Connect with us

Technology

Are cyber insurance and incident response budgets the same thing?

Published

on

Dominic Trott, head of strategy – UK, Orange Cyberdefense

 

Cyberattacks on businesses increased by 13% in 2021 compared to the previous year. Yet while it’s not necessarily the case that the number of bad actors is increasing, it is the scale on which they’re operating that has broadened exponentially.

In addition, the manner in which cyberattacks are being carried out has also evolved. While some cybercriminals hack for fun, the vast majority of malicious activity is, unsurprisingly, conducted for financial gain and targets organisations on the basis of two simple principles: first, where there is the most value to be targeted; and second, where the attacks are most likely to be successful.

It’s also likely that the full extent of the cybercrime landscape is hidden. Accurate data on the impact of cyberattacks is often hard to come by because, in many cases, the breached organisations are unaware of the full extent of the attack – or even that one took place. They might genuinely not know this information if they don’t have accurate oversight of their digital estate, or keep quiet for fear of incurring legal liabilities or causing reputational damage.

The current security landscape has created the perfect storm for cybercriminals, as cyber insurers and Computer Security Incident Response Teams (CSIRT) often end up fighting over the same budget. Traditionally, it has been relatively easy for firms to obtain cyber insurance coverage at low premiums. However, the heightened cyber risks and exponential growth of ransomware attacks in recent years has led to premiums rising.

The question that businesses often ask, therefore, is ‘why do I need an incident response retainer when I already have cyber insurance? Surely, it’s a waste of money? If the worst does happen, the insurance company will pick up the bill for any damage done after the event’. I would argue that is a short sighted and potentially dangerous approach. Let’s look at the different roles of incident response and cyber insurance.

  1. Cyber Insurance: like other types of insurance, this aims to give businesses a way to ensure that if the worst happens, they can recover some of the costs. Cyber Insurance will likely cover you for some of the tangible costs associated with a breach, but it probably won’t cover all of them. By acting quickly and limiting the scale of the breach, you may be able to reduce the full impact. In addition, some insurance companies will expect you to have demonstrated a level of preparedness before accepting your claim – a bit like having a burglar alarm or dead-bolt locks on your house before a house insurance claim is accepted.
  2. Incident Response Retainer: aims to provide rapid, on-demand expertise in an emergency if the customer calls them immediately after an incident. The key to mitigating the impact of any cybersecurity incident is the reaction time between detection and response. Many companies lack the infrastructure needed to react in a quick and secure manner. Having an incident response team available 24/7 to identify, contain and eradicate threats and to get businesses back up and running as soon as possible may be crucial to their ability to continue successfully trading.

 

Cyber resilience

But isn’t incident response included in the insurance policy? In many cases, it will be. And perhaps this is where the confusion comes. Cyber insurers will often pay out, but only as long as the incident is covered by an incident response retainer. Their objective is of course to help cover the financial losses that result from cyber events and incidents and in numerous policies, the presence of a retainer agreement with an external incident response provider can help prevent severe losses. This will often bring down the premium of the insurance policy. Having a retainer also means you get to choose the CSIRT team that you are going to be working with in advance. You can assess their credentials, their experience, talk to their other customers – all before an incident occurs.

The key thing here is building cyber resilience. Of course, there is no such thing as complete security. For starters, incident response alone is insufficient to deliver cyber resilience from either a technical or procedural perspective. Good practice advocates that solutions should be in place across the full threat lifecycle. For example, the NIST framework recommends that organisations identify their threats and vulnerabilities; protect against them with security tools and operations; detect threats as they address the enterprise; respond to contain and remediate an incident as it occurs; and recover to take lessons learned from incidents and improve ‘business as usual’ appropriately.

But, leaving an end-to-end approach to threat lifecycle management to one side, having both cyber insurance and an incident response retainer working seamlessly together will at least provide organisations with a fighting chance of continuing their core business functions if and when disaster strikes.

 

Making cybersecurity a joint enterprise

There are worrying trends emerging in the cybersecurity market. While attacks are becoming more sophisticated and ransoms are rising, there are concerns that there might not be enough money in the still-emerging sector to cover everyone’s needs. So, what can companies do? They should still invest in insurance coverage, but they also need to look for other ways to cover their potential exposure, including CSIRT rapid response teams.

It cannot remain a budgetary decision for a CTO and a CFO to fight over whether to firefight OR recoup what has been lost in cyber-attacks. Both are important. An incident response team is the first port-of-call to help respond to any cyber accident or incident. Then and only then – once the breaches have been made safe – should you call in the moneymen.

Technology

Why anti-spoofing fingerprint technology is essential for the continued growth of digital payments

Published

on

By

Anthony Eaton, CTO, IDEX Biometrics

 

The digital payments revolution is being driven by consumer demand for ever increasing convenience. This is leading the global digital payments market towards a value of US$204.1 billion by 2028. However, along with increased convenience, comes an implicit expectation to provide higher levels of security, especially when paying with contactless cards and digital wallets.

According to McKinsey, electronic payments are growing at twice the rate of GDP in North America and Europe. This expanding market has the fintech sector overstretched as they try to address operational risks without hampering customer experience and face increased fraud control expectations. If fintechs struggle to implement effective controls, they are likely to see heightened regulation in the future, which in turn can negatively impact consumer experience.

Amid this burgeoning market, fraudsters are continually looking for new vectors of attack. UK Finance’s 2021 Fraud Report showed that fraud losses on UK issued cards totalled £574.2 million in one year alone. To counteract such fraud, card issuers and digital wallet providers are deploying biometric fingerprint technology, which itself is evolving year-on-year to offer ever-increasing security levels.

The front-door attack

Fingerprint spoofing is considered a front-door attack on the biometric system.  It involves applying a fake finger, or so-called spoof, to the fingerprint sensor. When biometrics were first introduced on the iPhone in 2014 they did not deploy adequate anti-spoof technology. As a result it took just 48 hours before German hackers, the Chaos Computer Club, announced they had bypassed Apple’s new TouchID system with a fake fingerprint.

Attacks of this kind impact both consumer and industry confidence. As such, defending against this has been at the forefront of the emerging biometric payment card standards. Korean technology giant Samsung recently announced its entry into the biometric smart card space, and anti-spoof technology was at the centre of its story. This positioning reflects the need for added security and peace of mind in fraud prevention.

Anti-spoof: the heart of any biometric system

Anti-spoofing technology prevents fraudsters from defeating the fingerprint authentication process with false credentials. Today, it is used to increase security levels across a range of biometric systems, from smartphones to laptops and airport border control kiosks.

The biometric payment card has a compelling value proposition by bringing the biometric authentication process inside the secure enclave of the payment card’s Secure Element chip. The card’s off-grid nature ensures a much more limited surface of attack, compared with that of a highly connected smartphone. However, the challenges associated with implementing anti-spoof technology on this platform are not to be baulked at. The card has no battery and operates with limited on-board processing power. Without the luxury of the smartphone’s supercomputer-like processor a whole new wave of innovation has been needed.

As card issuers and digital wallet providers start to deploy fingerprint biometric payment cards to consumers, anti-spoofing technology must sit at the heart of their offering.

This can pave the way for a more secure future, from payment to digital and physical access, and to digital IDs and digital currencies.

Striking the balance between security and user experience

It’s clear that anti-spoofing technology must be included by default on biometric payment cards to reduce fraud and instil consumer confidence. But, despite the benefit of its added security it’s crucial to limit any potential impact on user experience. When paying for their shopping, consumers want to know that their card is safe, but more than that, they want to know their payment card will deliver a flawless user experience day-in, day-out.

When it comes to balancing security and user experience on a payment card, new design approaches have been required. The traditional approach to anti-spoof uses Neural Networks and Machine Learning techniques to train an image processing algorithm to detect the subtle characteristics of images captured from fake fingers. This requires an optimised processor and can quickly become impractical in a highly constrained smart card.

A second approach is to increase the security level of the traditional biometric authentication algorithm that matches a user’s fingerprint to the reference data captured during enrolment. This is very much a brute-force approach which, while helping to detect fake-finger attacks, will rapidly degrade user experience.

The optimum approach involves designing the fingerprint sensor, the biometric authentication algorithm, and the spoof detection system together – to all work in unison. Taking such a holistic, grounds-up approach opens up the design of biometric smart cards to new possibilities. Requirements can be met with margin allowing designers to achieve security targets and focus on delivering a flawless user experience.

Ready to fuel digital payment growth

To ensure the continued widespread adoption of biometric smart cards, it is important that all fingerprint biometric sensors are deployed with anti-spoofing technology while being optimised for user experience. Fingerprint biometric cards, when combined with anti-spoof technology allow for higher transaction limits and a faster, more secure transaction experience, while introducing increased obstacles to fraud.

Payment providers save money on fraud refunds whilst also increasing revenue thanks to higher limits and an enhanced customer base due to a secure and trusted reputation. The payment industry is already at a high level of security today. But with financial fraud on the rise, we must constantly improve to be ahead of cybercriminals and improve the customer experience for those using biometric payment services to enhance their lives.

Continue Reading

Banking

Digital Banking – a hedge against uncertainty?

Published

on

By

Ankit Shah, Head of Digital Banking, Apex Group

 

The story of the 2020’s thus far is one of crisis. First the world was plunged into a global pandemic which saw the locking down of people and economies across the world. Now we deal with the inevitable economic consequences as currencies devalue and inflation bites. This has been compounded by Russia’s invasion of Ukraine and subsequent energy politics.

And the outlook remains uncertain. Tensions continue to build between China and Taiwan and inflationary conditions are forecast to continue well into 2023. This uncertainty is impacting everyone, and every sector. And finance is no exception with effects being felt everywhere from commodity and FX markets to global supply chains.

But it’s not all doom and gloom. Rollercoaster markets and an ever-evolving geopolitical situation have made 2022 a tricky year far, but, despite the challenges, digital banking has proven resilient. In fact, the adoption of digital banking services has continued to grow over the last few years, and is predicted to continue.

So, what are the forces driving this resilience?

In an increasingly digital world and economy, digital banking comes with some advantages baked in, which have seen the sector continue to succeed despite the tumult in the wider world. In fact, the crises which have shaped the decade so far may even have been to the advantage of digital banking. Just as during the pandemic, technologies which could facilitate remote working saw a huge uptick in users, so to digital banking is well suited to a world where both people, and institutions demand the convenience that online banking services offer.

And while uptake of digital banking services is widespread amongst retail consumers, a trend likely to continue as digital first generations like Gen Z become an ever-greater proportion of the consumer market, uptake amongst corporate and institutional customers has been slower. This is largely down to a lack of fintech businesses serving the more complex needs of the institutional market, but, in a post-Covid world of hybrid working business, corporate clients are looking for the same ease of use and geographic freedom in their banking that is enjoyed by retail consumers.

This is not just a pipe dream – with the recent roll out of Apex Group’s Digital Banking services, institutions can enjoy the kind of multi-currency, cloud-based banking solutions, with 24/7 account access that many of us take for granted when it comes to our personal banking.

Staying compliant

One significant difference between retail and business accounts however, for banking service providers, is the relative levels of compliance which are needed. While compliance is crucial in the delivery of all financial services, running compliance on multi-million pound transactions between international businesses brings with it a level of complexity that an individual buying goods and services online doesn’t.

For digital banking services providers, this situation is further compounded by guidance earlier this year from HM Treasury – against the backdrop of the Russia-Ukraine conflict- requiring enhanced levels of compliance and due diligence when it comes to doing business with “a high-risk third country or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country or with a sanctioned individual.”

So, can digital banks meet these standards while also providing institutions with the kind of easily accessible, mobile service which retail customers enjoy?

The answer is yes and again, once initial hurdles are overcome, digital banking brings with it features which give it the edge over traditional banking services. Paperless processes, for example, mean greater transparency and allow for better and more efficient use of data. This means AI can be employed to search documents, as well as provide verification. It also means compliance processes, often notoriously complicated, become easier to track. Indeed, digitising time intensive manual process means the risk of human error in the compliance process is reduced.

Digital banking can also better integrate transaction monitoring tools, helping businesses identify fraud and irregularity more quickly. This can be hugely important, especially in the times of heightened risk we find ourselves in, where falling foul of a sanctions regime could have significant legal, financial and reputational consequences.

Cross-border business

Our world is increasingly globalised, and so is business. For corporate and institutional banking customers, being able to operate seamlessly across borders is key to the operation of their business.

This brings with it challenges, which are again compounded by difficult geopolitical and economic circumstances. In recent weeks for example, we’ve seen significant flux on FX markets which can have real consequences for businesses or institutional investors who are buying and selling assets in multiple currencies and jurisdictions. The ability to move quickly then, and transact in a currency of choice, is vital. Advanced digital banking platforms can help – offering automated money market fund sweeps in multiple core currencies to help their clients optimise their investment returns and effectively manage liquidity.

Control admin uncertainty

In times of uncertainty, digital banking can provide additional comfort via customisable multi-level payment approvals to enhance control of what is being paid out of business accounts, with custom limits available for different users or members of a team. Transparency and accountability are also essential, with corporate clients requiring fully integrated digital reporting and statements and instant visibility with transaction cost and  balances updated in real-time.

Outlook

For some, the perception remains that digital banking is the upstart industry trying to offer the services that the traditional banking industry has built itself upon. Increasingly however, the reality is that the pressure is on traditional banks to try and stake a claim to some of the territory being taken by digital first financial services.

With a whole range of features built in which make them well suited to business in a digital world, digital banking is on a growth trajectory. Until now, much of the focus has been upon the roll-out of services to retail consumers, but with features such as automated compliance, effortless international transactions and powerful AI coming as standard for many digital banks, the digital offering to the corporate world looks increasingly attractive.

Continue Reading

Magazine

Trending

Business8 hours ago

Solving the Future of Decarbonisation in Real-Time

Jamil  Ahmed, Distinguished Engineer at Solace   The energy sector has faced many disruptions and challenges in recent years, from...

Banking14 hours ago

Resilient technology is the most important factor for successful online banking services

By James McCarthy, Director of Solutions Engineering, NS1   More than 90 percent of people in the UK use online...

Technology15 hours ago

Why anti-spoofing fingerprint technology is essential for the continued growth of digital payments

Anthony Eaton, CTO, IDEX Biometrics   The digital payments revolution is being driven by consumer demand for ever increasing convenience....

Finance15 hours ago

Why Financial Services must ‘Change its Change’ to deliver results

By Hervé Mazenod, Managing Director, Financial Services Sector at Webhelp  You can almost hear the collective sigh of relief from financial...

News15 hours ago

Real-time payments are here to stay and with good reason 

Real-time Payment (RtP) models are here to stay for the foreseeable future alongside traditional payment schemes. But as businesses increasingly...

Business15 hours ago

Criminal Minds: Account Opening Fraud Tactics put to the Test

By Raj Dasgupta, Director, Global Advisory, BioCatch   The last two years have created a perfect storm for account opening...

Business4 days ago

Know Your Business (KYB): Exceeding KYC

Victor Fredung, CEO at Shufti Pro   Money laundering costs the UK more than £100 billion pounds a year, according...

Finance1 week ago

Mini-Budget 2022:

Tax giveaway is a boost for business, but will it drive growth or fuel inflation?   Chancellor Kwasi Kwarteng has...

Finance1 week ago

A zero trust environment is critical for financial services

Boris Bialek, Managing Director of Industry Solutions at MongoDB Not long ago security professionals were still focused on protecting their...

Banking1 week ago

Digital Banking – a hedge against uncertainty?

Ankit Shah, Head of Digital Banking, Apex Group   The story of the 2020’s thus far is one of crisis....

News2 weeks ago

Union Bank of India goes live with RuPay Credit Card on UPI with Kiya.ai as a technology partner

Nitesh Ranjan, ED Union Bank of India with Rajesh Mirjankar, Managing Director & CEO, Kiya.ai at the launch   Kiya.ai,...

Finance2 weeks ago

Anyone Can Become an R&D Tax Expert with the Right Foundations

Ian Cashin is a Customer Success Manager at Fintech company and R&D tax software provider WhisperClaims   For accounting firms,...

Business2 weeks ago

Addressing the ongoing global pilot shortage issue

By Bhanu Choudhrie, Founder of Alpha Aviation   The Covid-19 pandemic brought the aviation industry to a halt, causing vast...

Business2 weeks ago

How exporters can mitigate risks and operate smoothly in stormy, post-Brexit waters

By Morgan Terigi is Co-Founder and CEO of Incomlend   The past few years have presented a series of hurdles...

Business2 weeks ago

From employees to customers, workforce management can benefit the entire banking ecosystem

Michael Cupps, SVP of Marketing of ActiveOps explores the significant impact workforce management can have on the employees and customers...

Business2 weeks ago

Redefining the human touch with digital transformation

Simon Kearsley, CEO of bluQube   It may not be a new phrase, but digital transformation is still inducing anxiety...

Finance2 weeks ago

CFOs – the forgotten ally in the fight against ransomware

Justin Vaughan-Brown, VP Market Insight at Deep Instinct   Ransomware attacks have nearly doubled in the past couple of years....

Technology2 weeks ago

7 cost benefits of cloud accounting software

By Paul Sparkes, Commercial Director of iplicit, an award-winning accounting software developer   Is your accounting software having a laugh...

Business2 weeks ago

How does Identity Access & Privileged Access Management help in PCI DSS Compliance?

Narendra Sahoo is a director of VISTA InfoSec. Introduction The Payment Card Industry Data Security Standard also commonly referred to...

Finance2 weeks ago

Listed private debt deserves a closer look from investors

By Michel Degosciu, Managing Partner, LPX AG Over the past few years, the private debt asset class is attracting serious...

Trending