A critical review of emerging cybersecurity threats in financial technologies

The rapid evolution of financial technologies (FinTech) has revolutionized the financial landscape, providing unprecedented convenience and efficiency. However, this technological advancement has also exposed the financial sector to an escalating array of cybersecurity threats. This paper presents a critical review of emerging cybersecurity threats in FinTech, analyzing the challenges and vulnerabilities faced by financial institutions in an era of increasing digitalization. The study delves into the complex landscape of cyber threats, exploring the spectrum from traditional threats, such as phishing and malware attacks, to sophisticated and evolving threats like ransomware, supply chain attacks, and artificial intelligence-driven cyber threats. The analysis highlights the interconnectedness of FinTech platforms, making them susceptible to systemic risks and cascading failures. Furthermore, the paper evaluates the impact of regulatory frameworks and compliance measures on mitigating cybersecurity risks in the FinTech domain. It assesses the effectiveness of current strategies and suggests potential enhancements to address the dynamic nature of cyber threats. A significant portion of the review focuses on the role of human factors in cybersecurity, emphasizing the need for robust training and awareness programs to empower financial professionals and users alike. Social engineering attacks, insider threats


Introduction
Financial technology (FinTech) has rapidly evolved, revolutionizing the financial sector through the integration of technology into financial services.The evolution of FinTech has significantly impacted the financial sector, leading to increased efficiency, accessibility, and innovation.The significance of FinTech in the financial sector is evident in its ability to enhance financial inclusion, streamline operations, and improve customer satisfaction.However, the rapid integration of technology in financial services has also brought about emerging cybersecurity threats and vulnerabilities, necessitating a critical review of these challenges.
The purpose of this critical review is to address the growing need for cybersecurity in FinTech and to analyze the emerging threats and vulnerabilities that accompany the integration of technology in financial services.Effective cybersecurity risk management is crucial for financial institutions to defend against cyber-attacks and safeguard their operations (Urus & Mohamed, 2021).Additionally, the FinTech revolution poses significant risks, including cybersecurity threats and data privacy concerns (Singhvi & Dadhich, 2023).Therefore, this critical review aims to provide insights into the cybersecurity challenges faced by the FinTech industry and offer an analysis of the emerging threats and vulnerabilities that have the potential to disrupt financial services.
The evolution of FinTech has transitioned through distinct eras, signifying the continuous advancement and integration of technology in the financial sector (Arner et al., 2015).This evolution has led to the positive outcomes of FinTechdriven transformations, including increased financial inclusion, streamlined operations, and improved customer satisfaction (Awaliyah, 2023), but has also introduced new risks, particularly in the area of cybersecurity.The critical review will delve into the historical evolution of FinTech and its impact on the financial sector, providing a comprehensive understanding of the context in which emerging cybersecurity threats have emerged.
In conclusion, the critical review of emerging cybersecurity threats in FinTech is essential to understand the implications of technology integration in financial services.By addressing the need for cybersecurity in FinTech and analyzing the emerging threats and vulnerabilities, this review aims to contribute to the development of effective risk management strategies and the safeguarding of financial systems in the digital era.

Traditional Cybersecurity Threats in FinTech
Traditional cybersecurity threats in the FinTech industry, such as phishing and malware attacks, pose significant risks to financial institutions and their customers.Phishing attacks involve various methods and techniques, including fake emails and websites designed to steal user credentials (Gupta et al., 2017;Orieno et al., 2024).These attacks can lead to financial damages, identity theft, loss of private information, and damage to brand reputation, affecting both individuals and financial institutions (Mohammad et al., 2015).Additionally, phishing attacks have been identified as a major problem in the cyber world, causing financial losses for industries and individuals (Jain & Gupta, 2017; Ezeigweneme et al., 2024).
Malware attacks targeting FinTech encompass various types of malicious software, each with its own consequences and countermeasures.These attacks often result in the loss of confidential customer information, financial loss, and the weakening of trust in financial institutions (Ozcan et al., 2021;Ohenhen et al., 2024).Countermeasures against malware attacks include the use of advanced detection techniques and intelligent decision support systems to prevent illicit activities such as identity theft and fraud perpetuated by cybercriminals (Adebowale, 2021;Adeleke et al., 2019).
In response to these threats, research has focused on developing detection and prevention techniques.Machine learning and data mining methods have been explored for detecting phishing websites, with the aim of raising awareness and protection techniques against phishing attacks (Ali, 2017;Ilugbusi et al., 2020).Furthermore, the use of hybrid models combining deep learning and recurrent neural networks has been proposed for detecting phishing URLs, highlighting the need for advanced technological solutions to combat these threats.
In conclusion, traditional cybersecurity threats, particularly phishing and malware attacks, continue to pose significant challenges to the FinTech industry.These threats have far-reaching impacts, including financial losses, identity theft, and damage to brand reputation.As a result, there is a growing emphasis on developing advanced detection and prevention techniques, leveraging machine learning, data mining, and intelligent decision support systems to enhance cybersecurity in the FinTech sector.

Advanced and Evolving Cyber Threats
Ransomware attacks have indeed seen a significant increase in recent years, posing a growing threat to financial institutions (Zakaria et al., 2017;Vincent et al., 2021).These attacks can lead to severe implications for financial institutions, including financial losses, reputational damage, and regulatory scrutiny.Additionally, the rise in ransomware incidents has targeted cloud storage, necessitating the development of hypervisor-level ransomware detection using machine learning (Purnaye, 2024).This highlights the evolving nature of ransomware attacks and the need for advanced detection and prevention mechanisms.
Supply chain attacks, particularly in the FinTech sector, have exposed vulnerabilities in the supply chain, making it imperative for financial institutions to implement robust strategies for prevention and response (Niekerk, 2023;Abrahams et al., 2023).The interconnected nature of the FinTech supply chain has made it susceptible to exploitation, emphasizing the need for proactive measures to mitigate these risks.Artificial intelligence (AI) is increasingly being exploited in cyber attacks, posing future implications for FinTech security (Çatal et al., 2021;Anamu et al., 2023).The application of deep learning for mobile malware detection has revealed the dominance of ransomware as a significant threat, necessitating the development of advanced detection techniques.Furthermore, the exploitation of AI in cyber attacks underscores the need for continuous advancements in cybersecurity to counter these evolving threats.
In conclusion, the rise in ransomware incidents, vulnerabilities in the FinTech supply chain, and the exploitation of AI in cyber threats collectively highlight the advanced and evolving nature of cyber threats facing financial institutions.Addressing these challenges requires a multi-faceted approach, encompassing advanced detection technologies, robust supply chain security measures, and continuous advancements in cybersecurity to ensure the resilience of FinTech systems.

Systemic Risks and Interconnectedness
The interconnectedness of FinTech platforms has indeed transformed the financial landscape, creating a complex web of relationships and dependencies (Haldane & May, 2011).This interconnectedness has led to the emergence of systemic risks, particularly concerning cyber threats.Cyber threats pose a significant systemic risk to financial networks, as demonstrated by the potential for contagion in financial systems (Gai & Kapadia, 2010;Adaga et al., 2024).The interconnected nature of financial systems amplifies the impact of cyber threats, leading to potential cascading failures that can disrupt the entire financial ecosystem.
Cascading failures in interconnected financial networks can have severe consequences, affecting the stability and functioning of the entire financial system.Mitigating these cascading failures requires a comprehensive approach that addresses the complex interdependencies within the network (Smolyak et al., 2020;Abrahams et al., 2024).Furthermore, understanding cascading failures as continuous phase-space transitions provides valuable insights into the dynamics of systemic risk in interconnected financial systems (Yang & Motter, 2017;Hassan et al., 2024).
In conclusion, the interconnectedness of FinTech platforms has introduced systemic risks, particularly in the face of cyber threats.These risks can lead to cascading failures within the financial ecosystem, necessitating robust mitigation strategies to ensure the stability and resilience of the interconnected financial networks.

Regulatory Frameworks and Compliance
Regulatory frameworks and compliance are crucial in ensuring the security and integrity of various sectors, including cybersecurity and FinTech.Existing cybersecurity regulations are essential for governing cybersecurity measures, as revealed by (Mwelu et al., 2018;Balogun et al., 2024).The study highlights the positive impact of sanctions, inefficiency of the public procurement regulatory framework, and contractors' resistance to non-compliance on compliance within a regulatory framework.Additionally, Kharlamov & Pogrebna (2019) develop a new framework linking cross-cultural human values, regulation, and governance in the area of cybersecurity, emphasizing the importance of understanding cultural commitment toward regulation and governance.
In the FinTech sector, compliance measures are central to cooperation and delegation of authority, as indicated by (Buvik, 2013).Furthermore, Biasin (2023) examines the new cybersecurity requirements for medical devices in the EU, emphasizing the need for compliance with evolving regulatory frameworks.Additionally, Aliyu et al. (2020) propose a Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom, incorporating security and privacy regulations, and best practices that institutions must comply with.
To enhance regulatory frameworks, it is crucial to address fragmented authority and reliance on existing frameworks, as highlighted by (Lewallen, 2020).Furthermore, Walton et al. (2020) emphasize the importance of guidance on the disclosure of cybersecurity risks and incidents, along with potential internal control solutions, to enhance regulatory frameworks.Additionally, Schmitz & Cole (2022) discuss the proposals for a NIS 2.0 Directive and a Cyber Resilience Act, outlining how these initiatives will complement existing regulatory gaps and contribute to a more efficient and coherent regulatory framework in the EU.
In conclusion, the synthesis of these studies underscores the significance of existing cybersecurity regulations, the evaluation of compliance measures in the FinTech sector, and the recommendations for enhancing regulatory frameworks.By addressing inefficiencies, cultural values, and proposing new assessment frameworks, the regulatory landscape can be strengthened to ensure robust cybersecurity and compliance in various sectors.

Human Factors in Cybersecurity
Social engineering attacks are a significant threat in cybersecurity, exploiting human vulnerabilities to gain unauthorized access to sensitive information.These attacks employ various tactics, including persuasion, social influence, and deception, to manipulate individuals into divulging confidential data or performing actions that compromise security (Wang et al., 2021).Tactics used in social engineering attacks encompass a wide range of human factors, such as cognitive biases, emotions, and personality traits, which can be exploited by skilled attackers to create security vulnerabilities (Wang et al., 2021;Akindote et al., 2023).Human-based attacks are sophisticated and hard to detect, making their mitigation necessary (Salahdine & Kaabouch, 2019).Mitigation strategies for social engineering attacks involve building a resilient insider threat program, creating a culture of cybersecurity awareness, and implementing user awareness training programs for financial professionals and users (Airehrour et al., 2018;Akindote et al., 2024).These strategies aim to enhance individuals' ability to recognize and resist social engineering tactics, thereby reducing the success rate of such attacks.
Insider threats pose a significant risk in the FinTech sector, where malicious insiders can exploit their access to sensitive financial data for personal gain or to inflict harm on the organization.Building a resilient insider threat program is crucial to effectively mitigate these risks.Such a program should encompass comprehensive monitoring of user activities, implementing strict access controls, and conducting regular security awareness training to educate employees about the potential dangers of insider threats (Siddiqi et al., 2022;Babarinde et al., 2023).
User awareness plays a pivotal role in mitigating social engineering attacks and insider threats.Training programs for financial professionals and users are essential to equip individuals with the knowledge and skills to identify and respond to potential security threats effectively.Creating a culture of cybersecurity awareness within organizations fosters a proactive approach to security, encouraging employees to remain vigilant and report any suspicious activities promptly (Syafitri et al., 2022;Ogundairo et al., 2023).
In conclusion, human factors play a critical role in cybersecurity, particularly in the context of social engineering attacks and insider threats.Understanding the tactics used in social engineering, implementing mitigation strategies, addressing insider risks in FinTech, and emphasizing the importance of user awareness are essential components of a comprehensive cybersecurity approach.

Future Outlook
The evolving landscape of cyber risks in financial technologies is crucial to understand.Several studies have provided valuable insights into the challenges and opportunities that lie ahead.Raban & Hauptman (2018) conducted a long-term foresight study to identify major threat drivers and emerging technologies likely to impact defense and attack capabilities in cybersecurity.Their study emphasizes the importance of understanding emerging technologies that could shape the future cybersecurity landscape.Furthermore, Sadik et al. (2020) focused on the cybersecurity of smart grids and emerging trends such as using blockchain in the Internet of Things (IoT).This highlights the growing significance of integrating advanced technologies into cybersecurity frameworks to mitigate emerging threats.Moreover, Lee (2020) emphasized the increasing importance of cybersecurity in the Internet of Things (IoT) and the growing threat of cyberattacks, indicating a shift in focus towards securing interconnected devices and systems.
Additionally, Osak et al. (2020) highlighted the acute aspects of cybersecurity in the energy systems of the future, particularly in the era of total digitalization.Their study underscores the need to address large-scale cyber attacks on critical infrastructure, including power systems, reflecting the evolving nature of cyber threats in essential sectors.
These studies collectively underscore the growing significance of understanding emerging technologies, securing interconnected systems, and addressing critical infrastructure vulnerabilities in shaping the future outlook of cybersecurity threats in financial technologies.

Recommendation and Conclusion
Based on the critical review of emerging cybersecurity threats in financial technologies (FinTech), several key findings have been identified that necessitate urgent attention and strategic response.The increasing sophistication of cyber threats poses a significant risk to the integrity and security of financial systems.To address these challenges effectively, the following recommendations are proposed; the review highlights the dynamic and evolving nature of cyber threats in the FinTech sector.Threat actors are constantly adapting their tactics, techniques, and procedures to exploit vulnerabilities and circumvent traditional security measures.Data breaches continue to be a prevalent threat, compromising sensitive financial information and eroding public trust.The review underscores the need for robust data protection measures to safeguard customer information and maintain the confidentiality of financial transactions.The interconnected nature of FinTech ecosystems introduces vulnerabilities in the supply chain.Cybersecurity risks extend beyond individual organizations, requiring a collaborative and holistic approach to address potential weaknesses in the broader financial infrastructure.
Given the dynamic nature of cyber threats in FinTech, it is imperative for financial institutions, regulatory bodies, and technology providers to adopt a proactive and adaptive cybersecurity strategy.Implementing real-time monitoring systems and leveraging threat intelligence to identify and respond to emerging threats promptly.Embracing cuttingedge technologies such as artificial intelligence and machine learning to enhance anomaly detection, threat prediction, and automated response mechanisms.Recognizing the role of human factors in cybersecurity, organizations should invest in comprehensive training programs to educate employees on cybersecurity best practices and promote a culture of security awareness.Encouraging collaboration among industry stakeholders, sharing threat intelligence, and collectively addressing cybersecurity challenges can strengthen the overall resilience of the FinTech ecosystem.
To stay ahead of emerging cybersecurity threats in FinTech, future research should focus on the following areas; given the potential threat posed by quantum computing to traditional encryption methods, exploring and adopting quantumsafe cryptographic techniques is crucial for securing financial transactions in the future.As blockchain technology continues to play a pivotal role in FinTech, research should delve into enhancing the security of distributed ledger systems and smart contracts.Developing and refining regulatory frameworks that adapt to the evolving cybersecurity landscape, ensuring that they are effective, enforceable, and facilitate innovation without compromising security.
In conclusion, the critical review of emerging cybersecurity threats in FinTech underscores the importance of a proactive and adaptive approach to cybersecurity.Organizations must invest in advanced technologies, employee training, and collaboration to stay resilient against evolving threats.Future research should focus on quantum-safe cryptography, blockchain security, and regulatory frameworks to ensure the continued security and stability of financial technologies.By implementing these recommendations, stakeholders can contribute to a more secure and resilient FinTech ecosystem.

Disclosure of conflict of interest
No conflict of interest to be disclosed.