by Tony Pepper, CEO. Egress
Financial services organisations are trusted with far more than just money; they are also responsible for keeping customers’ highly sensitive personal and financial data under lock and key. We’re hyper-aware that the growing value of this data means financial organisations are prime targets for malicious cyberattacks – but this isn’t the only threat they face. In fact, not a day passes without these firms’ own employees putting data at risk from within.
You might think that, when it comes to reducing overall breach risk, employees represent low-hanging fruit – surely it is easier to control the actions of a company’s own team members than it is to defend against external attackers? However, this not the reality experienced by financial firms worldwide. While external attackers are always motivated by malicious intent, the employee population is far more heterogenous and, in a sense, much more human. This makes understanding and mitigating insider risk a more nuanced exercise. Just because it is difficult, however, doesn’t mean it is impossible. It’s crucial that financial services companies shift the dial on insider risk and reduce breach frequency, because the penalties for failing to do so are becoming increasingly draconian and the repercussions from customers much more severe.
The recent Egress Insider Breach Survey aimed to understand the different attitudes towards data sharing and ownership among employees in financial services companies and the approaches that IT leaders in the sector are taking to managing insider breach risk.
We found a whole range of diverse profiles of people who put sensitive financial data at risk for very different, but very human, reasons. Some need monitoring to keep their less-than-honest traits from getting the better of them, while others need a helping hand to save them from making genuine, well-meaning mistakes. And across all respondents, we also found confusion over who really owns data, contributing to the more cavalier attitudes displayed by some.
Deliberate “data breachers” – from well-intentioned but reckless to disaffected and destructive
Our study found that the financial services sector has more than its fair share of deliberate “data breachers”. Of the thousand employees we questioned, almost a third (32%) said they or a colleague had intentionally broken company policy when sharing or removing information in the past year. This compares with just 15% of healthcare workers and 11% of government sector employees.
The reasons given for this deliberate flouting of security policy varied. One-third said they were simply trying to get their job done but didn’t have the appropriate tools to share data safely. On the face of it we might have some sympathy with those employees, but would consumers and businesses want to bank with those firms?
It’s more difficult to be sympathetic with those motivated by self-gain, including the 41% who took data with them because they were moving to a new job. And we have even less sympathy for the 15% who compromised data because they were angry with the company and wanted to deliberately cause harm.
Operator error – mobile, tired, under pressure
Even with their firm’s best interests at heart, employees still make mistakes. 30% of financial sector workers said they or a colleague had caused an accidental data breach in the past year – again more than twice as many as their public sector counterparts. A third had sent an email to the wrong person and a further third had clicked on a link in a phishing email.
Their reasons behind these breaches varied from the pressure of working in a stressful environment, to tiredness and rushing. A significant proportion, however, said they made an error due to using a mobile device – and given the current requirement for mobile remote working during this COVID-19 pandemic, this is a definite cause for concern.
Breach detection gaps and technology limitations
Next, we examined what IT leaders in the sector have in place to mitigate insider breach risk. Concerningly, 60% said the most likely way they would discover an insider data breach was via internal hand-raiser reporting by either the employee themselves or a colleague. Only one third felt that their breach detection systems would pick up the issue.
In a similar vein, traditional data protection technology use was surprisingly inconsistent across financial firms. Email encryption, anti-malware and secure collaboration software were in use by fewer than half of financial sector companies. Again, raising the question whether consumers and businesses would be willing to trust their data to financial firms if they knew they didn’t have systems in place to protect it.
So, why is this the case? From the data we uncovered, it seems as though organisations are resigned to a proportion of insider breach incidents occurring, accepting them as an inevitable result of doing business and employing people. But this doesn’t need to be the case. It is possible to apply human layer security solutions to mitigate these risk factors and make a positive impact on breach frequency figures.
Human layer security – a helping hand and a watchful eye
Take the issue of rushing or tiredness. This can lead to users adding the wrong recipients to emails or failing to spot the subtle changes in familiar email addresses that denote targeted phishing attempts. This risk can be overcome with tools that use contextual machine learning to analyse what the good security behaviour looks like for each user and support them with alerts that tell them they’ve added an unusual recipient to an email, or that they are about to answer a phishing email. A small prompt is all these users need to stop them from making an error and causing a data breach.
Similarly, when using mobile devices with smaller screens, it is very easy to choose the wrong attachment and send sensitive data outside the organisation to the wrong recipient or to the right person unprotected. If an employee is less than honest, our always-on, constantly connected culture also enables them to deliberately do so too. However, it is possible to stop these incidents with an intelligent solution that scans email and attachment content and identifies data such as personally identifiable information (PII) or bank account details to alert users that they are about to send information to an unauthorised recipient, or without the correct level of encryption applied. If the user persists, the risky email can be blocked from being sent and administrators alerted to a potentially intentional attempt to breach data, so they can respond accordingly.
Ultimately, the most effective way to address human-activated threats to security is by implementing tools that support and manage users when they are at their most humanly vulnerable; tired, rushing, under pressure, angry or self-interested. As our research and wider evidence shows, the financial services sector is more than averagely vulnerable to insider data breaches, meaning human layer security must be a priority for IT leaders in the field if they hope to reduce breach frequency and keep sensitive data firmly in the vault.
STOCK MARKET ANALYSTS DISCUSS HOW TO INVEST DURING A RECESSION
- Online tool looks back at how world markets recovered after the last recession in 2008
- Analysts take learnings from previous recessions to offer insight on how to invest during a period of instability
- Certain areas of the stock market can increase in value during a recession
The economic crash due to Covid-19 is a unique event, however stock market experts have taken learnings from previous recessions to predict the stocks that may increase in value during this time.
IG Markets, Europe’s largest online derivatives trading provider, has taken learnings from previous recessions, using historical data and online tools such as Decade of Trade, which visualises world stock market trends over the 10 years since the 2008 crash, to provide predictions about the areas of the stock market to watch during an inevitable recession.
Stocks to watch during a recession
Under expansionary circumstances, stocks that have strong growth prospects such as healthcare and consumer staple sectors, for the future typically command lofty valuations and produce high returns, as investors bank on the company’s ability to generate more income as time progresses. This phenomenon typically results in high price to earnings (P/E) ratios like those currently present in some of the market-leading tech stocks.
In the event of an economic downturn, however, these profit-hopeful stocks are often discarded as investors align their income assumptions with slowing growth and lower consumer spending.
On the other hand, stocks with stable – but often more modest – income generation tend to be more insulated from dramatic stock shocks that frequently accompany recessionary periods. These stocks are known as “defensives” and, broadly speaking, include the utility, healthcare and consumer staple sectors. Given their profitability profiles, they become an important collection of stocks to keep an eye on when the broader market encounters a rough patch.
Consequently, a portfolio comprised entirely of equities is remarkably vulnerable in times of recession, particularly at the onset when losses are often steepest. With that in mind, it may prove beneficial to look outside of the equity market for some of the best recession-proof investments.
Gold can be an investment during a recession
XAU/USD is widely regarded as a safe haven asset for its stable store of value and tangibility. Further still, gold can act as an inflationary hedge, making it an attractive investment in times of recession and in periods of lower interest rates when inflation may threaten to take hold. Gold has demonstrated an almost innate ability to retain its value during contractionary periods, thus making it an attractive investment in times of uncertainty.
The US dollar: an attractive currency during recessions
Sharing similarities with gold, the US Dollar also boasts safe haven attributes. Due to its role as the world’s reserve currency and the backing of the world’s largest economy, the US Dollar is both incredibly liquid and sought after. Issued by the Federal Reserve, the Greenback is arguably the safest currency in the world and has become a quasi-currency of exchange in many nations where domestic currencies have had their purchasing power fall, due to inflationary pressures or other economic woes.
Consequently, holding US Dollars during periods of uncertainty or turmoil is often viewed as an attractive alternative to other assets. Evidenced in the Great Financial Crisis when the United States dragged the rest of the world into a global recession, the US Dollar surged almost 25% during 2007 to 2009 even as the Federal Reserve lowered interest rates to the floor.
The Dollar’s strength was largely owed to the fact that the Federal Reserve possessed ample liquidity and the US economy was soon in a position to recover while others were mired in recessions – some of which have never fully recovered.
Joshua Warner, Anaylst at IG Markets, said: “While there is a strong argument that a global health pandemic like Covid-19 has been on the radar of governments and institutions for decades, the lack of preparedness of most governments and businesses shows how unprecedented the current situation is.
“It is almost guaranteed that the UK will enter a recession in the coming months. The Bank of England (BoE) has said it is likely to be the sharpest one on record, while Chancellor Rishi Sunak has warned it will be a ‘severe recession the likes of which we haven’t seen before’.”
Peter Hanks, Junior Analyst at Daily FX.com, said: “With the benefit of hindsight and the lessons of the three most recent recessions, it can be argued the best recession investments are not stocks at all, but rather assets that retain their value even as growth slips. Therefore, if equity exposure is a must-have in your portfolio, the US Dollar and gold should also be given consideration – particularly for the risk-averse investor or one who suspects an impending recession.”
To learn more about the stock market over the last 10 years to understand future trends, please visit: https://www.ig.com/uk/special-reports/decade-of-trade
SECURING THE EVIDENCE FOR VAT AND TAX
Filippa Jörnstedt, Senior Regulatory Counsel at Sovos
Businesses are almost entirely digital in their nature. With sophisticated technology now in the reach of most, the measurement and reporting of business transactions have transitioned from slow, manual processes to being automated, allowing finance teams room to breathe. However, alongside the positives of these advancements, there also comes a responsibility to understand the wide-ranging requirements of governments worldwide when it comes to financial transparency.
Recently, we’ve witnessed a shift towards more continuous transactional controls and reporting schemes carried out in real-time, as governments look to reduce their VAT gaps and discrepancies in their economies. Historically, the pressure was on businesses to report their own transaction data, but with the new formats being used, governments are beginning to take matters into their own hands. This makes logical sense, as there is far more complex real-time data being submitted by businesses that governments have access to.
The figurative stick that is VAT control reform is often introduced together with a carrot: removing the need to collate and submit periodic reports, such as VAT returns, to the tax authorities. Ideally, this means less pressure on businesses. That is, until a problem surfaces, such as data being interpreted in the wrong way, or a dispute arising about the timing of a transaction. Often, these problems originate from reporting being mishandled or through the clearance of transaction data, so keeping a rigorously organised and in-depth record of financial information is imperative for businesses to avoid these problems. Aside from this, it allows them to substantiate any government reports and fix any issues. The difficult aspect, though, is how to build these archives in this way.
Digital paper trails
In previous iterations, financial employees were responsible for collating and archiving paper invoices, receipts and other data to provide evidence of their business activity. So, the process of archiving isn’t new, but it needs to reflect the digital times we find ourselves operating in. Simply put, this isn’t a manual task anymore, but many businesses have seemingly just moved to e-archiving without too much thought to just how crucial it is to get right. Modern tax authorities are asking for specific details behind each transaction, paying particularly close attention to time and date, so the archive cannot simply be moved to a digital filing drawer.
Looking at a recent example, India’s reporting requirements now involve invoice data to be sent to the authorities in real-time, for pre-approval and registration onto a state-operated platform. The invoice will only be considered valid following the generation of a unique Invoice Reference Number by the same platform.
Looking at this from an audit perspective, if a business is later questioned on a transaction then they need to be able to quickly find the correct evidence of that particular transaction, as well as any government response message in relation to that transaction, or risk major fines. Alongside India, also countries closer to home such as Poland and Finland are shifting the way they operate with invoicing and reporting, following Italy’s successful system change last year.
And this is a clear trend; audits into business activity are only going to become more precise and closer to real-time as further governments see the benefits of adopting these methods of tax control. Real-time reporting and mandatory e-invoicing makes sense more widely as these systems have proven to be very effective at reducing VAT gaps, with evidence of this going back decades in areas of Latin America.
An authority shift
As outlined, with further countries adopting real-time reporting or variations of this, the tax authority is becoming more central to processes as they receive and gather details on VAT owed by businesses. Reporting in this way makes sense, but pressure on finance teams to keep incredibly detailed data-trails is more important than ever. Tax authorities are increasingly building rich data records of their own as they are receiving more and more granular data in real-time. As a result, the source-of-truth no longer primarily lies with the taxpayer’s financial records, but instead with the tax authority’s ledgers.
To keep pace with this, businesses can no longer simply file away invoices digitally, but also need to record as much data as possible to corroborate the authorities’ records of their transactions. By doing so, they are building an evidence base to be able to dispute any queries or wrong decisions to safeguard their activity. Keeping this front of mind will make the process of addressing any problems far easier than relying on old, less-detailed archives.
Throughout the EU, there are many variations in archiving laws that need to be adhered to. German requirements are set out in their GoBD principles, but in Italy the regulations are far more technical and detailed, reflecting their tax setup. This Italian model asks businesses to provide a documented description of their archives, an overview of its process, but also a delegation plan to show assigned responsibility for those processes. This isn’t an easy set of requirements, especially with laws frequently changing.
The whole aspect of archiving has long been important, but now the stakes are higher; it’s not simply a box-ticking exercise. A complacent, old-school approach to both invoice and transaction data archiving could now result in severe repercussions for businesses. A robust digital strategy is vital.
Managing archives to reflect the new normal
Digitalisation does have the benefit of taking some of the pressure off businesses, but this switch in data authority from the business to the tax authority doesn’t mean less work. Regardless of where information is stored, e-invoices must be now kept centrally and be available at any time for those that may need them. Storing these individually, including specific supporting transaction data will mean faster access to relevant evidence for any issues that may arise. Fortunately, technology is now available to do much of the heavy lifting.
To keep up with continually shifting regulation and, importantly, keep compliant with it, businesses must examine how they manage their transaction data and how to ensure their VAT evidence locker is fully stocked. Because legislation may change, but compliance is always compulsory.
AI: CUSTOMER FACING EMPLOYEES’ BEST FRIEND IN THE FINANCIAL SERVICES INDUSTRY
By Ryan Lester, Senior Director, Customer Experience Technologies at LogMeIn We’ve all heard the old saying “money talks.” Well...
HOW IDENTITY IS SECURELY UNLOCKING THE SME BANKING MARKET
By Mike Kiser, senior identity strategist at SailPoint Have an identification card in your wallet? With a selfie and a...
FIVE REASONS WHY YOUR BUSINESS’ PROCUREMENT TEAM SHOULD BE USING A CONTRACT MANAGEMENT SYSTEM
By Daniel Ball, business development director at Wax Digital Even in today’s digital-first environment some businesses are still storing...
EXEGER – CHANGING THE PERCEPTION OF POWER
FINASTRA GLOBAL SURVEY SHOWS APPETITE FOR OPEN BANKING PICKING UP PACE WORLDWIDE
86% of global banks surveyed are looking to use open APIs to enable Open Banking capabilities in the next 12...
STOCK MARKET ANALYSTS DISCUSS HOW TO INVEST DURING A RECESSION
Online tool looks back at how world markets recovered after the last recession in 2008 Analysts take learnings from previous...
PROTECTING YOURSELF AGAINST A RECESSION
James Turner, Director at Turner Little The coronavirus outbreak has spread to businesses, leaving many around the world counting...
LIBERTY BANK REINFORCES ITS FRAUD STRATEGY TO FURTHER PROTECT ITS CUSTOMERS
Liberty Bank, the third largest bank in the Georgia, has reinforced its fraud strategy to address the rising volume of...
COMMERCIAL FINANCE SPECIALIST IGF NAVIGATES THE LOCKDOWN
Leading independent commercial finance specialist, Independent Growth Finance (IGF), entered the lockdown after a record-breaking financial year came to an end in March. In April, it was accredited by...
COVID-19 WILL BE THE TIPPING POINT FOR DIGITAL TRANSFORMATION IN PROCUREMENT
Seven in ten organisations in the UK say the global pandemic has increased the need for procurement to digitally transform...
TRIO OF NEW REGIONAL DIRECTORS HEAD UP TIGERWIT’S GLOBAL EXPANSION
Following the release of their record revenue for the last financial year, award-winning online trading platform, TigerWit, has strengthened their...
SECURING THE EVIDENCE FOR VAT AND TAX
Filippa Jörnstedt, Senior Regulatory Counsel at Sovos Businesses are almost entirely digital in their nature. With sophisticated technology now...
TIPS TO PROTECT YOUR CASHFLOW DURING THE COVID-19 PANDEMIC
By Rita Cool, Certified Financial Planner at Alexander Forbes Financial Planning Consultants The full impact of the COVID-19 pandemic is...
RETAILERS WHO OPEN THEIR DOORS WILL NEED EXTRA HELP
With thousands of retail stores given the green light to open in the next few weeks the government needs to...
LEADING BANK IN TURKEY USES ONESPAN’S MOBILE APP SECURITY SOLUTION TO HANDLE DOUBLING OF DEMAND FROM COVID-19
OneSpan’s scalability helps DenizBank protect millions of mobile banking users as the coronavirus pandemic drives massive increase in hacking attacks...
KASKO PARTNERS WITH VIVIUM TO LAUNCH FULLY DIGITAL BIKE INSURANCE IN BELGIUM
Vivium, a member of the P&V Group, turned to the InsurTech provider to build an omni-channel and bilingual insurance product,...
THE STRATEGIC ALLIANCE BETWEEN MINSAIT AND AURIGA WILL PROVIDE AN INNOVATIVE OMNICHANNEL PLATFORM FOR A SUPERIOR BANKING EXPERIENCE
Minsait, an Indra company, and Auriga have reached a strategic agreement that will strengthen their position in the digital transformation...
INFORMAL PUBLIC TRANSPORT: FRONT-LINE MOBILITY HEROES
By Devin de Vries, CEO, Where Is My Transport Every week, 5 billion commuters in emerging markets have no...
FIXING THE FLAWS IN FINANCIAL SERVICES’ DATA MANAGEMENT
Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS...
FROM MANUAL TO MACHINE LEARNING: HOW TO APPROACH THE RECONCILIATION ‘PROBLEM’
By Christian Nentwich, CEO at Duco At the start of 2020, before the global coronavirus pandemic changed the world,...