Barely a day goes by without news of a new cybersecurity attack. The issue is more widespread than ever and the cybersecurity landscape has never looked more threatening than it does today especially in the financial services sector.
Recently banks and financial services companies were targets of coordinated cyber-attacks and were forced to reduce operations or shut down systems. This led Bank of England to issue guidelines to the financial organisations to issue guidelines to protect themselves from such possible attacks.
The problem is partly attributable to fact that the finance sector is perceived to be a high-value target and partly the result of the plethora of
communication channels we use and the pace at which they are evolving. Case in point: the prevalence of images on the Internet. The average size of a web page has grown six-fold, and 67% of that page is likely to be comprised of images. Chances are most cyber defence systems do nothing to combat threats concealed in images. Equally, the ubiquity of social media provides an ever-increasing number of routes through which malware can be introduced and used.
The other reason financial services organizations need to take a long hard look at their cyber-security defences is the levels of sophistication demonstrated by today’s cybercriminals. Yes, well-known and simple techniques are used every day to compromise organisations. But if those fail, cybercriminals will readily resort to the kind of sophisticated and evasive attacks that were once the preserve of government agencies.
Bottom line: the financial services sector is now under near continuous attack. With that in mind, here are four key focus areas for anyone in the sector intent on transforming their cyber security defences and thwarting even the most determined and sophisticated cyber-attacker.
Content is King
From documents and spreadsheets to images and PDFs, digital content is the carrier of choice for the cyber-threats used by today’s attackers. Regardless of the nature of the attack, in 99% of cases, it will start with the attacker attempting to infiltrate the organisation with an exploit concealed in seemingly innocuous business content. Virtually any piece of digital content, whether an Office document, PDF, or image can be used or “weaponised” in this way. Whatever the attack, from ransomware and identity crime to remote access and cryptocurrency mining, it will likely gain a foothold because it was introduced in weaponised content through regular internet usage.
It is therefore essential for businesses to look at how best to ensure that digital content can be handled safely. Here it’s important to acknowledge that, historically at least, the cyber-security industry has failed to deliver the levels of protection that a business might reasonably expect.
The vast majority of cyber-security defences operate using the principle of detection. Threats and exploits are identified by examining content for indicators (signatures) that suggest the presence of something malicious. The detection paradigm was effective to a point, but it has proved wholly ineffective in the face of ever more sophisticated threats that are constantly evolving and virtually always concealed in seemingly harmless business content.
In March of this year, industry analyst Gartner published a report entitled, “Beyond Detection: 5 Core Security Patterns to Prevent Highly Evasive Attacks”. The author called out Pattern 4: Content Transform as key to building defences that deal with the threat landscape going forward and financial sector organisations need to embrace this concept.
Transform your Defence
Content Transform defeats not only known but also ‘zero-day’ and unknown threats in content. Because it crosses the network boundary, it doesn’t rely on detection or “sandbox detonation”. Instead, it uses a unique process of transformation that ensures protection.
Transformation works by extracting the business information from the documents and images crossing the network boundary. The data carrying the information is discarded along with any threat. Brand new documents and images are then created and delivered to the user. Nothing travels end-to-end but safe content. Attackers cannot get in, and the business gets what it needs.
Transformation is the only way to ensure that threats are removed from content because it assumes all data is unsafe or hostiles. It doesn’t try to distinguish good from bad. It cannot be beaten; as a result security team satisfied because the threat is removed. Business teams is appeased because they get the information they need.
Image steganography is the covert hiding of data within seemingly innocuous image files. For instance, hidden content could be encoded in an image by subtly varying shades of colour – obscure to the naked eye – that when decoded reveal an entire customer database. Put the original, and the compromised image side-by-side and one would not tell them apart, but the latter is worth millions. The popularity of image steganography amongst cyber-attackers is on the rise – malware exploit kits, and malware-as-a-service offerings now include steganography as standard – and the reason for this is straightforward: image steganography is easy to implement and totally undetectable!
Image steganography has been used in Malvertising campaigns to extort money from thousands of users and bring reputable news sites to their knees. It has also been used in conjunction with social media tools to steal high-value financial assets with the criminals using innocuous images to mask a sophisticated Command and Control (CnC) channel over which the data could be exfiltrated without the theft being detected.
Existing perimeter web defences (web gateways and firewalls) cannot protect businesses from exploits concealed in images using steganography. The presence of the exploit has no signature and is completely undetectable. Fortunately transforming the content does provide a defence as the image is completely re-written and subtly changed, destroying whatever was concealed in the picture. If the organization is not using content transformation and social media is allowed into the corporate network, it must be kept away from sensitive data and systems.
As the financial sector comes to terms with the current threat landscape, it is imperative that organizations re-evaluate their defences, understand that detection is not the answer and formulate a strategy for content transformation.
PASSWORDS, BIOMETRICS AND BEYOND
By: Hicham Bouali, Pre-Sales Director EMEA of One Identity, a specialist in identity and access management
At any given moment, millions of acts of authentication are performed around the world. Most often, by entering a password. More and more, however, are performed with biometrics or with the help of a unique object, specific to the user. And it’s not only humans who authenticate themselves: machines are doing it on a massive scale, too.
How did it all start? And where does it lead us?
In its simplest form, authentication is about proving a user’s identity. And the easiest way to do this is, of course, to agree on a “secret” shared between the user and the machine. This is the principle on which the good old password is based on, and the technique that was implemented by the first multi-user machines installed in universities (the first microcomputers, considered as single-user, obviously did not need this).
But quickly, the password showed its limitations. What happens when it is stolen? How can we be sure it cannot be easily guessed? Why do we do when users choose weak passwords or forget them?
To overcome these limitations, a whole market of dedicated tools has developed, from the password safe (which allows to store passwords on one’s computer in a secure way) to HSMs (electronic boxes that generate highly random passwords), through SSO (connecting to different applications with a single password). Organisations started adopting these tools and developed their own policies around passwords.
As long as this remained limited to the walls of the company, it was still possible to manage a wide range of support solutions. But when the Web opened the floodgates, things became more complex: millions of users were able to access tens of thousands of online services asking for a password. Databases containing several million passwords could be stolen and identities could be usurped. And criminals were very quick at realising that, for the sake of convenience, Internet users sometimes reuse the same identifier, which accentuates the problem.
In short, the Internet has clearly shown that the reign of the password is coming to an end.
The end, really? Not exactly… Because the password still maintains two great advantage: the ease of use and its relative ease of implementation.
However, the Internet ecosystem has started to look for alternatives. With the advent of social networks, a few web giants have notably tried to propose a common authentication standard, which would allow anyone with an account on a social network to authenticate on other websited (the principle of federating identities using standards such as OAuth). It doesn’t quite solve the problem, but it does benefit ease of use.
At the same time, multi-factor authentication, which is still considered one of the most effective means of strengthening passwords, has emerged. By sending the user a very short-lived validation code (OTP : One time Password), by SMS for example, we ensure that even if the password has been stolen, the attacker will not have access to the associated phone and will therefore be unable to complete the authentication process. This worked until we realised that text messages were never designed for this, and the industry now turns almost exclusively to validation codes based on time synchronization with the server, generated on a hardware device such as RSA SecurID or a software device via a smartphone application.
Smartphone manufacturers have also (finally) managed to make biometrics authentication available and usable by anyone by introducing fingerprint and face recognition. This made it possible to equip a large part of the population with a second, truly powerful authentication factor. The password is thus still present, but solidly reinforced by biometric authentication or a single-use validation code. Progress has been made…
But in all this history, the industry has mostly adapted on a case-by-case basis, trying to overcome the weaknesses of the password. What is still missing is a true modern authentication standard that is easy to use, reliable and accessible to all. This standard could well be FIDO (Fast Identity Online), developed since 2012 by a consortium of tech giants including Amazon, Google, Facebook, Paypal, as well as Visa and Wells Fargo.
FIDO’s objective is not to make the password disappear (it is understood that it will always be useful) but to raise the other means of authentication to the same level of simplicity of deployment, in order to allow easy switching from one to the other. FIDO supports the use of passwords as well as biometrics (facial and digital), voice recognition and physical keys. Today, FIDO solutions enable strong authentication on a website or application at the touch of a button on a USB key inserted on the computer, while at the same time authenticating the service itself to protect users against phishing attacks.
Why is it so important to make all other authentication methods as easy to deploy as the password? Because during all this time, things were changing incredibly rapidly: applications were increasingly migrating to the Public Cloud, the perimeter was gradually disappearing, employees were increasingly working from unsecured networks with unsecured devices… So, it no longer makes sense to have to choose a single authentication method. Companies must be able to adapt dynamically to the authentication context (by taking into account the user’s identity in a broader risk analysis) in order to choose the right method at the right time.
The future of authentication is no longer in the methods themselves: the industry has made peace with the good old password and no longer intends to make it disappear at all costs, provided they have the choice! Rather, the future lies in the dynamic management of identities and authentication processes at the enterprise level, in a pragmatic way. Because yes, the password still has its use).
And that’s a new frontier!
DIGITAL FINANCE: UNLOCKING NEW CAPITAL IN DISRUPTED MARKETS
Krishnan Raghunathan, Head of Finance & Accounting Services at WNS, explores how a digitally transformed finance department can give enterprises the ability they need to improve cash flow and revenue through better use of data and improved analytics-driven visibility.
Businesses everywhere are scrambling to recover lost revenues and protect cash flow. But as countries globally grapple with a dreaded second wave of the pandemic, imposing far more stringent localised lockdowns and new restrictions, it is set to be the hardest winter in living memory for many sectors.
The likelihood of winter peaks, so often the saviour of sectors such as travel and hospitality, benefitting businesses is diminishing rapidly. While many have pivoted to a greater or lesser degree, few have been able to offset the impact of falling revenues on cash flow. Even retail, riding an e-commerce boom in many regions, is finding itself in choppy waters, with 17 percent of consumers switching brands due to the economic pressures and changing priorities caused by the pandemic.
As one McKinsey article notes, “With some companies losing up to 75 percent of their revenues in a single quarter, cash isn’t just king – it’s now critical for survival”. Where then do businesses find new sources of cash to sustain their operations through the coming months?
Tapping Overlooked Cash Opportunities
For many, the answer could depend on whether they have digitally transformed their finance department. Why? Because many organisations are sitting on unidentified opportunities, funds that could be vital in shoring up businesses over the next few months or plugging the gap between operating costs and government bailouts. Yet those that have been slow to start their digital transformation journey are at a disadvantage;. At the same time, it is possible to identify these hidden seams in an analogue organisation, the process is time-consuming, manually intensive and, without the right digital tools, prone to human error.
Where deploying digital tools helps is by bringing speed, automation and reliable data to the fore. Connecting them with digital finance and accounting systems can give businesses clear insights into how money is being spent, where wastage is occurring, and where opportunities for optimisation exist.
It might be something as simple as automating the accuracy checking, issuing and chasing of invoices and late payments. This could reduce errors and invoice disputes and ultimately lead to faster payments. Accuracy and organisation are also important in billing – better records enable faster billing for work completed, and in turn, should deliver quicker payments.
It could also be around having the ability to review the supply chain and procurement data and identify where a supplier is subsidising a larger customer’s product line through drawn-out payment terms, or where a variety of vendors are on different terms across the business. Using that data and overall knowledge of the business to negotiate better terms that work for both supplier and customer can create new opportunities. It could even be to identify late-paying customers, determine the reason for late payments, and use that intelligence to develop products or financing solutions that continue to support those customers (and improve loyalty) without increasing the burden on the balance sheet.
Generating Reliable Insights for Faster Decision-making
To do any of these manually would take months, generating data slowly that would quickly go out of date. But digital finance departments have evidence they can trust to inform business decision-making. That’s because old, manual processes built around Order-to-Cash lack the flexibility and agility that businesses require in today’s markets. The fact is that even before the global pandemic crisis, the pace of digitisation across all sectors was demanding new approaches to finance and book balance.
The opportunities are significant – from cognitive credit and improved forecasting accuracy to enhanced customer analytics. All use similar tools, based on artificial intelligence and quality, trusted data. Cognitive credit can be deployed to quickly make decisions on whether to advance or restrict credit, based on individual company positions and available data. Doing so enables businesses to either capitalise on opportunities (for instance, agreeing credit for a supplier that has run out but is a supportive and integral partner) or avoid risk (in the cases where a business might be in administration).
With more accurate forecasts, businesses can better manage their currency purchases and deposits, selling currency that is not required or buying more where predictions identify an upcoming demand.
It is the same with customer analytics – with a greater understanding of customer needs, businesses can make decisions based on the right mix of the product (and how it meets demand) and supply chain suitability (such as production costs and location in relation to customers).
In many ways, the events of the past year have accelerated the process. In doing so, the problem is the pandemic has also accelerated the speed at which failure to act can lead to obsolescence. Therefore, it is vital that businesses, and more particularly their finance and accounting departments, kick start their digital transformation. This will enable them to deploy the tools and analytics that is needed to capture data, generate insights and drive fast, accurate decision-making to uncover previously untapped sources of cash and reverse revenue degradation.
The Importance of Digitally Enabled Finance Teams
Forward-thinking CFOs have already begun the process of digitising their departments, but for those that have been slow to start, now is the time to push forward. It is only through digital tools and analytics that finance leaders can identify both the internal and external opportunities to recover revenue and improve cash flow. Whether that’s releasing working capital, minimising revenue loss and accelerating revenue recovery, reducing total cost of ownership or enhancing customer retention – only digitally enabled finance teams will be in a position to capitalise and, ultimately, bolster business performance during what will be a trading period like no other.
About the author: Krishnan Raghunathan
Krishnan Raghunathan is the head of Finance & Accounting (F&A) practice and operations at WNS. He also leads the international delivery locations in China, Costa Rica, Spain, Sri Lanka, Romania, The Philippines, Poland and USA.
Prior to this, Krishnan was Chief Capability Officer for WNS, in that role he headed Horizontal practices across Finance & Accounting, Customer Interaction Services and Research & Analytics, Transformation & Process Excellence, Program Management (Transitions) and Solutions development.
He has more than 27 years of experience across Finance & Accounting, Business Process Management, Sales Solutions and Capability functions including 7 years in Accounting practice.
Before joining WNS in 2013, Krishnan led several challenging roles at Genpact, supporting strategic deals and consultative selling. In addition, Krishnan was also the business leader for a number of industry verticals at Genpact, including hospitality, transportation, logistics, media and professional services
Krishnan is a Chartered Accountant, a Certified Six Sigma Green Belt and a trained Six Sigma Black Belt
ONE IN FIVE INSURANCE CUSTOMERS SAW AN IMPROVEMENT IN CUSTOMER SERVICE OVER LOCKDOWN, RESEARCH SHOWS
SAS research reveals that insurers improved their customer experience during lockdown One in five insurance customers noted an improvement...
PASSWORDS, BIOMETRICS AND BEYOND
By: Hicham Bouali, Pre-Sales Director EMEA of One Identity, a specialist in identity and access management At any given...
AVATRADE NOW SUPPORTING DEPOSITS VIA PAYPAL AND RAPID TRANSFER
AvaTrade continues to grow its customer offering by adding PayPal and Rapid Transfer to its supported payment methods. AvaTrade’s customers...
GOING GLOBAL: 7 TIPS TO GET STARTED
The idea of selling your products or services to new markets across the globe is an attractive prospect for any...
KASHFLOW AND YAPILY PARTNER TO SUPPORT SMES WITH DIGITAL BOOKKEEPING AND CASH FLOW MANAGEMENT
KashFlow continues its mission to provide SMEs and accountancy firms with software that keeps bookkeeping easy to understand and even...
WHY HIGH NET WORTHS SHOULD BE LOOKING AT ANGEL INVESTING IN A NEGATIVE INTEREST RATE ENVIRONMENT
By Oliver Woolley, Envestors As England gets through its second lockdown, Bank of England policymakers report the UK we...
VIVA WALLET SUPPORTS E-COMMERCE GROWTH THROUGH ITS MARKETPLACE SOLUTION
Viva Wallet’s PSD2-compliant payment solution for online marketplaces removes the requirement for them to become licensed providers of regulated payment services. Viva Wallet is able to handle the streamlined processing of customer transactions through a PSD2-compliant escrow account...
REDUCING FRICTION ONLINE HAS BECOME BUSINESS CRITICAL
Andrew Shikiar, Executive Director at the FIDO Alliance The global pandemic has pushed the importance of remote access and authentication...
QUICK FIXES TO LOWER YOUR CAR INSURANCE
Car insurance is something we all have to pay for, no matter how much we despise it. However, it’s not...
ALL-SEASON TYRES AND HOW TECHNOLOGY IS CHANGING THE FUTURE OF TRANSPORT
Avid vehicle enthusiasts will likely know that summer and winter tyres are developed from different rubber compounds which work at...
EQUIPPING YOUR TEAM WITH THE SKILLS TO MANAGE THE CHANGING LANDSCAPE
By David Wharram, CEO of Coast Digital For businesses to emerge from the COVID-19 pandemic stronger than ever, companies...
BANKING ON THE FUTURE: WHY PAYMENTS TRANSFORMATION IS THE KEY TO SUCCESS
Simon Wilson, Co-Head, Payments at Icon Solutions Standardisation, regulation and technological innovation means payments are well on the way...
DIGITAL FINANCE: UNLOCKING NEW CAPITAL IN DISRUPTED MARKETS
Krishnan Raghunathan, Head of Finance & Accounting Services at WNS, explores how a digitally transformed finance department can give enterprises...
DATA DILEMMAS IMPACTING ESGS
Mario Mantrisi, Chief Strategy and Knowledge Officer, Kneip It’s been well documented over the past few months that the...
SIX PILLARS FOR A SUCCESSFUL CLOUD
by Giuseppe Paternò, IT Infrastructure Architect, Security Expert, and Cloud Solution Guru COVID-19 pandemic is pushing many companies to...
MARQETA CONTINUES EUROPEAN GROWTH, SIGNING THREE NEW DIGITAL BANKING CUSTOMERS
Marqeta is supporting the development and launch of three new digital banks across the UK and Europe Marqeta, the...
TECHNOLOGY IS OUR FIRST DEFENCE AGAINST MONEY LAUNDERING
Jesse Chenard, CEO of MonetaGo Fraud is an age-old problem that has plagued every industry since businesses began trading. It...
STOCARD BUILDS ON SUCCESS AS IT EXPANDS STOCARD PAY TO FOUR MORE EUROPEAN COUNTRIES
Stocard, the leading European mobile wallet with over 50 million users, launches its payment functionality, Stocard Pay, in Germany, France,...
3 KEY DIGITAL MARKETING TRENDS FOR 2021
– Emma Digital marketing is an industry where the trends are changing on a daily basis, meaning those in the...
SBER ANNOUNCES PARTICIPATION IN A PRIVATE EQUITY FUND
Sber in cooperation with a leading Middle East sovereign wealth fund announces its commitment as a cornerstone investor into an...