Where there is a large number of users, plenty of money and opportunity, there will usually be cyber crime. Of all sectors in the UK at the moment, FinTech has one of the highest profiles and is most successful. It doubled investment over the previous year to receive a record £2.9 billion in 2017: these are the sorts of headlines that make the avaricious hacker’s eyes light up. Even better for them, these firms are digital through and through, potentially offering more opportunities for compromise.
You may have recognised these risks but not yet found an effective answer. That’s why it could be time to focus on DNS: with Nominet’s help you can turn it into a highly effective tripwire for cyber threats.
Born in the cloud
FinTech firms are digital natives, born in the cloud. They thrive on agile development, innovation and time-to-market in what is a highly competitive sector numbering in the region of 1,600 companies today. Unfortunately, this means security is sometimes side-lined. When asked in 2017 what tech they’re planning to buy-in over the coming year, only a third (32%) of FinTech firms said cyber security.
Pressure on DevOps teams to produce results quickly sometimes means security doesn’t get the billing it deserves, exposing FinTech organisations and their customers to cyber risk. But risk is everywhere today and often originates from more traditional routes like phishing emails. FinTech firms may be staffed by bright, tech-savvy employees, but it takes just one loss of concentration to potentially expose the organisation to ransomware, data theft and more. Add to that the complexity of data transactions, access points, and ensuring money flows until it reaches the intended customer — and security teams have a lot to protect.
In the new GDPR era, FinTech players will need to ensure they’re doing everything in their power to enhance cyber security resilience. Following industry best practices won’t just keep regulators happy, it will increase the partnership opportunities for your organisation. One report reveals that an overwhelming majority (71%) of financial institutions see FinTech firms as a cyber security risk. FinTech firms represent the evolution of the finance industry, and as such new and unknown risks could very well be part of their future.
DNS means security
You may currently be paying little attention to your DNS servers. They sit in the background converting the domain names your users type into IP addresses, while others do the same to ensure external users can visit your corporate apps and websites. In reality however, DNS is regularly exploited as an attack vector by cyber criminals. Part of this stems from its open design, but it’s also compounded by the fact that most firewalls are set up to whitelist DNS traffic.
Thus, hackers have a virtually free reign in many firms, potentially interfering with DNS servers to direct users to phishing or other malicious pages or smuggling stolen data out of the organisation in little batches of DNS queries. They even use it to communicate with infected machines on your network.
So what’s the answer? Fortunately, the very ubiquity of the DNS could be used by security teams to plug in defences. Nominet has developed a security platform that instantly spots the smallest signs of malicious activity hidden in huge volumes of DNS traffic. With this intelligence you can uncover infected machines, prevent data theft and shut down phishing attempts and command-and-control malware.
Our NTX platform is built on two decades of experience securely running .uk and capabilities which now help to run over 30 other TLDs. It’s available as a cloud-delivered threat monitoring and analytics platform (NTXprotect) and a fully managed service (NTXsecure) featuring support from Nominet’s world-class team of threat analysts and DNS experts. It’ll not only give you real-time protection but also vital post-breach forensics to help build resilience for the future.
Most importantly, it will give you the confidence to drive continued digital innovation, growth and success.
Find out more information in our whitepaper.