Connect with us

Wealth Management

HARVEST NOW, DECRYPT LATER

Published

on

EMAIL PHISHING: BETTER BE SAFE THAN SORRY

It is now inevitable that the encryption algorithms used to secure vital data across the world – from defence and banking to infrastructure and air travel – will be breached. With the escalation in computing power enabled by quantum technology, the question is not if, but when potentially devastating breaches will occur.

With ‘harvest now, decrypt later’ hacking strategies currently in progress, criminals are banking on the power of quantum computing to allow them to unlock huge data resources. The onus is on companies not just to consider the future quantum threat but to determine how best to protect current resources today.

 

Paul German, CEO, Certes Networks, explains the risk associated with bulk encryption strategies and the importance of crypto-segmentation in reducing criminal exposure to data in a post-quantum world.

 

Quantum Leap

Quantum computing is edging ever closer to reality, with venture capitalists investing almost $1.02 billion in quantum computing start-up companies this year alone. While there is huge excitement around the step change in AI performance, for example, that quantum compute power could unleash, the security implications are potentially devastating.

Security experts globally expect quantum computers to herald the breach of the asymmetric cryptography used globally to secure everything from defence to infrastructure. While classical compute power would take billions of years to execute Shor’s Algorithm, which is proven to break the encryption methods currently in place, the arrival of a quantum computer of sufficient size and complexity totally changes the game.

For companies reviewing security strategies, this post-quantum security threat is not in the future; it is not about considering how to respond as and when quantum computing becomes available. Criminal organisations globally are embarking upon mass data harvesting & breach schemes today on the basis that even though the information cannot be immediately decrypted, at some point in the future, access to quantum compute power will unlock these information resources. Systems are at risk – not in the future, but today.

 

Time and Data

While securities bodies across the world, including Open SSL, are working hard to develop new quantum-proof algorithms, no organisation can afford to wait. Changes need to – and moreover can – be made today to safeguard current data resources and reduce the decryption risk posed by quantum computing. What is required is both a change in mindset and a change in technical approach to the solutions already available.

A key step is to minimise the value of ‘harvest now, decrypt later’ strategies by reducing the amount of ‘usable’ data collected during a breach. During many recent attacks, criminals have been able to spend months collecting data – and although it is encrypted, they had the time (often months) to access vast data sets. This enabled them to build up enough knowledge about the encryption algorithm being used to know that, once they have the opportunity to use quantum computing, they will be able to break the key and have full access to the entire data resource.

The priority today to is to institute data securities policies that radically reduce the time and data available to criminals.

 

Crypto-segmentation

Many organisations are starting to adopt micro-segmentation as part of their data security policies. While this is a step in the right direction, unless they are also applying cryptography, ultimately data harvesting is still very real threat.

It is also vital to recognise the inherent risk associated with the bulk encryption model: using the same encryption key, however strong, to protect all data resources is not a robust policy. Once in, a criminal has one data set to work with; one encryption key to identify.

The concept of crypto-segmentation, however, is based on a far more nuanced approach to protecting data, defining different data classes for each data type and protecting each class with its own encryption algorithm and encryption key.

In addition to creating multiple data classifications, regular rotation of the encryption keys used for each class will also hugely limit a criminal’s time with any data set. If keys are being rotated every hour, for example, anyone capturing the data has minutes, not months, to work on a data set.  That means minutes to understand the data; to determine which data packets belong to which data classification; group the data sets together to create a sample; identify the encryption used for each data class and then reverse engineer the keys.  Plus, with very small sample sizes in each data class, it becomes incredibly difficult to crack the keys being used.

 

Incorporating New Standards

The next generation of post-quantum encryption standards are being developed. But this is a challenge that will never disappear – especially for security agencies that are required to retain data for decades. With the phenomenal growth in computer power, tomorrow’s ground breaking algorithm will be easy to break in five, ten, 20 years’ time – however smart the algorithm, no organisation can risk the reliance on one encryption key.

Bulk encryption is inherently flawed, which means organisations must maximise the value of an array of standard encryption algorithms. Using crypto-segmentation and key rotation is an important step; significantly increasing protection against the quantum threat even with current encryption algorithms. As and when new post-quantum encryption standards are introduced, they can be incorporated into this model to maximise the organisation’s protection.

 

Conclusion

This threat is not the future; it is happening today. ‘Harvest now, decrypt later’ breaches are occurring right now. Quantum compute services in the cloud are offering criminals the chance to buy a slice of quantum power. Algorithms will continue to evolve and improve; criminals will continue to gain access to ever more powerful computers. By creating multiple data classes and using regular key rotation, not only is the limited data set harder to decrypt but it also likely to offer far less value; value outweighed by the enormous cost of quantum compute power.

 

Wealth Management

Keeping Cyber Insurance Premiums Down with Deep Observability

Published

on

By

By Mark Coates, VP EMEA, Gigamon

There is no doubt that the cyber insurance industry has experienced something of an evolution in the last five years. As the threat landscape has changed beyond recognition, so have the risk management strategies aimed at staying ahead of cybercriminals. The result is an exponential rise in premiums: 85% of cybersecurity business decision makers saw an increase in their cyber insurance premiums over the past 12 months, and 82% of insurers are expecting these rises to continue. Given that cyber insurance makes up a key component of many cybersecurity and business continuity plans, what can organisations do to keep premiums down while maximising coverage?

The key is to improve proactive protection and to embrace deep observability – employing real-time, network-level intelligence to track activity across a network. Deep observability provides IT and security teams with the ability to amplify the power of their current log and trace-based monitoring tools, rapidly detect suspicious activity and act accordingly. Achieving this ‘single source of truth’ also helps to reduce complexity and cost – a crucial benefit as premiums continue to rise and we enter a tougher economic climate.

Where it began

Against the backdrop of increasing cybercrime, the ‘NotPetya’ attack was a landmark cyber-threat for various reason. Perhaps most significantly it signalled the beginning of cyber insurance premium rises. Launched in 2017, NotPetya was a malware launched as part of a Russian state-sponsored cyberattack campaign targeting Ukrainian IT infrastructure. Beyond financial setbacks for global organisations, NotPetya’s proliferation caused the drastic rise of premiums and lowering of coverage limits, as insurers adjusted their policies to reflect the changing cyberthreat landscape.

Since then, a global pandemic and the subsequent shift to home or hybrid working created a perfect storm for the rise of ransomware. This form of cybercrime can cause such large-scale and financially destructive consequences that insurers have had no option other than hike up prices for more vulnerable businesses in order to stay profitable.

Zero Trust is an essential

With challenges comes opportunity. This upending of the cyberthreat landscape serves as a potential catalyst for organisations across verticals to optimise their cybersecurity.

According to the recent Gigamon State of Ransomware report, phishing and malware were the top routes for ransomware attacks in 2022. Cloud applications were also cited as a common ransomware attack vector, particularly by those in the UK. Protecting against a misconfigured cloud or human error isn’t the job of cyber insurance – this should be reserved to cushion the financial blowback in the event of a breach. Instead, enterprises must proactively take steps to bolster their security posture.

This includes ensuring all access across digital infrastructure is authenticated. Trust is earned, not freely given in this threat landscape. A Zero Trust architecture – which requires authentication of all users regardless of their position in an organisation – helps prevent unauthorised access and works to restrict suspicious lateral movement across a network. Fortunately, it’s now a topic regularly discussed in Boardrooms. Across EMEA in particular there is growing confidence that organisations will be able to implement this architecture in the next few years (51% agreed in 2020, compared to 83% in 2022). To get there, however, deep observability is a critical foundation; you simply cannot manage and grant access to what you cannot see.

A single source of truth

Threat actors can bypass SIEMs and endpoint detection and response tools, yet they will always leave a metadata trail. This is why deep observability is so crucial to cybersecurity. It grants security operations (SecOps) teams the ability to analyse this metadata, spot suspicious behaviour and take the appropriate steps to mitigate an intrusion before it escalates. Such enhanced visibility and control are crucial for maximising the efficacy of Zero Trust architecture and fostering a security-first approach within an enterprise.

With premiums so high, organisations also undoubtedly want to turn to solutions that provide ROI as well as better security. As more tools come into play, cost and complexity rises. Many enterprises will not have the budget to keep adding more solutions to their technology stack in hope they will improve their cybersecurity and reduce their insurance prices. Instead, they need a single source of truth and a complete view across the entire IT infrastructure – cloud included. From here, teams can identify network bottlenecks and eliminate irrelevant, duplicate or low risk traffic. Deep observability is therefore not only a must for security, but also for making budgets go further.

Organisations need to brace themselves for a challenging economic down-turn and continued rises in cyber insurance premiums by implementing a strategy based on Zero Trust, deep observability and network-to-cloud visibility. In turn, security teams can be far more confident in their security posture, business leaders are satisfied by a lower spend and insurers become more confident when taking on their customer’s risk.

Continue Reading

Banking

How banks can increase customer acquisition and user engagement with sustainability

Published

on

By

By Karolina Szweda, Head of Growth Marketing at Connect Earth

Young people are demanding more innovation from traditional financial institutions, and are primarily in favour of lower costs and more flexible digital customer experience promised by challenger banks and other FinTech providers. The future of banking is digital, and traditional financial institutions are well aware that they need to embrace innovation to remain competitive in the digitalised market.

In order to win over the younger generations, especially Millennials and Gen Z, banks need to invest in their digital transformation and deliver more customer-centric solutions. One of the affordable low-hanging fruits is sustainability.

As the public’s attention to the climate crisis grows, consumers and businesses are increasingly interested in reducing their negative impact on the planet. BCG reports that as much as 73% of consumers are altering spending habits because of climate change, and, according to PwC, 88% of consumers want brands to help them live more sustainably. As far as businesses are concerned, they are increasingly aware of the mandatory disclosure regulations set to take effect within the next years in major economies, and the need for carbon emissions reporting.

The problem is that the vast majority of consumers and businesses do not have access to actionable data on their carbon emissions. We believe that this is where banks can step in.

Increasing customer acquisition and retention

According to Deloitte, 71% of customers are more likely to choose a bank with a positive environmental impact. In addition, Global Risk Regulator reports that 93% of people expect sustainable financial services to become the norm, and according to Tink, 62% of consumers want their bank to show them an overview of their carbon footprint.

Banks are in a unique position to respond to this increasing demand by embedding climate data in their financial services offerings, which can help attract new customers and improve brand loyalty on a large scale.

With a carbon tracking API solution integrated into a digital banking app, financial institutions can be a catalyst for change and enable their customers to understand how they can reduce their emissions. By providing carbon emissions data for each financial transaction, banks can support and encourage their retail banking clients, corporate clients and/or retail investors to act more sustainably, while also increasing customer acquisition and digital engagement.

Most importantly, banks can also measure how their customers’ spending behaviours are changing as a result of being exposed to climate-related information, which they can use to segment and understand their customers better.

Increasing digital engagement

According to EY, 61% of consumers want to access more information that can help them make better sustainable choices. Banks are in a position to empower customers to do exactly that, whilst increasing user engagement with their digital banking apps.

Educating consumers on how to make more sustainable choices can be achieved through gamification, personalised recommendations and rewards to encourage behavioural change. The analysis of spending data along with tailored educational content can enable consumers to analyse, learn and improve their consumption habits and empower them to act on this knowledge.

Before accessing their carbon emissions insights, users can enter their custom information about their lifestyle habits, such as diet (meat-based vs. plant-based), daily means of transportation (car vs. bus) and more. Machine learning models improve as users input data over time, making carbon emissions estimates more granular. The model is trained to support thousands of different user types based on their profile and enables the bank to customise the experience and gamify the emissions reduction process for users.

How banks’ customers can benefit from accessing carbon emissions data

As far as climate action is concerned, having a real-life overview of one’s carbon footprint can be a true game changer for millions of consumers worldwide. Access to carbon data increases climate change awareness and empowers people to make a real difference.

Earlier this year, our team at Connect Earth confirmed the partnership with KBC Bank in Bulgaria to help them drive customer engagement and provide their retail banking clients with climate insights into their spending. We aimed to bolster KBC Bank’s corporate sustainability strategy, whilst meeting increasing demand from climate-conscious clients.

The financial sector has historically lacked the infrastructure to support sustainable finance in a tangible way. We are happy to report that the green transition has begun.

Continue Reading

Magazine

Trending

Business6 hours ago

Hidden channel costs: how to find and tackle them

By Mark Wass, Strategic Sales Director, UK and North EMEA at CloudBlue     Growth for businesses will always be a...

Finance11 hours ago

Is your business ready for finance automation?

Mari-Frances Bentvelzen, Business Head and General Manager of Global SMB at SAP Concur   As managers continue to drive their...

Top 1011 hours ago

The power of a proactive customer service

By Delia Pedersoli, COO, MultiPay   2023 is shaping up to be another challenging period for B2C businesses. While the...

Business12 hours ago

Automation nation: Liberating workers from desks, data entry and the doldrums

Gert-Jan Wijman, VP of EMEA at Celigo.   Just when businesses thought the tough times were over, even more challenges...

News12 hours ago

Protean and Fino Payments Bank tie-up to expand PAN card issuance services in India

Fino Payments Bank has tied up with Protean eGov Technologies (formerly NSDL e-Governance Infrastructure Limited), a market leader in universal,...

Business20 hours ago

What is the True Cost of SMS Phishing?

Gemma Staite, Threat Analytics Lead   Cybercriminals will recycle attack strategies for as long as they are effective. In Fraud...

Technology1 day ago

Digital Asset Management (DAM) To Transform Enterprise Brand Management

Alexander Rich, Co-founder and CEO – Desygner    Rapid digital transformation fuelled by the pandemic has undoubtedly proven beneficial to...

Finance1 day ago

Cost of living: How to identify vulnerable customers

Ellie Engley is account director at REaD Group   In the current climate, the cost of living crisis is a...

Banking1 day ago

Is traditional business banking the best option for SME finance squeezes?

Airto Vienola, CEO, AREX Markets  The pressures facing business and personal finances alike have been well documented. Stories are now starting...

Business1 day ago

Breaking down communications silos to streamline the customer experience

Dave Tidwell, Head of Technical Pre-sales, DigitalWell   The pandemic has, without doubt, moved the goalposts when it comes to...

Business1 day ago

How growth can be a big challenge when a business becomes multiple entities

By Paul Sparkes, Commercial Director of award-winning accounting software developer, iplicit. Organisations don’t just grow in size – they also...

Wealth Management1 day ago

Keeping Cyber Insurance Premiums Down with Deep Observability

By Mark Coates, VP EMEA, Gigamon There is no doubt that the cyber insurance industry has experienced something of an...

Business1 day ago

When it comes to innovation, ignore your CEO and listen to your customer

 By Alex Hammond, Partner, Airwalk   At its core, the 2008 financial crisis was a result of banks incorrectly managing...

Business1 day ago

Netflix-style ransomware makes your organisation’s data the prize in a dark subscription economy

By John Davis, UK & Ireland Director, SANS Institute. Today’s subscription economy makes accessing nearly any service as easy as hitting enter....

Banking1 day ago

BANKING FOR BETTER 

By Alex Kwiatkowski, Director of Global Financial Services, SAS. From shifting market dynamics and mounting geopolitical tensions, to skyrocketing cyber threats...

Banking1 day ago

Why traditional banks need to embrace the agility of fintech competitors

Paul Higgins, EMEA Banking Lead, Mendix   Tech has long played a role in the finance space. The legacy applications running...

Technology1 day ago

SaaS Procurement’s Silver Bullet – How Automation is Changing the Game

Sven Lackinger, Co-Founder, Sastrify   Sven Lackinger is Co-Founder at Sastrify, the digital procurement platform for Software-as-a-Service products. Founded in...

News1 day ago

Tata Motors partners with IndusInd Bank to offer exclusive Electric Vehicle Dealer Financing

Key Highlights:   One-of-its kind Electric Vehicle Inventory Financing program for Tata Motors’ dealers  Limits extended towards EVs will be over...

Finance1 day ago

astrantiaPay Selects SaaScada to Enrich Swiss Landscape of Business Payments and Fill Market Gap

Swiss financial firm, astrantiaPay, to use SaaScada’s cloud-native core banking engine to simplify cross-border payments for SMEs and facilitate international...

Business2 days ago

How Big Data is Transforming Bilateral Trading

By Stuart Smith, Co-Head Business Development – Data & Risk at Acadia   Since its inception, Big Data has been...

Trending