Investing in cybersecurity: Reducing risks in the fintech industry

The first half of 2024 has witnessed a significant increase in sophisticated cyberattacks targeting Fintech (Financial Technology) companies in Vietnam, particularly in the financial-securities sector. A prime example is the ransomware attack on VNDirect Securities Company in late March, which caused serious losses to investors and prolonged business disruptions. According to Recorded Future News, the attack on VNDirect caused the company's stock price to drop 4% since the beginning of the week and led to a 10% decrease in trading volume on the Ho Chi Minh Stock Exchange (HOSE) as investors using VNDirect's services were unable to trade.

In response to the alarming increase in cyberattacks, especially in the Fintech industry, the State Securities Commission (SSC) has issued Official Dispatch No. 3351/UBCK-CNTT, requiring securities companies and fund management companies to strengthen cybersecurity measures to support securities trading activities. This Official Dispatch emphasizes the need to invest in security systems, train personnel, and implement anti-cyber attack measures to protect data and maintain the stability of the financial market.

The Official Dispatch requires securities companies to take measures to ensure the safe, stable, and uninterrupted operation of the market

New cybersecurity regulations are presenting both challenges and opportunities for Fintech businesses. The pressure to enhance security capabilities is inevitable to meet increasingly stringent requirements. However, investing in cybersecurity will bring long-term benefits, building trust with customers and partners, and thus promoting sustainable industry growth. A safe and transparent business environment will be a solid foundation for Fintech companies to compete and thrive.

With the unique characteristic of storing large volumes of sensitive data and financial transactions, the Fintech industry has become an attractive target for hackers. Here are some of the prominent cyberattack trends in the Fintech industry today:

1.Ransomware – A constantly growing threat

Ransomware continues to be one of the top threats to Fintech. According to BusinessToday, the number of ransomware attacks increased by 181% in 2023 compared to the same period in 2022. Specifically, the number of files encrypted by ransomware daily has nearly doubled, reaching 9,500 files per day globally. New ransomware variants are becoming increasingly sophisticated, using complex encryption techniques and rapid propagation capabilities, making it difficult to detect and recover data.

2. Misuse of artificial intelligence (AI) – The battle between technology and crime

According to Techradar, 84% of phishing attacks today are powered by AI technology, resulting in phishing emails, messages, and websites reaching an unprecedented level of sophistication, making it difficult for users to distinguish between real and fake. As a result, Fintech businesses are facing the risk of double losses: both financial and reputational loss due to data breaches, and legal and financial consequences due to stolen customer information. This not only affects the development of businesses but also negatively impacts user trust in the entire Fintech industry.

3. API Attacks – New gateway for intrusion

2023 saw a significant increase in cyberattacks targeting application programming interfaces (APIs) globally. Hackers have exploited security vulnerabilities in APIs to gain unauthorized access to data and systems, causing significant damage to organizations and businesses. According to a report from Traceable.ai, APIs have become the target of 29% of web attacks. Account takeover attacks on APIs have increased from 35% in 2022 to 46% in 2023. Business logic abuse attacks on APIs have also increased by 10%, accounting for 27% of all API attacks.

In the face of increasingly complex cybersecurity threats, Fintech companies are urgently seeking comprehensive, flexible, and cost-effective security solutions to protect their data and systems.

To date, VNIS has received many requests to experience the security solution from Fintech units. In practice, VNIS has proven its comprehensive security capabilities and excellent service quality, helping Fintech businesses prevent cyberattacks in a timely and effective manner and minimize maximum damage. Currently, VNIS is protecting leading Fintech units including HCS, Vietcap, VPS, Yuanta Vietnam, ACBS, Momo, and is in the process of cooperating with many other reputable Fintech businesses in and outside the country.

To date, VNIS has received many requests to experience the security solution from Fintech units. In practice, VNIS has proven its comprehensive security capabilities and excellent service quality, helping Fintech businesses prevent cyberattacks in a timely and effective manner and minimize maximum damage. Currently, VNIS is protecting leading Fintech units including HCS, Vietcap, VPS, Yuanta Vietnam, ACBS, Momo, and is in the process of cooperating with many other reputable Fintech businesses in and outside the country.

VNIS platform's comprehensive security model

With VNIS's multi-CDN system with a load capacity of up to 2,600 Tbps, VNIS ensures that businesses' websites, applications, and APIs operate stably in the face of all attacks. VNIS's intelligent load balancing system (AI Smart Load Balancing) also helps to analyze and direct appropriate traffic, thereby successfully defending against and responding to any cyberattack.

For ransomware attacks, the VNIS platform acts as a "steel shield", helping to significantly reduce the negative impacts on the business's information system. Accordingly, VNIS can detect and automatically block critical security vulnerabilities listed by OWASP (Top 10 OWASP) such as Broken Access Control, SQL Injection, Cryptographic Failures, ensuring that businesses' websites, applications, and APIs are always protected. In addition, with over 2,000 security rules and CRS (Core Rule Set) management capabilities, VNIS prevents attackers from exploiting security vulnerabilities to encrypt or illegally exploit business data.

In addition, when using the VNIS security solution, units always receive 24/7 monitoring from VNETWORK's SOC room, including timely notification and handling of cyberattacks. A team of experienced cybersecurity experts worldwide ensures that Fintech units maintain tight and effective control over their cybersecurity posture.

With its superior infrastructure, diverse security features, and a team of experienced experts, VNIS is committed to supporting Fintech businesses to develop their business in a safe and reliable network environment.