Cybersecurity Tech Is A Must Have

If you don’t know what cybersecurity is, you need to these days. Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users through ransomware; or interrupting normal business processes. Given recent events, everyone in the mortgage industry needs this technology. To discuss all things cybersecurity, we sat down with Aster Key Co-Founder Brad Blumberg. Here’s what he reported:

QUESTION: How did the volume of cyber breach events at home lending firms and depositories during 2024 compare to prior years?

BRAD BLUMBERG: In 2024, the financial sector, particularly home lending firms and depository institutions, experienced significant cyber breaches, with both the frequency and severity of incidents increasing compared to previous years. Although the final numbers haven’t been tallied, this trend highlights escalating cyber threats. Average data breach costs in the financial sector reached nearly $4.5 million in 2023, reflecting a more than 15% rise since 2020.

QUESTION: What do you expect the volume to be like in 2025?

BRAD BLUMBERG: I expect the volume of cyber breaches in the financial sector to increase next year. Several factors contribute to this projection, including the growing frequency of attacks, rising costs of breaches, and increasing volumes of compromised data. The number of reported incidents is anticipated to grow by 15–20%, reflecting trends in cybercrime and digital transformation. The average cost per breach will likely rise, driven by sophisticated attack methods and higher remediation and regulatory compliance costs. Sensitive data exposure is also expected to climb as attackers target larger, interconnected databases.

QUESTION: What is one of the most interesting breach events you observed this past year?

BRAD BLUMBERG: One notable event was the LoanDepot breach, which stood out due to its public disclosures and settlement discussions. A pending settlement agreement between LoanDepot and plaintiffs could exceed $86 million potentially impacts nearly 17 million individuals. The settlement is awaiting federal court approval. The plaintiffs acknowledged the company’s limited insurance and financial resources to cover more significant judgments without risking insolvency should be a wake-up call to all financial lenders. This breach exposed personal data and led to 20 class action lawsuits consolidated in California.

QUESTION: What are the biggest deficiencies that you see at lending institutions in the protection of customer data?

BRAD BLUMBERG: In medicine, the best doctors focus on treating the person, not just the disease. Lending institutions, however, often focus solely on treating the “disease” of cybercrime. They adopt an emergency room mentality, prioritizing stabilization over addressing root causes. Many don’t question industry-standard practices that might contribute to their problems. Cybercrime is a national issue, but lending institutions face class action lawsuits because they cannot adequately demonstrate they’ve done everything reasonable to protect customer data. The deficiencies can be mitigated with the right approach.

QUESTION: What are your thoughts on the Flagstar-SEC settlement?

BRAD BLUMBERG: Flagstar agreed to a settlement with the SEC over charges of making materially misleading statements about a cybersecurity breach that occurred between November and December 2021. The case highlights the inability of some lending institutions to accurately assess and report breaches in a timely manner. It also reveals how poor advice to, or inaction by the C-suite, can exacerbate crisis management failures. Transparency and swift reporting are critical, and their absence not only erodes trust but also invites regulatory penalties.

QUESTION: What are three things mortgage firms should take to avoid a breach?

BRAD BLUMBERG: First, Monitoring. Mortgage firms must implement robust monitoring systems to detect and respond to potential breaches in real-time. For instance, continuous monitoring of network traffic and login activities can identify unusual patterns, such as spikes in data transfers or login attempts from unauthorized locations or devices, signaling a potential breach. Second, People. Fostering a culture of cybersecurity is essential. This includes educating employees at all levels, from frontline staff to the C-suite, on secure practices like identifying phishing attempts, implementing two-factor authentication, and using strong, unique passwords. Third, Systems. Mortgage firms must map and understand where customer data resides across their infrastructure, including who has access to it, for how long, and through which vendors or investors. Conducting regular audits can uncover vulnerabilities, such as unprotected legacy systems or overly permissive access controls and provide opportunities to strengthen defenses.

QUESTION: How does Aster Key fit into the cyber breach prevention ecosystem?

BRAD BLUMBERG: Aster Key focuses on protecting consumers’ data as they shop for financial services. Our approach to cybersecurity prioritizes protecting the consumer, and our solution provides lenders with a channel where consumers control their own data. We started with the loan application process — rethinking it entirely with the question: why not skip it? Aster Key decentralizes personal and financial data collection to the consumer’s mobile phone, securing it by keeping it off servers and storing personal and financial data separately. Unlike traditional systems with co-mingled databases, we aim to give consumers more control and transparency. In the future, our solution will enable us to track and protect consumer data throughout the mortgage process and broader ecosystem.

INSIDER PROFILE

Brad Blumberg is the founder of Aster Key, a mobile app that stems cybersecurity risk during the application process by empowering consumers to anonymize, organize and encrypt their financial data on their mobile phones. Blumberg is an entrepreneur who co-founded Smarter Agent Mobile, which was acquired by Keller Williams International. Read more about Aster Key at www.asterkey.com. Reach Blumberg at [email protected].