BLOG

Are your business apps a cause for concern?

Shahnawaz Backer 缩略图
Shahnawaz Backer
Published June 18, 2017

Over the past year, we witnessed Asia Pacific’s rise as a trailblazer in global fintech investments, reaching ahead of traditional economic powerhouses such as North America and Europe.[1] Furthermore, the increased spending on Asian fintech ventures and the emergence of regulatory sandboxes in Singapore and Hong Kong clearly signaled a noticeable shift in fintech leadership from the West to the East.

One key factor contributing to this development is the flourishing mobile and applications market in Asia, which makes the region ripe for innovation testing – particularly in sectors such as mobile payment and digital financial technologies. We see this change noticeable in our own personal lives; Apple Pay and DBS Paylah! are just some of the examples of the wide array of cashless payment services and e-wallets powered by applications that have become so intertwined with our daily lives.

Although these technologies present numerous opportunities for user convenience, these are also matched by the multiplying threat vulnerabilities that they bring about – the Bangladesh central bank heist and bitcoin theft in Hong Kong proved that. Surprisingly, while a majority of financial firms rank cyber threats as one of their top business risks, many of these organization are not nearly as aware of the threats their applications face.

Amidst the sophisticated threat landscape of today’s digital age, here are the top application threats that fintech should protect themselves against:

  1. Malware
  2. Designed to inflict harm on either the data or the user or both, an alarming number of banking malware—more than 300,000—was found in Asia Pacific in 2016 alone. This is thrice the figure found in North America.[2]

    One of the most common malware traps is bundling a malicious application with a software program. Unsuspecting users who overlook the installation process inadvertently invite malware onto their devices, which then exploits security vulnerabilities in either the software program or the operating system.

  3. Web Application Attacks
  4. These attacks typically exploit an attack vector – such as software vulnerabilities – to enter the website.

    Software vulnerabilities have become more common in recent years due to the increasing complexity of web applications. Additionally, with increasing demand for applications, the speed at which these applications are deployed leaves little time to ensure the security of the application code, making them easier to exploit.

  5. Insider Compromise
  6. Insider compromise is one of the most dangerous forms of cyberattacks. It is ranked the second highest security concern in Asia Pacific, with more than 10 percent of companies reporting over 20 breaches in 2015[3]. Such attacks come from seemingly reliable sources and thus often go undetected by safeguards.

    These threats typically come in two main forms: a malicious hacker who is also an employee of the targeted organization or an outsider who poses as an employee by taking on a false identity.

  7. DDoS Attacks
  8. Distributed denial of service (DDoS) attacks exploit a network of thousands of compromised computers to overload a website’s server with requests, causing the website to shut down. Close to 20 banks in Hong Kong were victims of such attacks in 2015—and these just reflect the incidents that were reported to the Hong Kong Monetary Authority (HKMA).[4] The number could have been much higher.

    Despite seeming relatively innocent, we all know that service disruptions—especially in fintech—equates to losses on the monetary and reputational front. In fact, a report by Neustar on DDoS revealed that the cost of downtime is estimated at US$250,000 per hour.

    Too many businesses only implement security measures after a threat has manifested. However, the good news is that most of these security risks can be eliminated if security processes are integrated into the application at every stage of application development. In fact, these security processes are the very things that could easily turn a financial failure into a competitive success.

    To find out more on how the Asian fintech industry can better protect against today’s attack vectors, join us at Anticipate 2017 taking place on Tuesday, June 20 in Singapore, where we speak with leading financial industry experts on their valuable perspectives and insights.

    [1] https://newsroom.accenture.com/news/blockbuster-deals-in-china-make-asia-pacific-the-leader-in-global-fintech-investments-accenture-analysis-finds.htm

    [2] http://sbr.com.sg/financial-services/news/317822-online-banking-malware-detected-in-apac-in-2016

    [3] https://www.infosecurity-magazine.com/news/insider-threats-reponsible-for-43/

    [4] https://www.enterpriseinnovation.net/article/bots-powered-ddos-looms-large-over-asias-banks-1823173251