Connect with us

Banking

ALL EYES ARE ON YOU – CYBER RESILIENCE REMAINS AT THE HEART OF BANKS’ SECURITY

Published

on

By Ed Williams, EMEA Director of SpiderLabs at Trustwave

 

Unsurprisingly, banks and other financial institutions are popular targets for cyber criminals, and so the sector regularly experiences high volumes of attacks. In fact, throughout last year, 70 percent of UK financial sector firms suffered a cyber attack.

These organisations have always been big targets for criminals, back to when physical bank robberies were the norm, but the recent switch to remote working has certainly triggered a surge in cyber activity.  All industries felt the pressure of having to re-establish themselves as remote companies, leaving most fearing the impact of this shift on their cyber security stance. Ponemon Institute’s recent survey found that 57 percent of UK finance companies felt remote working left their employees exposed, with 41 percent fearing that remote workers are putting the business at risk of major data breaches.

With remote working came greater migration to the cloud. This in turn added to the vast avenues that hackers could take to break into the company network. In particular, banking technology has been greatly affected by the advancements made, especially mobile devices that collect and hold sensitive credentials and personal details.

Ed Williams

Unfortunately, not only do banks have to defend against external threats, but also those from within. Around 20 percent of attacks on finance companies originate from internal, financially driven adversaries. Understanding where the primary weaknesses lie in a bank’s defence line is the first step towards strengthening their position.

Let’s break these weaknesses down.

 

Connecting to the cloud

One of the biggest potential weak spots for finance companies is the move to the cloud. If not deployed with the necessary cyber measures and complete understanding of how best to manage security policies, links to the cloud could leave businesses exposed to adversaries waiting just outside the perimeter. It’s important to remember that anything built for the cloud, should also be secured for the cloud.

The promise of cost-effective infrastructure and strong results for customer experience quickly outweigh the potential risks for a lot of companies. And the threats facing banks should not hinder their digital progress. As long as the appropriate security measures are taken, finance companies can advance their systems with confidence.

 

Gaps in the supply chain

Managing the security of your own company is one thing but having to consider the measures taken by all businesses connected to your network is something else entirely. Supply chains are a fundamental part of all organisations, but they also have the potential to unravel the security that a business has worked tirelessly to deploy.

Not only does the attack surface become a whole lot bigger for banks, but they too could become weak points for third party companies. Banks play central roles in business transactions and product imports and exports, so they’re often connected to hundreds of supply chains at any one time. Experiencing a breach could have devastating consequences for the rest of the supply chain as it’s likely all financial activity would cease until resolved.

 

Boosting cyber resilience

With these vulnerabilities in mind, businesses should look to develop their unique and detailed cyber resilience strategy, incorporating the four steps: plan, build, test and run. Jumping headfirst into a security scheme without fully planning each stage in detail could result in elements being overlooked and the entire plan unravelling.

No two businesses are the same when it comes to developing a cyber security strategy. There are so many factors to consider, like size and digital maturity, which will have significant impacts on the overall scheme. Another significant consideration is whether the company still relies on on-premises set ups or if they have transitioned to the cloud. Either way, no further steps should be taken until IT teams have a comprehensive overview of their network infrastructure.

When it comes to testing the different elements of the strategy before the final launch, it’s worth employing external red teams to deliver an in-depth and thorough security and vulnerability report. Red teaming exercises involve security professionals taking on the role of threat actors to test different areas of business security and see how far into the network they can breach, identifying vulnerabilities along the way. The activity is usually very specific and focuses on selected areas of the security barrier. Using an in-house team is also a viable option – the most important thing is to accept any issues that arise and treat them as steppingstones to achieving the top-level security plan that the security landscape demands.

Beyond this, finance companies should consider the role of artificial intelligence (AI) and machine learning (ML) and the benefits they can provide. While there is still some uncertainty around the role that these technologies can play within a business, there is one important point to bear in mind: neither AI nor ML should be deployed for cognitive thinking. Human intuition is a fundamental part of a security strategy, and AI should only be introduced to assist workers in their day-to-day role. This includes freeing up employees to focus on high-value tasks, such as customer experience, as well as managing other more complex areas of security.

 

Security on two fronts

There is a final element that security teams should consider when planning out their defensive strategy. Despite most businesses now operating on the digital plane, physical security remains a vital factor. Most red teaming exercises involve scoping out physical company buildings, which usually hold large numbers of devices. During the first period of mass remote working last year, empty offices were sitting targets for criminals looking to hack the network from the heart of the business. This will undoubtedly remain an issue moving forwards.

From working closely with physical security teams, to keeping access permissions on a restricted list, there are plenty of steps finance organisations can take to strengthen their defences against threat actors. If money does indeed make the world go round, then the institutions at the centre of it all must remain strong and resilient. Keeping malicious attackers at bay must be priority number one.

 

Banking

COMBINED RISE OF M&A AND CYBER RISK CREATES STORMY SEAS FOR INVESTORS

Published

on

UK organisations carrying out merger and acquisition (M&A) activities must improve pre-acquisition due diligence of software vulnerabilities

By Philippe Thomas, CEO at Vaultinum

At present, the UK is seeing a sharp rise in M&As. Indeed, in the first quarter of 2021, the UK saw a £1.1 billion increase in domestic M&As when compared with the same period in 2020 (Office for National Statistics). This trend is set to continue, with 57% of UK executives reporting that their companies intend to pursue M&As in the next 12 months, and 65% of these respondents focusing on cross-border acquisitions (EY). As such, UK businesses have given a clear vote of confidence in moving forward with M&As, making them a focal point for accelerated organisational growth and development.

Philippe Thomas

Traditionally, organisations and investors have conducted due diligence covering financial, legal, operations, and human resources. Comprehensive software due diligence is not always carried out systematically, which has significant adverse consequences given that a company’s technology is increasingly its primary asset. As non-tech organisations use more and more tech for their day-to-day operations, and as the number of tech-forward companies grow, new issues have arisen which are overlooked in traditional due diligence.

 

A crucial time for tech security

Data breaches during M&As have become infamous during the last few years, with more than 1 in 3 executives surveyed by IBM reporting data breaches associated with M&A activity during the period of integration. This figure could be set to increase, as statistics highlight that cyber-attacks are rising sharply in the UK. According to Sophos data, 51% of UK organisations were affected by ransomware attacks in 2020, with criminals successfully encrypting data in 73% of these attacks. Cybercriminals are increasingly targeting organisations in ransomware attacks with the eventual goal of large-scale business interruption. Carrying out comprehensive due diligence that assesses both software and source code during the pre-acquisition phase enables the early identification of data breach risks, providing the acquirer with a full view of the financial and legal consequences at this stage of negotiations.

Acquiring or merging with a secondary company that has hidden data vulnerabilities can impact the primary company’s business operations, investor relations and reputation. The most well-publicised example of this occurred in 2017, when Verizon revealed a pre-merger data breach at Yahoo!. During negotiations of the merger, it was revealed that Yahoo! had experienced a data breach during which a hacker stole the personal data of at least 500 million users, followed by a second data breach in which 1 billion accounts were compromised and users’ personal information and login credentials stolen. In this instance, Verizon had done their due diligence, and were able to make an informed decision about going ahead with the deal. If Verizon had not carried out any tech due diligence, and this data breach had not been revealed during the negotiations, Verizon could have overpaid for Yahoo!, as well as experiencing long-term legal and reputational damage. Instead, both companies understood the liabilities before entering into an agreement.

Other companies have not been so lucky. In 2016, Marriott International purchased Starwood Hotels & Resorts for $13.3 billion. Two years following the merger, Marriot revealed a huge data breach in Starwood’s reservation system that occurred pre-merger in 2014, in which 400 million guest records were exposed through a security flaw. This resulted in a $123 million GDPR fine by Britain’s Information Commissioner’s Office, as well as reputational damage for both Marriott and Starwood. This is an example of an instance in which insufficient software due diligence prior to the merger has catastrophic consequences for both the acquirer and the target company later down the line.

Software due diligence highlights risks and weaknesses in digital assets. This can bring to light data security issues, as well as other vulnerabilities such as intellectual property risks linked to the use of open-source software (OSS) licences and maintainability complications. All of these risks can affect the overall quality of the asset, and thus its value for the acquirer and so uncovering them through comprehensive due diligence at the pre-acquisition stage is essential.

 

Understanding open-source software (OSS)

For any M&A activity in which the target company’s software is a significant asset of the deal, which is now the case in most start-ups which have AI or algorithms at the heart of their offer, the issues do not end with hidden data vulnerabilities. Today, software developers often rely on public code repositories available on websites like GitHub or Stack Exchange, as OSS has a number of significant benefits, most notably that it appears to be free at the point of use. However, many OSS licences are often offered subject to conditional restrictions. When using OSS to create derivative products or linking source code to OSS, the integrated product becomes subject to these conditional restrictions, which can include making all or part of the code public or paying a fee for its use. In other words, a company may not have full rights to their product or software.

This is problematic for any tech-enabled company in general, but can be uniquely catastrophic during M&As. If acquirers carry out comprehensive due diligence in the pre-acquisition phase and discover any such OSS embedded in the target’s software, they may walk away from the deal entirely, or at the very least adjust its value and/or terms. If acquirers do not implement comprehensive due diligence, they become liable for the target’s previous use of OSS, and any terms relating to its licencing.

 

Algorithms add robustness to tech audits

Carrying out comprehensive software due diligence is essential during the pre-acquisition phase, to avoid the aforementioned issues associated with data breaches and software licencing. Today’s advances in AI technology enable these audits to be thorough, analysing every line of code to identify possible cyber vulnerabilities, intellectual property issues (usually linked with the use of open-source code) and maintainability risks.  These methods enrich traditional tech due diligence, by making audits more objective and less susceptible to human error.

Ultimately, this approach protects the acquirer’s reputation, ensures business continuity, and helps avoid possible legal liability for the target’s previous vulnerabilities.

 

Continue Reading

Banking

THE GROWTH OF DIGITAL BANKING: WHY COLLABORATING WITH FINTECHS IS CRUCIAL TO ADAPT TO CUSTOMER DEMANDS IN LIGHT OF THE PANDEMIC

Published

on

The growing customer demand for a seamless digital banking experience looks set to transform how the entire banking industry operates. Traditional banks have been left playing catch up with the emergence of new fintech players and challenger banks. The demand for slick digitally finance solutions is led by the digital native generations, the millennials and Gen Z. However, the coronavirus pandemic accelerated the uptake of online shopping and remote working for whole swathes of the population. Even the older generations have been left wondering why accessing banking services online remains so cumbersome.

Consumers’ growing desire to access financial services through digital channels has already led to a surge in various new banking technologies which are reconceptualising the banking industry. Consumers have rapidly moved to adopt payment solutions such as those offered by apps like Revolut.

Manoj Mistry

Retail banks continue to launch platforms in the Banking as a Service (BaaS) space, in an effort to remain competitive. An example of this in the UK is how NeoBank (Starling) used to only offer business to consumer (B2C) retail banking services. However, once it launched its BaaS platform, Starling was able to rapidly diversify to include consumer services.

New technologies like blockchain and artificial intelligence (AI) continue to evolve, and look set to have an enormous impact on banking over the next three to five years. The type of cryptocurrencies that we have seen to date look set to be far more tightly regulated, given significant governmental concerns about their potential for misuse in cybercrime and money laundering.

In the blockchain space, the transformative development which will accelerate the rise of digital finance is the advent of central bank-backed digital currencies. The US Treasury has described the creation of a digital dollar as a high priority project. China is already trialling its digital Yuan. Meanwhile, the ECB is actively pursuing its plans to launch a digital Euro. The launch of stable, highly secure digital currencies, underpinned by major central banks, looks set to ensure that digital finance will permeate every area of our lives in the not too distant future.

How we use digital finance is also set to change radically. We are used to seeing new technology emerge from Silicon Valley. However, an analysis by KPMG Australia suggests that a new breed of apps which prefigures the future of digital finance has already emerged in the East. The report notes that “super apps” are “already encroaching on traditional financial services territory”.

Super apps are defined as apps which “essentially serve as a single portal to a wide range of virtual products and services. The most sophisticated apps – like WeChat and Alipay in China – bundle together online messaging (similar to WhatsApp), social media (similar to Facebook), marketplaces (like eBay) and services (like Uber). One app, one sign-in, one user experience – for virtually any product or service a customer may want or need.

“Due in large part to their versatility, super apps have quickly become ingrained into users’ daily lives. It is not unusual for a WeChat user in China to set up a date with a friend via instant messaging, make dinner reservations, book movie tickets, order a taxi and pay for every transaction along the way, all using one single app.”

We are already beginning to see trends in this direction in the Western world, with Facebook launching a marketplace and even a dating service within its social network. Facebook also attempted to launch its own digital currency, Libra, but this move stalled when it ran into significant governmental opposition. However, Facebook hasn’t given up, and it is determinedly pursuing the launch of a revamped stablecoin, Diem, which has been redesigned to address regulatory concerns.

A group of Citi analysts recently wrote an interesting research paper, which predicts that “the story of digital money in the 2020s will be the growth of tokenised money”. Noting that both Big Tech and Central Banks “are building new payment formats and rails,” they say that “while stablecoins such as Diem await regulatory approval, they could benefit from the huge network effects of their Big Tech sponsors. In fact, Diem could be an effective tokenised payment format inside the Facebook universe.” The paper predicts that “Stablecoins, such as Diem, could benefit from the huge network effects of their Big Tech sponsors”. With 3.3 billion monthly users, Facebook certainly has remarkable global reach.

The idea of an integrated tech platform which enables people to interact and purchase goods and services – including financial services – is now being pursued by many major players.

Amazon has long been rumoured to be planning to launch its own bank. Yet, research by CB Insights concludes that, “from payments and lending to insurance and checking accounts, Amazon is attacking financial services from every angle without even applying to be a conventional bank.” This is perhaps not surprising. After all, tech companies rarely replicate existing models. They usually find disruptive new ways to achieve the outcomes that consumers want. Even the messaging service, WhatsApp, has recently moved into financial services with the launch of WhatsApp Pay.

As money becomes digitised and tokenised and ever more areas of our lives move online, the distinction between an online marketplace, a social network and a financial services provider will continue to blur. How traditional financial services companies react to these developments remains to be seen. Some may partner with tech companies in creating new services. For example, Visa and Mastercard were involved with Facebook’s Libra stablecoin project. Visa also responded to the popularity of peer to peer payment services such as Revolut by launching Visa Direct, which enables users to make payments directly to another account in 30 minutes. Most major banks now support Apple Pay, which enables users to authorise payment by scanning their face or thumb.

Banks can also collaborate with tech companies in terms of data sharing, in order to better understand what their customers want. A company like Amazon knows what books people like, what music they listen to and what they purchase. By combining such data with wider financial data, remarkably predictive Big Data models could be created. Some banks might increasingly pursue opportunities to monetise data, while others might make privacy their unique selling point.

The banking sector fundamentally deals with money. Yet, the very nature of money is set to change, as it becomes digitised. Banks are no longer merely competing with each other, but they are both competing and collaborating with tech companies and social networks. Looking ahead, the only certainty we have is that we are in for a period of remarkable change.

Continue Reading

Magazine

Trending

News2 days ago

FINTECH COMPANY PAYEN CHOOSES AQILLA FOR ITS LIMITLESS SCALABILITY AND SUPERIOR MULTI-CURRENCY FEATURES

Payen is a fast-growing FinTech company that provides gateway Payment and FX services to online merchants. Having launched in 2010,...

Business2 days ago

THE ACCELERATION TOWARDS A MOBILE FIRST ECONOMY

By Brad Hyett, CEO at phos   Over the last year, we have seen a big shift towards contactless payments....

News2 days ago

NEW RESEARCH REVEALS KEY ROLE OF KYC COMPLIANCE IN DRIVING CUSTOMER LOYALTY, ADVOCACY AND NEW BUSINESS

The impact of financial crime for institutions goes beyond crippling fines   A piece of original research conducted by RegTech...

Business2 days ago

HOW MERCHANTS CAN IMPROVE THE ONLINE PAYMENTS EXPERIENCE

By Alan Irwin, Senior Director of Product at Global Payments UK   The dramatic increase in online shopping over the...

Business2 days ago

JUMP-STARTING PROCUREMENT TRANSFORMATION WITH A CLEAR AND REALISTIC PLAN

by Alex Klein, COO at Efficio Consulting   Following a period of ongoing economic uncertainty, business spend has risen high...

Finance2 days ago

NAVIGATING FINANCIAL SERVICES IN 2021: LOW-CODE TO THE RESCUE

Nick Ford, Chief Technology Evangelist, Mendix   Financial services are the poster child of great digital transformation: today, Britons can...

News2 days ago

PAYSAFECARD AND NEO EXTEND THEIR SUCCESSFUL PARTNERSHIP

paysafecard, a market leader in eCash payment solutions, and NEO, one of the most successful FIFA teams in the world,...

Finance2 days ago

WHY THE NORDICS WILL CONTINUE TO LEAD THE WAY IN DIGITAL PAYMENTS

Kriya Patel, CEO, Transact Payments   While the recent introduction of PSD2 — the second iteration of the EU’s Payment...

Banking2 days ago

COMBINED RISE OF M&A AND CYBER RISK CREATES STORMY SEAS FOR INVESTORS

UK organisations carrying out merger and acquisition (M&A) activities must improve pre-acquisition due diligence of software vulnerabilities By Philippe Thomas,...

News2 days ago

PPRO CLAMPS DOWN ON FINANCIAL CRIME RISKS, PARTNERING WITH AND INVESTING IN AI-DRIVEN TRANSACTION MONITORING STARTUP SENTINELS

PPRO, the leading local payments infrastructure provider, has today announced a strategic partnership and minority investment in Sentinels, Europe’s leading transaction...

Business2 days ago

EMV® IN TRANSIT: WHY AND HOW?

Taoufik Sakhi, Smart Mobility Technical Advisory Director at Fime   Today, contactless cards provide a fast and frictionless payment experience,...

News2 days ago

INSTANDA ENTERS THE MIDDLE EASTERN MARKETPLACE

INSTANDA expands global footprint by working with new client, NewTechMe  First product distributed in the Middle East  Announcement signals INSTANDA’s understanding of NewTechMe’s vision to drive digital transformation in UAE...

News2 days ago

RGU LEADS EUROPEAN INTER-REGIONAL NORTH SEA PARTNERSHIP TO HELP HOMEOWNERS IMPROVE ENERGY EFFICIENCY

NB: Image from left to right includes:   Mike Bauermeister, Kishorn Insulations, Jamal Alabid, RGU, Amar Bennadji, RGU, Richard Laing, RGU,...

News2 days ago

JUMIO APPOINTS JENNIFER N. HARRIS TO BOARD OF DIRECTORS

Addition of veteran CFO comes amid period of record growth and product expansion at Jumio   Jumio, the leading provider...

News2 days ago

WISE LAUNCHES ASSETS, YOUR WISE ACCOUNT INVESTED IN THE WORLD’S LARGEST COMPANIES

Assets offers current account flexibility, with the potential for investment returns Wise, the global technology company building the best way...

Finance3 days ago

A CHECKLIST FOR RETRENCHMENT READINESS

By Shelley van der Westhuizen, head of financial well-being strategy & applied research at Alexander Forbes   Your health may not...

News3 days ago

EQUIDUCT LAUNCHES TRADING IN EXCHANGE TRADED FUNDS FOR RETAIL INVESTORS IN EUROPE

Equiduct will offer 436 ETFs and ETPs for trading through Apex   Equiduct, the pan-European retail exchange, announced today that...

Finance5 days ago

THE IMPORTANCE OF MANAGING DATA RISK IN THE FINANCE FUNCTION 

Written by Steph Charbonneau, Senior Director of Product Strategy, Vera by HelpSystems     CFOs and financial controllers play a pivotal role in how organisations evaluate and manage...

Business5 days ago

THE DEMAND FOR BETTER B2B PAYMENTS

By Brandon Spear, CEO, TreviPay   Business-to-consumer (B2C) payments started adapting to digital processes when consumer shopping habits began shifting...

Finance5 days ago

HOW TO BUY USDT AND AVOID THE HIGH VOLATILITY OF CRYPTO

Understanding and breaking down all the different types of crypto can feel like a huge task—there are so many variations...

Trending