cyber security accelerator programme, was established in Amsterdam with the backing of banks including Rabobank and ABN Amro.

But it’s not just about shoring up company networks to stop threat actors getting in. When it’s possible to share massive quantities of data at the click of a button, it’s also about preventing the wrong information from getting out.

Pesky humans

Information obtained by Egress Software Technologies via a Freedom of Information request found that human error accounted for almost two-thirds of the incidents reported to the Information Commissioner’s Office between 2014 and 2016.

Of this, 9 per cent of cases were the result of data accidentally being emailed to the wrong person.

In response to this problem, CheckRecipient, a UK startup, has developed software that uses artificial intelligence and machine learning to prevent emails from being sent to the wrong person.

In highly regulated industries like banking, which handle large quantities of sensitive, personal data, sending a spreadsheet of contact details to the wrong recipient can result in crippling fines. And accidentally sharing intellectual property with someone outside your organisation can lead to immeasurable loss.

The UK leads and inspires when it comes to technology innovation, but despite the talent and skills now on offer here, the country is lagging behind in the cyber security arms race.

As a global financial services hub, it’s fair to say that the UK represents a major target for cyber criminals the world over.

With everything to lose, cyber security investment is essential to ensure that what the country’s most important assets are protected.