Connect with us

Technology

Cyber Security – Time to Transform your Defence

Barely a day goes by without news of a new cybersecurity attack. The issue is more widespread than ever and the cybersecurity landscape has never looked more threatening than it does today especially in the financial services sector.

Recently banks and financial services companies were targets of coordinated cyber-attacks and were forced to reduce operations or shut down systems. This led Bank of England to issue guidelines to the financial organisations to issue guidelines to protect themselves from such possible attacks.

The problem is partly attributable to fact that the finance sector is perceived to be a high-value target and partly the result of the plethora of

Dr Simon Wiseman

communication channels we use and the pace at which they are evolving. Case in point: the prevalence of images on the Internet. The average size of a web page has grown six-fold, and 67% of that page is likely to be comprised of images. Chances are most cyber defence systems do nothing to combat threats concealed in images. Equally, the ubiquity of social media provides an ever-increasing number of routes through which malware can be introduced and used.

The other reason financial services organizations need to take a long hard look at their cyber-security defences is the levels of sophistication demonstrated by today’s cybercriminals. Yes, well-known and simple techniques are used every day to compromise organisations. But if those fail, cybercriminals will readily resort to the kind of sophisticated and evasive attacks that were once the preserve of government agencies.

Bottom line: the financial services sector is now under near continuous attack. With that in mind, here are four key focus areas for anyone in the sector intent on transforming their cyber security defences and thwarting even the most determined and sophisticated cyber-attacker.

Content is King

From documents and spreadsheets to images and PDFs, digital content is the carrier of choice for the cyber-threats used by today’s attackers. Regardless of the nature of the attack, in 99% of cases, it will start with the attacker attempting to infiltrate the organisation with an exploit concealed in seemingly innocuous business content. Virtually any piece of digital content, whether an Office document, PDF, or image can be used or “weaponised” in this way. Whatever the attack, from ransomware and identity crime to remote access and cryptocurrency mining, it will likely gain a foothold because it was introduced in weaponised content through regular internet usage.

It is therefore essential for businesses to look at how best to ensure that digital content can be handled safely. Here it’s important to acknowledge that, historically at least, the cyber-security industry has failed to deliver the levels of protection that a business might reasonably expect.

Ditch Detection

The vast majority of cyber-security defences operate using the principle of detection. Threats and exploits are identified by examining content for indicators (signatures) that suggest the presence of something malicious. The detection paradigm was effective to a point, but it has proved wholly ineffective in the face of ever more sophisticated threats that are constantly evolving and virtually always concealed in seemingly harmless business content.

In March of this year, industry analyst Gartner published a report entitled, “Beyond Detection: 5 Core Security Patterns to Prevent Highly Evasive Attacks”. The author called out Pattern 4: Content Transform as key to building defences that deal with the threat landscape going forward and financial sector organisations need to embrace this concept.

 

Transform your Defence

Content Transform defeats not only known but also ‘zero-day’ and unknown threats in content. Because it crosses the network boundary, it doesn’t rely on detection or “sandbox detonation”. Instead, it uses a unique process of transformation that ensures protection.

Transformation works by extracting the business information from the documents and images crossing the network boundary. The data carrying the information is discarded along with any threat. Brand new documents and images are then created and delivered to the user.  Nothing travels end-to-end but safe content. Attackers cannot get in, and the business gets what it needs.

Transformation is the only way to ensure that threats are removed from content because it assumes all data is unsafe or hostiles. It doesn’t try to distinguish good from bad. It cannot be beaten; as a result security team satisfied because the threat is removed. Business teams is appeased because they get the information they need.

Picture This

Image steganography is the covert hiding of data within seemingly innocuous image files. For instance, hidden content could be encoded in an image by subtly varying shades of colour – obscure to the naked eye – that when decoded reveal an entire customer database. Put the original, and the compromised image side-by-side and one would not tell them apart, but the latter is worth millions. The popularity of image steganography amongst cyber-attackers is on the rise – malware exploit kits, and malware-as-a-service offerings now include steganography as standard – and the reason for this is straightforward: image steganography is easy to implement and totally undetectable!

Image steganography has been used in Malvertising campaigns to extort money from thousands of users and bring reputable news sites to their knees. It has also been used in conjunction with social media tools to steal high-value financial assets with the criminals using innocuous images to mask a sophisticated Command and Control (CnC) channel over which the data could be exfiltrated without the theft being detected.

Existing perimeter web defences (web gateways and firewalls) cannot protect businesses from exploits concealed in images using steganography. The presence of the exploit has no signature and is completely undetectable. Fortunately transforming the content does provide a defence as the image is completely re-written and subtly changed, destroying whatever was concealed in the picture. If the organization is not using content transformation and social media is allowed into the corporate network, it must be kept away from sensitive data and systems.

As the financial sector comes to terms with the current threat landscape, it is imperative that organizations re-evaluate their defences, understand that detection is not the answer and formulate a strategy for content transformation.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

MAINTAINING SECURITY: NOT SOMETHING TO LOSE CUSTOMERS OVER

investing

By Philipp Pointner, Chief Product Officer of Jumio

 

They say it takes 60 days to make or break a habit. With the UK having spent over 100 days in lockdown, old habits have changed and new ones have formed. While restrictions are starting to ease, these habits will stay with us, including how we choose to manage our finances. While prior to the pandemic, we may have gone to the bank regularly to deposit a cheque, change our bank account or open a new one, this habit has now been broken, putting the role of the branch in question.

Well before the outbreak of COVID-19, bank branches were closing in large numbers. More than a third of the UK’s bank branches have shut for good in less than five years, while hundreds of those that remain have reduced their business hours.

These macro changes in how we interact with our finances impacts financial institutions, which have had to adapt to allow current and prospective customers to access services remotely with the same level of security. Digitalisation in banking has been happening for years, but the global pandemic has significantly accelerated these efforts. While newer challenger banks have a reputation for faster sign-ups and seamless customer experience, security remains a top concern, particularly when the annual value of online banking fraud losses eclipsed £112 million in 2019.

Fraud detection measures have a reputation for making the customer experience worse. How can we preserve the user experience without compromising online security?

 

Philipp Pointner

The best experience vs. the best security

Top security at the account sign-up stage is essential, yet nearly half (48%) of all fraud value stems from accounts that are less than a day old. Experian’s 2020 Global Identity and Fraud Report found that account opening and account takeover are responsible for higher losses than any other type of fraud. The account onboarding process is one that carries many risks — financial, regulatory, and reputational — when identifying the true identity of a customer, especially when not done in person.

In ensuring fraud detection, measures with incremental friction are often put in place to keep identities secure. However, too much friction can be problematic, with nearly 40% of potential new customers quitting onboarding processes which are too time-consuming and onerous. This level of abandonment represents a significant cost for financial institutions. With friction having such an impact on conversion rates, there are lessons traditional banks can learn from their challenger counterparts when it comes to customer experience.

 

How do we solve this?

For many consumers digital banking is not new, but the global pandemic has forced others to try digital banking for the first time because there are no other options. How many of these consumers will return to a physical branch when lockdowns are lifted?

When onboarding, whether online or in branch, banks perform the same set of steps even though the process differs. While banks are required to perform the necessary due diligence as part of their KYC obligations, many of the onboarding steps required in-branch can be automated, streamlined and simplified to deliver a better customer experience.

Face-based biometrics have the power to help banks strike the right balance between customer experience and security when it comes to digital verification. When a customer goes to set up an account, the bank asks them to take a picture of their government-issued ID (e.g., driver’s license, passport) and a corroborating selfie. This process determines if the ID is authentic and if the person in the selfie matches it.

To make this process even more secure, online solutions are now embedding certified liveness detection in the selfie-taking process to make sure that the customer is not attempting to spoof the system with a deepfake video or a picture of a picture. By leveraging biometrics and AI, an accurate verification decision can be made in a matter of seconds, which dramatically lessens the friction and frustration experienced by most online customers.

 

Going beyond onboarding

With over 60% of financial institutions experiencing an increase in fraud volume over the last few years, and cyber fraud as the primary concern, top-end security needs to go beyond the onboarding stage.

Face-based biometrics can also serve as the answer to ongoing authentication. During the initial identity verification process, better online solutions create a 3D face map, containing over 100 times more liveness data than a 2D photo. When a future authentication is required, for example, when a customer tries to reset their password or initiate a wire transfer, the customer is asked to take a new selfie, during which a new 3D face map is created. This face map is compared to the original and authorises the transaction in seconds with a significantly higher level of identity assurance.

This holistic approach is required now more than ever, with fraudsters taking advantage of the surge to digital.

 

So, what next?

Digitalisation is no longer just an important priority — it must be a primary focus for all regulated financial institutions. When lockdowns were announced all around the world, challenger banks were better prepared to support their customers online, but while they may have had an advantage at the start, it doesn’t need to stay that way. With the extraordinary power of face-based biometrics and AI, financial institutions can level the playing field by delivering an online experience that balances account security and customer usability.

 

Continue Reading

Finance

GO DIGITAL OR GO HOME: COVID19 FORCES FINANCIAL INSTITUTIONS TO ACCELERATE DIGITAL TRANSFORMATION

By James Follette, Global Head of Commercial, Business and Retail Banking

 

The pandemic has forced financial institutions to “go digital or go home,” driven by a record growth in the number of clients that have been onboarded digitally. In fact, a recent survey found that since the pandemic, there has been a 15 percent increase in the opening of online accounts.   Simply put, if a bank is unable to onboard customers digitally today or in the near-future, they will struggle to keep pace with their competitors.

Prior to the pandemic, financial institutions had been falling behind when it came to digital transformation, only increasing resources to address emerging concerns. The current situation has brought to light that financial institutions lack the technology to onboard customers remotely. Many are struggling to operate with reduced staff and closed branches, security issues, and customer service concerns, while also meeting Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements.

In the US, this became especially important as many small businesses sought to access critical funding provided for under the CARES Act, such as the Payment Protection Program (PPP). As a result of widespread closures, it was no longer possible to apply for a loan or open a business account with a financial institution in person and many financial institutions were unable to onboard new customers remotely. However, by implementing digital onboarding processes, financial institutions enable customers to access services remotely while meeting compliance obligations.

The COVID-19 pandemic further highlights how imperative it is to leverage the use of digital technology in support of client onboarding processes, allowing them to operate completely digitally. With technology and increased automation, manual processes can be more streamlined and drive efficiencies across the spectrum. Advanced technologies and capabilities such as natural language processing (NLP), machine learning (ML), optical character recognition (OCR), and Identification and Verification (ID&V) technology enable financial institutions to collect client data by extracting the required information and text from scanned documents, which can then be cross-referenced against other data sources internally and externally.

The pandemic is highlighting the need for financial institutions to accelerate their digital transformation strategies or risk being outpaced by digital-first competitors. It also highlights how, in times like these, remaining vigilant to emerging financial crime risks needs to remain a top priority, and how digitisation can help to ease some of the operational challenges. This technology is no longer a ‘nice to have’, but rather a necessity to address inefficient data management, enhance customer service and ensure the detection and prevention of financial crime.

For any financial institution considering investing in new technology solution to keep up with evolving market demands, here are five things to look for. It needs to be:

  1. Flexible and Pluggable – In order to counteract the rigid, immovable legacy technology, the solution needs to be flexible. It will need to integrate seamlessly to any systems, whether it be from the core financial institution’s provider or the financial institution’s own IT. Smaller technology solutions tend to be more agile and able to react quickly to new challenges and needs from the financial institution. This flexibility will allow the financial institution to adapt quickly to new launches from their tech provider, new regulations the financial institution needs to abide by, other leading-edge solutions and any unforeseen challenges along the way.
  2. Industry-Focused – For smaller financial institutions, the personal and collaborative approach is everything. They speak to their customers face-to-face and hear their issues first-hand and many financial institutions may have similar burdens to face. Find a solution that aligns with the company’s values and how it works with clients.
  3. Digitally Enabled – It goes without saying that the digital experience is becoming synonymous with the customer experience. If financial institutions want to keep up with the industry behemoths, they will need to adopt a more digital approach to complement their customer-centric values.
  4. Configurable – The long waiting times for innovation upgrades from core financial institution providers is a massive pain point. A solution that allows financial institutions to make their own edits cuts down on time and cost, creating a path to self-sufficiency.
  5. Forward Looking – We all know the stories of institutions being dependent on legacy platforms build with 90s technology. It’s important that any solution that is selected has a forward looking roadmap with a proven record of delivery.  Innovation is moving to quickly to be stuck on a platform only focused on the past or the present.

Financial institutions of any size, and within any sector, need to recognise that introducing technology-enabled client onboarding solutions will give them the best possible chance of meeting the continuing market and regulatory challenges ahead. They need to put in place the right technology in place and provide a more efficient client channel, early deliverables, and the agility required to respond to evolving market conditions.

 

Biography:

With over 15 years’ experience in the financial services industry, James Follette joined Fenergo as Global Head of Commercial, Business and Retail Banking in December 2018. James will oversee the division’s go-to-market strategy, drive the product roadmap development while ensuring current and prospective client needs are fully met within his division. Before joining Fenergo James held roles at Citibank, IBM and other global consulting firms where he was responsible for implementing client onboarding technologies, leading digital transformation initiatives and overcoming regulatory challenges. James holds a Bachelor of Business Administration by the SUNY University at Albany.

Continue Reading

Magazine

Partner Events

Trending

Wealth Management2 days ago

HOW SALARY SLIPS HELP YOU UNDERSTAND TAX DEDUCTIONS ON YOUR SALARY

A salary slip is defined as a document that is provided by your employer which contains the breakdown of your...

Banking2 days ago

BRANCHES ARE THE HUMAN FACE OF YOUR BANK?

Sudeepto Mukherjee, Senior Vice President, Financial Services Lead EMEA & APAC Publicis Sapient   Branches have always played a pivotal...

News2 days ago

RISE IN E-COMMERCE FOR SMALL BUSINESSES IS A BIGGER RISK THAN JUST STOCK CONTROL

With consumer confidence in the high street at an all-time low, many SME shops and businesses have moved to online...

Finance2 days ago

TIME TO FOCUS ON YOUR ‘WEALTHBEING’

Tony Mudd, Divisional Director, Development & Technical Consultancy. St James’s Place   FIVE WAYS TO SAFEGUARD YOUR FINANCIAL FUTURE The...

COVID-19 COVID-19
Finance2 days ago

PAYROLL AGILITY IN THE CORONAVIRUS CRISIS – HOW FINANCE FIRMS CAN ACHIEVE IT

by Hannah Grimshaw, BPO Payroll Lead, Symatrix   The government has published guidance with regards to the next steps for...

Business2 days ago

WHY IT’S TIME TO ADAPT TO THE VIRTUAL WORLD: HOW TO MASTER ONLINE NEGOTIATIONS

By Tony Hughes, CEO at Huthwaite International, a leading global provider of sales, negotiation and communication skills development   Virtual...

News3 days ago

BNP PARIBAS PERSONAL FINANCE COLLABORATES WITH EXPERIAN AND ARYZA TO HELP CUSTOMERS THROUGH THE COVID-19 PANDEMIC

The consumer finance specialist will be using the Open Banking tool to help customers create an affordable payment plan based...

News5 days ago

NUAPAY BRINGS OPEN BANKING TO 190M FRENCH ACCOUNTS

Nuapay brings Open Banking payments into Europe following its success in the UK Nuapay is connected with 55 banks, enabling...

Finance5 days ago

REDUCING AGENT CHURN IS CENTRAL TO IMPROVING THE CUSTOMER CARE OF FINANCIAL SERVICES FIRMS

By Jonathan Mobbs, Head of Finance Vertical at Maintel   In recent months contact centres have been forced to turn...

News6 days ago

FOUR MEDIA EVENTS THAT ROCKED THE FINANCIAL MARKETS

The media has incredible influence over many facets of life and the financial markets are no exception. A famous study...

Wealth Management6 days ago

DIFFERENCE BETWEEN BITCOIN AND LITEBITCOIN

When you get closer to the world of cryptocurrencies, it is not uncommon to confuse reference assets due to the...

Top 106 days ago

BITCOIN TRADING – DETERMINING THE TREND

The trend is your friend – this rule is fundamental in technical analysis. This is why, before you start trading...

Top 106 days ago

BITCOIN TRADING – LEVERAGE

In the case of cryptocurrencies, there is volatility. Even for some more conservative traders, this may be overkill. Therefore, before...

News6 days ago

TRADECORE LAUNCHES NEW PLATFORM IN THE UK TO HELP FINTECH START-UPS INNOVATE AND GET TO MARKET FASTER

The platform provides a one-stop shop for the technology and ecosystem needed to build and launch new fintech businesses, reducing...

SOFTWARE SOFTWARE
Banking6 days ago

STRANGE NEW WORLD: WHAT NEXT FOR BANKS?

Simon Wilson, Director, Payment Solutions, Icon Solutions   What’s next for banks in this strange new world we find ourselves...

News6 days ago

RESPONSIBLE AND HUMAN BUSINESS PRACTICES ARE MORE IMPORTANT THAN EVER;

78% of directors believe customers are paying more attention to responsible business practices since pandemic   New research from Gobeyond Partners,...

Top 106 days ago

TIME TO TAKE A SECURITY-FIRST APPROACH TO APIS IN INSURTECH

By Olaf van Gorp, Perforce Software   Insurance is one of the latest sectors to start to benefit from advancements...

News6 days ago

ETRADING SOFTWARE INCREASES THE BREADTH OF ITS MANAGED SERVICE OFFERINGS

Expanding its operations in Europe and Asia with additional hires Etrading Software, the independent, global provider of technology-led solutions designed...

Top 107 days ago

ANTICIPATING CYBER THREATS AND PROTECTING DIGITAL ASSETS AMID A GLOBAL PANDEMIC

Brian McCann, President Security Solutions, Neustar   The best possible outcome for any cyber threat aimed at your network –...

Wealth Management2 weeks ago

MANAGING VOLATILITY: HOW TO PROFIT FROM STOCKS WITHOUT COMING UNSTUCK

Dáire Ferguson, CEO, AvaTrade   The last few years have provided us with a series of unpredictable political and social...

Trending