Rashid Ali, Enterprise Solutions Manager, WALLIX
Cyber-attacks continue to dominate the headlines, and this combined with the fact that financial organisations store some of the most sensitive information in the world, makes the industry a highly lucrative target. All organisations understand the need to have strong cybersecurity measures in place to protect personal and corporate data. However financial services, in particular, have an increased need for advanced security with both money and personal data at risk.
However, despite this, warning research has revealed that approximately 70% of financial institutions have experienced a cyber-attack since the pandemic began. In addition, an Accenture study found that the cost of cyberattacks experienced by the financial services are considerably higher than other industries, reaching up to $18.5 million annually per company – compared to the average cost of $13 million per company when looking across all other industries. Alongside financial implications, cyber breaches also threaten banks and other financial services with potentially disastrous reputational and customer loyalty losses. Trust is crucial in the financial space, and customers want to know that both their assets and personal information is secure. It has never been more important for financial institutions to protect themselves – so how can this be achieved in the face of ever-evolving cyber criminals?
Privileged accounts and users are at the heart of the financial services industry – they are needed in order to grant different permission levels and enable employees to do their day-to-day role, handling sensitive information in a secure and compliant setting. In order to truly defend organisations from risks associated with these accounts, it is essential to implement a robust privileged access management (PAM) solution.
Combating against ever evolving cyber attacks
The challenge facing many financial institutions is that they are storing more and more private information while at the same time embracing the new digital age. Access to online banking, the ability to transfer money at the touch of a button and instant approval on loans and other services is a major competitive differentiator – and something consumers expect. But, from a security viewpoint this also means more information for cyber criminals and an ever-expanding attack surface. This opens up more vulnerabilities and potentially weak entry points.
Many traditional banks and other institutions also tend to have intricate and complex infrastructures. Many of them have been transitioning their old legacy infrastructure while trying to keep up with the rapid digital transformation that is happening in the financial industry. Within a single organisation there could be hundreds of applications used by thousands of employees across numerous locations.
As part of the very nature of their operation, financial services also tend to have a multi-layered approach when it comes to operations and security, which presents a unique set of challenges. They often share information and work with external providers that use privileged accounts to complete their work. This combined with the fact that the industry is complex with strict regulatory requirements means that the potential damage of a breach is much more alarming. Defending against all these risks can seem highly complicated.
Although privileged accounts and privileged users increase the attack surface, they are required to keep financial services, workflows and processes running smoothly, so this is where institutions need to focus their security. If not managed correctly, hackers can easily get hold of root privileges and make radical changes that can lead to serious consequences.
The role of privileged access management
The good news is that a strong privileged access platform combined with strong endpoint protection enables financial institutions to overcome these challenges, while providing the digital services and third-party access they need. In addition, these platforms also help enable compliance through strong password protection, establishing a zero-trust policy and monitoring and recording of privileged access.
Alongside improved security and compliance, privileged access management and endpoint protection also provides added benefits such as quick and easy authentication. This removes a long drawn-out process that hinders employee and customer experience.
PAM reinforces access security through password management, ensuring compliance with the latest regulations, and providing the required information to auditors. PAM also imposes policies that restrict privileged users from bypassing security systems. It secures privileged accounts and allows financial organisations to proactively protect themselves.
Controlling privileged access limits the moves a hacker can make after they have established a foothold within a network. This greatly reduces their ability to move laterally and access sensitive systems. Financial organisations maintain complete control over all privileged users with complete logs and access details, and all actions taken during a privileged session.
With the threat landscape constantly changing, PAM provides the ideal platform that will allow financial organisations to continue the innovation and embrace new services to stay ahead of the competition – while at the same time keeping security and compliance front of mind.
How bug bounty programs can help financial institutions be more secure
Rodolphe Harand, Managing Director at YesWeHack
Financial services have been one of the most heavily targeted industries by cybercriminals for several years. One alarming stat from the Boston Consulting Group found these firms to be 300x as likely as other companies to be targeted by cyberattacks.
Furthermore, the pandemic has led to a significant increase in the number of cyberattacks targeting financial institutions (FIs), with around 74% experiencing a spike in threats linked to COVID-19.
With FIs holding some of the largest collections of sensitive and private data, it’s clear they will remain an attractive target for malicious actors, especially as any data stolen can be used for fraudulent activities. This leads to the reputational damage of the financial entity that was compromised and has a knock-on effect in terms of monetary and reputational damage to affected customers.
For CISOs at FIs, the conundrum faced is how do you protect intellectual and customer data, and ensure accountability and transparency for clients and stakeholders, at a time when the pandemic has created budget constraints. Research from BAE Systems found that last year alone, IT security, cybercrime as well as fraud and risk departments had their budgets cut by a third.
Below we look at how bug bounty programs can help to address these pressing issues.
Protecting valuable data
Protecting customer and intellectual data has always been a top priority for FIs. However, as opportunistic cybercriminals have a lot to gain by stealing this valuable data, there is a constant evolution of threats, which means FIs must stay on their toes. By deploying a bug bounty program, FIs can work with ethical hackers that have a wealth of experience and unique skills when it comes to identifying security weaknesses within a FI’s defence, thus helping to implement effective security measures to help prevent data breaches.
Building trust among various stakeholders such as customers, suppliers and investors is critical for achieving business goals. By deploying a bug bounty program, FIs send out a message that they care about protecting the security of the data of those they work with – which in turn can have a cascading effect resulting in better business performance.
For FIs to win customers and keep them happy, amidst the growing threat of neo banks and customer-centric fintech organisations, speed of innovation is crucial. As such, many FIs have adopted an agile approach to build, test, and release software faster to bring online and mobile banking solutions to market quicker. However, this can create frictions between development and security teams. Security mandates are deemed to be unnecessarily intrusive and a cause of delayed application development and deployment.
Yet, with DevOps teams needing to build and deploy applications faster than ever before, an epidemic of insecure applications has emerged. According to Osterman Research, 81% of developers admit to knowingly releasing vulnerable applications, while research from WhiteSource found 73% of developers are forced to cut corners and sacrifice security over speed.
With developers often not having the time, tools, skills, or motivation to write impeccably secure code, there is an evident need to provide developers with more support when it comes to building applications securely Fortunately, bug bounty programs can provide a “fact-based” financial implication of inherent security flaws within the process. This makes it possible to hold development teams and service providers accountable for creating or delivering insecure products, thus addressing inherent security gaps within the business units and helping to drive continuous improvement.
Moreover, security awareness and education of developments teams can be improved significantly for those developers that are directly involved with the management of vulnerability reports for their bug bounty programs. This is because, the mere fact of exchanging information with ethical hackers, or assimilating the thinking of a potential hacker and having proof of concepts of vulnerability exploitation on their application components, naturally accelerates consideration of security early in the development stage and provides ongoing learning.
Get more return on your investment
According to Gartner, 30% of CISOs effectiveness will be directly measured on their ability to create value for the business. When security budgets are challenged, CISOs need to demonstrate business value through initiatives designed to enhance efficiency whilst stretching the dollar.
This is where bug bounties can help tremendously. Compared to conventional penetration testing, bug bounty offers a fast, complete, and measurable return on your security investment, with businesses only paying out for successful discovery of vulnerabilities. Equally, businesses get access to hundreds of ethical hackers that can test their programs, each with their own unique skillsets as opposed to only one skilled researcher testing the network. This results-driven model ensures you pay for the vulnerabilities that pose a threat to your organisation and not for the time or effort it took to find them.
Bug bounty programs also deliver rapid vulnerability discovery across multiple attack surfaces. With this approach, organisations receive prioritised vulnerabilities and real-time remediation advice throughout the process to accelerate the discovery of, and solution to vulnerabilities.
Another appeal of bug bounties is that due to the continuous nature of testing, more vulnerabilities are found over time as opposed to pen-testing. This is key to financial institutions that require agility to keep up with the continuous roll-out and updates of applications.
The cornerstone to a successful security programme
The risk posed to financial institutions by cyber threats will only continue, as evidenced by the number of data breaches seen in recent times. The COVID-19 pandemic has only exacerbated these risks, especially with almost all FIs having needed to shift to a remote working environment – which has only widened the attack landscape.
For FIs, a bug bounty program should be considered a fundamental cornerstone of any security strategy, with it being a modern-day cybersecurity solution that is well-equipped to tackle the immediate security challenges they face. In doing so, FIs will not only prove to customers and stakeholders their commitment to data protection and security but this will also be help them to avoid the monetary damages that could be imposed by regulators if a breach was to take place.
Five predictions set impact the finance teams in 2022
By Rob Israch, GM Europe at Tipalti
The CFO now has a very different set of responsibilities in comparison to a few years ago; 2021 saw sustainability move up the C-suite agenda, Brexit was officially pushed through meaning new rules and regulations for industries, and pandemic uncertainty caused further disruption for businesses. Understandably then, 97% of UK CFOs believe their role has become more complex over the last two years, according to latest research by Tipalti. Finance leaders, who were already rushed off their feet, are now having to wear even more hats.
Operating in a new climate, with new challenges and circumstances, finance teams must be ready to innovate to find new solutions to changing business needs. From becoming more attuned to ESG ratings to fighting against the burden of manual processes and tasks, below we explore what finance teams can expect to experience in 2022.
- A tightening of CEO-CFO relationship
As opposed to solely managing financial operations and ensuring compliance, the CFOs relationship with the CEO will intensify in 2022. This shift will see the CFO become increasingly involved in looking at the strategic ways the business can grow and diversify.
Nearly two-fifths (39%) of CFOs have noted a larger demand to collaborate with the c-suite now than two years ago. However, organisations are still slowed down by old ways of working, as nearly a third (29%) of CFOs state they are having to deal with more manual finance operations. As a result, CFOs aren’t afforded time to support the business leader in the way that their job requires.
By innovating financial processes through automation, finance teams can free up time for the strategic tasks that matter most to the business. In fact, UK CEOs believe that the ability to prioritise innovation (25%) and the ability to improve financial and business reporting accuracy and timeliness are the most important qualities for a successful CFO today.
- Invoice payments fraud will be harder to fight
Every year, defending against fraud gets increasingly challenging. As accounts payable complexities rise, finance teams will experience payments fraud at an alarming rate.
Finance teams today are tasked with managing more diverse payment methods, increasing cross-border transactions and dynamic tax compliance and financial reporting. Yet, teams struggle to cope when operations are processed manually. The most common perpetrator of payment fraud is manual processes. They are neither efficient nor airtight enough to ensure optimum financial control. Busy finance teams, escalating complexities in AP and error prone manual processing sets the perfect scene for fraudsters to take advantage.
To mitigate such risk, companies need to leverage people, processes and technology. This means investing in robust technologies such as automation to standardise procedures. Data entry will be minimised, end-to-end payments processing visibility will be optimised and policy compliance becomes automated. Not only does AP automation relieve workflows by minimising manual intervention, but the technology acts as a hub for enforcing strong financial controls as the number of people and systems involved in payment processing is reduced substantially.
In addition, 2022 will see more multi-entity businesses emerge as organisations recognise the value of the ‘work from anywhere’ model. It can be challenging to manage finance functions across these multiple entities, and that is often why different business units in geographical locations run their finances in isolation, with varying processes and approvals being managed in different ways. However, with no central control or oversight, you run the risk of internal fraud.
- Finance leaders will need to focus on ESG initiatives
Following COP26, business leaders are under pressure to set and meet green targets, and many are turning to their CFOs for solutions. In fact, CFOs ranked incorporating environmental, social and governance (ESG) and sustainability into the business and its operations as the greatest driver of complexity in their role (27%), above even the global pandemic (22%).
A key reason for this is that ESG ratings have become an important tool for asset managers and investors to evaluate and compare future investment prospects. Currently more than a quarter (28%) of UK business leaders rank international growth as a top priority for the year ahead, so a less than favourable ESG rating is not an option. So far, the challenge for CFOs has been finding the time to work on sustainable initiatives.
- Uncertainty will continue to loom over the UK post-Brexit
It has been over five years since the UK voted for Brexit – but it will most certainly be on the agenda in 2022 as new regulations emerge. There are a number of challenges that Brexit brings, and much uncertainty still remains in place.
In navigating the uncharted waters of Brexit, businesses will encounter new hurdles when looking to fill roles, as the Global Talent Visa makes competition for skilled employees more formidable than ever before. With the visa application deadline passed, some employees may have chosen to move back home contributing to headcount issues for finance teams.
Moreover, the UK is still yet to agree many key trade agreements. Businesses will need to stay vigilant – watching out for any changes at relatively short notice and be ready to adapt.
- Employee wellbeing will need to be prioritised
Along with many other departments, the Great Resignation period has meant finance is experiencing Churn. Whilst the wellbeing of all employees will be a key focus for the c-suite this year, CFOs will need to ensure the work of the finance team is engaging and talent is not wasted on tedious and time-consuming operations. Introducing automation to take care of those manual tasks will free up time to upskill employees, while making them feel valued in their role.
The future office of finance
2022 will see finance teams adapting the way they operate to combat new challenges. With agreements signed following COP26, implementing sustainable initiatives is no longer a choice, and in the wake of Brexit uncertainty, businesses will have to face new rules and regulations head on. On top of this, the CFO will need to pivot away from solely financial operations in order to drive strategy, fight against fraud threats while prioritising the wellbeing of their team.
It’s a complex set of responsibilities and will only be achieved if finance teams are able to move away from manual administrative work and towards new technologies and automation capability. A CFOs time is precious and needs to be reserved for the tasks that matter.
AI-Powered Fraud Prevention for Digital Transactions
By Martin Rehak, CEO of Resistant AI Fraud is on the rise, thanks to the rapid escalation of digital channels...
The future of retail trading
Joe Jowett, CEO of StrikeX The 2020s look set to be the decade of the retail trader. As the...
Dissecting the expansion of online checkouts
Daniel Kornitzer, Chief Business Development Officer Card payments have long existed as the preferred payment method for online consumers....
How bug bounty programs can help financial institutions be more secure
Rodolphe Harand, Managing Director at YesWeHack Financial services have been one of the most heavily targeted industries by cybercriminals...
Resolving the unintended friction of Web 3.0
Marten Nelson, CEO, M10 Networks Media is buzzing about Web 3.0 and the metaverse. Companies and investors are scrambling to get...
Predictions for Alternative Data in 2022
Neil Chapman, CEO of Exabel 2021 saw various firsts for alternative data. The $1.6bn flotation of SimilarWeb evidenced the...
Why Zero Trust and securing the supply chain is key to post-pandemic recovery
Jim Hietala, Vice President, Business Development and Security at The Open Group Banking and finance have grown to provide...
Five predictions set impact the finance teams in 2022
By Rob Israch, GM Europe at Tipalti The CFO now has a very different set of responsibilities in comparison...
Three ways to reduce uncertainty in financial services marketing
By Patrick Costello, Senior Product Strategy Director, Optimizely According to Bain & Company, uncertainty is one of the key factors affecting marketing...
Bringing Automation to Banking
Ron Benegbi, Founder & CEO, Uplinq Financial Technologies Automation is everywhere you look these days; from supermarkets to warehouses...
Why financial services is stepping into a new era
by James Mingard, Head of Retail & Finance at Maintel When comparing industries, financial services has arguably fallen behind when...
FINANCIAL MARKETS IN 2022: INFLATION, ENERGY PRICES, AND THE CONTRASTING PERFORMANCE OF STOCKS
Bob Jenkins, Head of Research, Refinitiv Lipper Anyone hoping for a reprieve from the chaos and uncertainty of the...
FINTECH TRENDS TO LOOK OUT FOR IN 2022 WHICH WILL CHANGE THE WAY WE DEAL WITH FINANCE!
Embedded Finance is estimated to be a $3.6 trillion market opportunity (Matt Harris, Bain Capital Ventures) Embedded Finance means it’s...
THE GREEN REVOLUTION IN INVESTING
It can’t be denied how quickly environmental sustainability has become a focus among everyday consumers, whether they’ve become noticeable through...
INVESTMENT IN INNOVATION: 2022 TRENDS AND OPPORTUNITIES
Author: Michael Kodari, Founder and CEO of Kodari Securities (KOSEC) Moving into 2022, while COVID is still front of...
HOW TO CONSOLIDATE INVESTMENT REPORTING OPERATIONS AFTER A MERGER OR ACQUISITION
By Andrew Sehulster and Abbey Shasore The reason why senior management make an acquisition is to compete better or...
FUNDING R&D IS STILL A PRIORITY FOR COMPANIES DESPITE THE PANDEMIC
By Emma Lewis, Myriad Associates HMRC regularly releases statistics that look at the numbers of R&D Tax Credit claims...
Mitigating the insurance risks of climate change through geospatial data visualisation
Richard Toomey, Senior Manager, Commercial Insurance at LexisNexis Risk Solutions UK and Ireland In the lead up to the...
From compliance to the metaverse: Investment trends to look out for during the year ahead
By Rami Cassis, Founder and CEO of Parabellum Investments In the investment world, the old saying, knowledge is power,...
NutreeLife triples production with finance from Siemens Financial Services
Plant-based snack manufacturer NutreeLife has massively increased its production capacity with the help of a hire purchase solution from Siemens...