Detection and Prevention of Cyber Threats Using Open-Source Applications for Startup-Fintech Firms in Kenya

Abstract

Financial technology (fintech) is emerging as an innovative way to achieve financial inclusion and the broader objective of inclusive growth. With the rise in fintechs, Cybercrimes are steadily emerging, and are unpredictable with increasing in frequency and in sophistication. Cyber risks have been identified as a major challenge because of the potential systemic risks andinteraction with other risks. Despite these cyber threats, start-up fintech firms are unable to implement expensive cyber security detection and prevention applications which might be overkill, both financially and functionally. This problem of cyber-attacks has led to monetary losses for financial institutions through denial of services or direct financial losses and has adversely impacted financial institutions through data privacy breaches and related reputational risks as recent high profile cyber-threats demonstrated. A possible cause of this problem is limited domain knowledge about the types of threats and capability of analysing the possibility of threats and narrow knowledge on functional and least costly tools for detection and prevention of cyber threats. We investigated types of cyber-threats and the available open source applications for detection and prevention of these cyberthreats and discuss the need for fifth generation cyber security architecture. We determined the types of cyber-threats, available open-source applications for detection and prevention, appropriate implementation areas, of prevention applications in campus networks for start-up fintech firms and future architecture for management of cyber security. Results showed that common cyberthreats to fintechs are Malware, Trojan downloaders, Botnets, Denial of Service, Phishing, Social Engineering, Crypto jacking, Web Application attacks and System Vulnerabilities threats. There are several open-source applications for detection and prevention of cyberthreats namely applications; Snort, Suricata, OSSEC, Security Onion, Vistumbler, Smoothwall Express, NG Firewall Free, ClamAV. Current security architectures are outdated and thus there is aneed for implementing fifth generation architecture that includes cloud infrastructure, Internet of Things and Artificial Intelligence.