Building Better Systems: Combating Cybersecurity Threats in Finance and Beyond
The World’s Cybersecurity Problem
Like it or not, we live in a digital world: we make payments, send messages, control smart homes, sign contracts, post selfies, consume media, and even find partners via our screens. Now of course, the freedom of digital convenience relies on one major input to keep the wheels turning: data. As a result, individuals and businesses have adapted to feed an endless string of data into various cloud services and applications in order to make our digital interactions possible. Businesses in particular have fully embraced (and spent billions) on digitizing their operations and processes in order to optimize efficiency, reduce costs and adapt to new technology. And yet, while the positive effects of digitalization can be felt across industries, it has also created digital goldmines containing valuable business intelligence, sensitive customer data, and now, with the rise of blockchain/crypto, virtual financial assets. These digital goldmines serve as attractive bait for hackers/attackers that can exploit weaknesses in systems for malicious purposes and/or financial gain.
But, just how big is this issue? By 2025, the annual global cost of cybercrime is projected to surpass 10 trillion USD. Attackers target everything from critical state infrastructure to enterprise operations via penetrative attacks (executed by internal or external actors), looking to maximize impact and profit. Data breaches have compromised millions of records, often containing sensitive or personal data. Meanwhile, ransomware has caused tens of thousands of outages, with many hitting critical infrastructure. In June 2024, the UK’s National Health Service fell victim to a disruptive cyber attack which wreaked havoc across London hospitals as they were forced to cancel surgeries, and rearrange thousands of patient appointments. Other historic attacks, such as SolarWinds (2020), which resulted in the exfiltration of sensitive data from more than 18,000 organizations to a state actor, and the Colonial Pipeline ransomware attack (2021), which resulted in the East Coast of America suffering shortages of gasoline, further reflect how cybersecurity challenges can cause deep societal disruption and harm.
The financial industry is by no means immune to these threats. A recent survey of over ca. 600 financial services firms found that 65% of the surveyed organizations had already suffered a ransomware attack in 2024, with the average (mean) cost of a breach clocking in at 2.58 million USD. When these attacks graduate to the financial big leagues, the damage can be staggering. One such example is the infamous Equifax hack in 2017, where attackers managed to extract the personal information of roughly 147 million customers, (including Names, Dates of Birth, and Social Security, Driver’s License, and Credit Card Numbers), affecting ca. 40% of the US population at the time. Amidst the madness, enterprises and governments expend endless resources navigating their own complex IT stacks, managing third-party vendors, and purchasing/maintaining the various firewalls and anti-malware products required to keep their systems safe, only to - frustratingly - still fall short. Meanwhile, bad actors are showing no sign of slowing down. In fact, cybersecurity practitioners increasingly fear that AI-powered tools may lower the barrier to entry for bad actors, making their attacks more sophisticated and/or efficient.
Security by Design: Rethinking Systems Infrastructure
In light of this, it seems high-time to rethink the overall approach to systems infrastructure and explore how security can be more efficiently integrated into the very DNA of its architecture. Luckily, there is a better path forward: networks designed as distributed compute platforms. This approach can already be seen in action in the form of public networks, namely the internet computer protocol (ICP) mainnet, which allows applications (from social networks to digital asset exchanges) to run fully on chain via sophisticated smart contract software. In addition to the public mainnet, the benefits of a system based on distributed compute can now also be experienced via UTOPIA (which stands for Unstoppable Tamperproof Open Platform for Independent Autonomy).
UTOPIA’s open source software can be used to create private and sovereign serverless cloud platforms using compute capacity such as servers in data centers, and compute instances provided by existing cloud services. What sets this technology apart is that compute is realized directly by a network protocol, which utilizes mathematical properties that guarantee tamper-resistance and resilience. As a result, hackers (even if they are insiders) cannot interact with the network in ways that allow them to change functionality, “escape” to access private data, or install ransomware that encrypts software and data. The mathematically fault-tolerant protocol ensures that even if hackers gain physical access to a subset of the network’s underlying nodes, they still cannot corrupt or interrupt the cloud or the systems and services it hosts. This heralds a revolution in the way that enterprises and governments can build tamperproof systems and services.
This approach to secure cloud environments offers a unique opportunity to dramatically simplify the development and administration of online systems and services. How? Applications built on top of a UTOPIA cloud environment have the same core security properties as the underlying network infrastructure, eliminating the need for additional, complex add-ons such as firewalls, antimalware, etc. that would be required in traditional setups. Furthermore, applications can be built to scale automatically as more nodes are added to increase capacity. UTOPIA networks also contain built-in protections against insider attacks. Traditional IT stacks rely heavily on said IT personnel for installation, configuration, maintenance, and administration of operating systems, directory services, and applications. These powers are too often abused and give rise to insider frauds. Unlike traditional IT stacks, UTOPIA’s cloud environments include IT tasks as part of the protocol logic, and their execution can be set to exclusively be triggered by designed management workflows.
Embracing Secure, Sovereign Systems
As the world continues to forge ahead on its digital path, we must embrace systems that are designed, from inception, to meet the cybersecurity challenges that an ever-digital world presents. Further, in choosing which systems should host our most precious asset - data - enterprises and governments will increasingly have to weigh the trade-off of convenience (e.g. big tech cloud providers) against the assurance of sovereignty. In light of rising concerns over data privacy, solutions like UTOPIA are slated to truly set a new standard for systems infrastructure, and we certainly look forward to playing our part in this transformation.
About the Author
Article authored by Tracy Trachsler, Head of Institutional Relations, DFINITY Foundation
- Cibersecurity