Death and taxes have long been life’s unavoidable realities. Now, add to that list the rising prevalence of cyberattacks — and the growing imperative for businesses to defend against them, especially in B2B payments.
“You’re only as secure as your weakest link,” Chris Wyatt, chief strategy officer at Finexio, told PYMNTS for the series “What’s Next in Payments: Protecting the Perimeter.” “And we move money, so we can’t have the bad guys finding an easy way in.”
In today’s hyper-connected world, where the lines between digital and physical operations are blurring, safeguarding against cyberthreats has become a cornerstone of business strategy. The stakes are higher, especially for organizations dealing with sensitive financial data and payments, where a breach can lead to financial and reputational damage.
The threat landscape demands that business leaders not only react to cyber incidents but also anticipate and prevent them, particularly when it comes to payment processing.
“The goal, really, is to mandate proactive risk management,” Wyatt said, emphasizing that a forward-looking stance is critical in an industry where even a minor security lapse can have catastrophic consequences. This aligns with Finexio’s practice of embedding security into every layer of its platform to eliminate vulnerabilities in payment processing.
As Wyatt added, Finexio spent the last 12 to 18 months focusing on strengthening its cybersecurity measures. This effort wasn’t just about protecting the company’s own operations but also ensuring its partners and customers benefitted from the highest standards of security.
“There was a big education component we’ve had to do with our customers,” he said, highlighting the interconnected nature of modern business operations. The focus isn’t just on reacting to incidents but on creating an environment where risks are identified and mitigated before they escalate into crises.
One of the key areas Finexio has addressed is vendor management, often a weak spot that cybercriminals exploit. Working closely with customers, Finexio has helped them shift the burden of managing sensitive information, such as automated clearing house (ACH) data, onto the company itself. This not only reduces the risk for customers but also ensures that the data is handled with the highest level of security.
Building resilience and continuity planning into business operations is also becoming table stakes for today’s cyber landscape. Redundancy and resilience are key themes businesses are embracing as they aim to ensure that operations can continue seamlessly, even in the face of unexpected disruptions. This includes building multibank and multipay partner capabilities, as well as replicating environments across different cloud providers to avoid single points of failure.
“Unfortunately, things do go down at times,” Wyatt said, referencing real-world examples like the CrowdStrike incident that disrupted multiple organizations, including major airlines like Delta.
These events serve as reminders that even the most well-prepared companies can fall victim to cyber incidents. The key, Wyatt said, is to have a comprehensive contingency plan in place, one that includes not just technical solutions but also well-documented procedures for dealing with incidents as they arise.
Part of the urgency around the cyberthreat landscape is the fact that the threats are growing increasingly sophisticated, scalable and even industrialized as new technologies like artificial intelligence become more accessible.
Wyatt said the democratization of technology has made complex tools now available to virtually anyone, making it easier for cybercriminals to carry out attacks.
That’s why the potential of AI and large language models to transform how companies manage their cybersecurity efforts is becoming so crucial, he said.
One of the most promising applications of AI lies in simplifying the often overwhelming task of navigating internal documentation. By using language models, businesses can create a system where employees can quickly find answers to complex questions without sifting through countless documents. This not only saves time but also ensures that employees are following the correct procedures, reducing the risk of human error.
As AI and other technologies continue to advance, Wyatt said he believes that businesses will be able to further narrow the “threat window” — the period during which a system is vulnerable to attack. The key is to use these technologies in a way that simplifies operations rather than adding to the complexity.
Wyatt said he sees both cultural and technical changes as essential for staying ahead of the cybersecurity threats. Leadership will continue to play a role, but the involvement of every employee is equally important in scaling the necessary shift from viewing cybersecurity training as a checkbox exercise to making it a core component of the company’s operations.