It’s a time of reflection and anticipation at The Fintech Times throughout December, as we look back at developments and trends over the last 12 months and forward to the year ahead.
We’re pleased to share the thoughts of fintech CEOs and industry leaders from across the globe to 2023’s key takeaways and what we should expect to be top of the agenda in 2024.
Today, we bring you insights from industry leaders regarding the changing dynamics of cybersecurity threats and trends in 2024, including AI’s impact, behavioural biometrics, fraud prevention, masking and enhanced security for financial services.
Leveraging AI
Seth Blank, chief technology officer at Valimail, a platform that uses automation to help companies establish the authenticity of emails, warns of rising cyber threat sophistication driven by AI, making it harder to distinguish genuine from fraudulent communications.
“There will be a significant rise in the sophistication of cyber threats, primarily due to the advancement and widespread use of AI and generative AI. This will lead to an increase in the challenges in determining the authenticity of communications as AI technologies become more capable of imitating real human interactions.
“The potential for more realistic phishing attacks and the spread of disinformation, leveraging AI’s ability to mimic different personas convincingly, will be a part of this. It’s important to underscore that AI can be used not only for beneficial purposes but also maliciously, making it increasingly difficult to discern genuine communications from fraudulent ones.
“As email has been abused by generative content for decades, the ecosystem should look at email’s existing protections as a way to protect itself from the new threats of generative AI.”
Insecure deployment of LLMs
Building on Blank’s concerns about rising cyber threat sophistication driven by AI, Si West, cyber advisory lead at cyber insurance and security provider Resilience, predicts a significant increase in cyberattacks leveraging artificial intelligence.
“Moving into 2024, the threat of cyberattacks to UK organisations will rise significantly with the advent of artificial intelligence, as adversaries increasingly leveraging Large Language Models (LLMs) to accelerate the time to ransom.
“Identity providers will also continue to be targeted, with modern defensive postures being able to bypass controls like multi-factor authentication while threat actors will continue to target third-party vendors to scale their attacks. In fact, our claims data has shown a significant increase in this activity.
“2023 has seen the growth of state-backed cyber criminals, who we anticipate will continue to leverage zero-day vulnerabilities given the increase in zero-day attacks stemming from sophisticated state-backed campaigns in the last six months.
“SaaS businesses should also be increasingly mindful of data privacy violations arising from insecure deployment of LLMs in SaaS-specific products. This is particularly important given the rush in companies rushing to deploy LLMs despite growing concerns about adversarial attacks that could cause these models to inadvertently share sensitive data.
“Perhaps the most significant target for malicious actions in 2024 will be the politically motivated disinformation campaigns in the US and UK election, compromising both political candidates and the respective election processes. This could drive follow-on hacktivist or physical attacks against state institutions for which both countries should be prepared.”
Staying ahead
Lucas Moody, chief information security officer at analytics automation company Alteryx, outlines the increasing sophistication of ransomware attacks and the need for companies to proactively invest in cybersecurity measures.
“The ominous spectre of ransomware looms larger than ever, casting a long shadow over the digital landscape. What makes this predicament even more disconcerting is the remarkable evolution of the malefactors behind these attacks, who have grown significantly more sophisticated in their approach.
“In 2024, we will see these ransomware attackers continue to get more sophisticated and organised. To combat these attacks, executives at these companies will need to stay ahead of the criminals by staying ahead in cybersecurity measures, including investing in their cybersecurity platforms and backup systems to ensure they are not vulnerable to an attack.
“To go further, companies should unite and refuse to pay the ransoms set by the criminals, as it only fuels more attacks in the future.”
Behavioural biometrics
Patrick Smith, founder and CEO at Zally, a Manchester-based deep tech startup, discusses the death of passwords. He predicts a significant shift in the cybersecurity landscape as behavioural biometrics gains traction, highlighting the limitations of traditional password systems and the security risks associated with them,
“I’m predicting a big shift across the cybersecurity landscape within the next 12 months. As a sector, I think we’re finally beginning to embrace the power of behavioural biometrics, which is well overdue. This shift isn’t just about adopting new technology; it’s a fundamental change in how we approach security and user experience. Traditional password systems, while familiar, are beginning to show their limitations. In fact, even 90 per cent of even the strongest passwords can now be cracked within a couple of hours.
“This is far from ideal, especially amidst a context of escalating online fraud rates and heightened cybersecurity concerns. Our reliance on passwords has also led to a considerable burden on users, with an average person needing to remember around 120 passwords. In turn, this often leads to the reuse of the same password across multiple platforms. This habit has made two-thirds of the population vulnerable to security breaches, as a single compromised password can jeopardise multiple accounts.
“At Zally, we’re helping to lead the charge in moving away from this outdated model. Our platform uses advanced behavioural biometrics, integrated through just a single line of code, to continuously authenticate users. This approach not only enhances security – as individual habits are impossible to replicate or hack than traditional passwords – but also offers a seamless user experience. This year, I believe we’ll see more companies recognising the need for these innovative solutions.”
Biometric verification
Joe Palmer, chief product and innovation officer of biometric authentication company iProov, also underscores the adoption of facial biometric verification in financial services.
“Over the past year, many financial services organisations have expanded remote digital access to meet user demand. However, this has widened the digital attack surface and created opportunities for fraudsters.
“The US financial services sector has been slower to adopt digital identity technologies than some other regions which could be attributed to the challenges it faces around regulating interoperability and data exchange.
“Yet, with synthetic identity fraud expected to generate at least $23billion in losses by 2030, pressure is mounting from all angles. Consumers expect to open accounts and access services remotely with speed and ease while fraudsters undermine security through online channels and siphoning money.”
“All the while, there is the serious threat of know your customer (KYC) and anti-money laundering (AML) non-compliance. Penalties for this include huge fines and potentially even criminal proceedings. Further, there is an increased risk of bypassing sanctions, and financing state adversaries. In response, many financial institutions are being prompted to take action.”
“This has involved replacing cumbersome onboarding processes and supplanting outdated authentication methods like passwords and passcodes with advanced technologies to remotely onboard and authenticate existing online banking customers.
“One of the front-runners is facial biometric verification technology, which delivers unmatched convenience and accessibility for customers while at the same time unmatched security challenges for adversaries. More financial institutions will recognise how biometric verification will reshape and redefine the positive impact that technology can have in balancing security with customer experience and will make the switch.”
Playing roulette
Guy Bauman, CMO and co-founder of payments predictions from security firm IronVest, expects card-not-present (CNP) fraud will continue to surge in 2024, especially with the rise of online shopping.
“Research found that card-not-present fraud would make up 73 per cent of all card payment fraud this year. Expect this trend to continue into 2024 as the dominant way of scamming consumers, especially with online shopping.
“This kind of fraud occurs without a scammer needing your physical card to steal your money. Instead, all they need to get their hands on is your credit card number, personal identifying information (PII), such as your name or address, or the three-digit security code on the back.
“As e-commerce continues to develop into a multi-trillion-dollar industry, consumers need to be increasingly weary of not just protecting their physical cards, but their entire digital trail.
“Headed into 2024, consumers are going to continue to wise up to the fact that shopping online is similar to playing roulette – you never actually know if your information is safe. For this reason, they will continue to adopt the use of masked or virtual cards to circumvent handing over their actual card information while transacting online.
“The critical advantage of a virtual card is that it is untraceable to your original information and single-use – meaning consumers maintain anonymity and limit their exposure to fraud to a single transaction. When it comes to data breaches and total account drains, this simple security measure can be the only tool that stands between you and life-changing fraud. Not only this, masking can also be applied to emails and phone numbers, helping to keep consumers’ most precious information under lock and key.”
