Connect with us

Top 10

AUTOMATING FINANCE SECURITY

Published

on

FINANCE

By Faiz Shuja, co-founder at SIRP

The financial (finance) sector today is dominated by all things digital. Consumers and businesses alike can now manage everything from paying bills to applying for loans entirely through online services, eliminating the need for many traditional face-to-face services. Agile young challenger banks built entirely around digital native approaches have emerged to claim large chunks of the market. Established banks meanwhile have been heavily investing in their own capabilities.

Traditionally slower than other industries to adopt new technologies the financial sector, under pressure to stay competitive and relevant is widely embracing the digital switch-over. IDG estimates that this investment will produce worldwide compound annual growth in digital transformation of 20.4 percent between 2017 and 2022. It puts the finance sector above average compared to other industries.

Trading conditions arising from the Covid-19 pandemic are further accelerating the race to go digital. Housebound high street customers are increasingly accessing their accounts online while staff across all operational areas are working remotely.

However, as banks and other financial organisations expand their digital footprints, they also increase their exposure to cyber threats. Investment in digital transformation must therefore be matched by attention to security capabilities.

 

FINANCE

Faiz Shuja

Finance in the firing line

Most cyber-attacks are the work of opportunist criminals on the hunt for a big payday. Given the sector’s close relationship with managing capital in all its forms, it’s scarcely surprising that financial institutions are among the most popular targets for cyber criminals seeking quick profit. Indeed, a recent report from the IMF states that the high volume of sensitive financial information held by banks makes them “one of the most highly targeted economic sectors for data breaches”.

Finance firms face a variety of cyber threats. By far the greatest risk is posed by APTs (advanced persistent threats), often planted by criminal gangs or state-sponsored threat actors. A data breach could mean crucial financial information from millions of customers is stolen, or the withdrawal of large sums of money.

The sector also tempts insiders to misuse their knowledge and access privileges to beat security for personal gain. Unwelcome outcomes include insider trading activity or direct data breaches. The Capital One data breach was a prime example.

Alongside direct network infrastructure attacks, the sector must also contend with threats aimed at customers. Phishing attacks – emails that impersonate the company’s trusted brand – are a common way to trick customers into divulging personal or financial information.

 

Keeping up with digital threats

Financial organisations have always been tempting targets for criminals, from simple smash-and-grab bank robberies to sophisticated fraud schemes. It’s one of the reasons they are one of the world’s most heavily regulated industries. As a result, the finance sector is highly mature in respect of policies and procedures governing data privacy and security.

Cyber crime, however, presents a very different proposition. Threat actors continually adapt their tactics to find new vulnerabilities and penetrate defences. To protect their capital and their customers from these ever-evolving threats, banks and other financial institutions must match their antagonists for agility.

Accordingly, they have invested heavily in threat detection and prevention technology. Measures typically include web and app security to reduce exploitation of online and mobile customer interfaces, EDR (endpoint detection and response) to identify attacks on internal devices, and behavioural analytics to detect unusual user activity that signifies both external intruders and malicious insiders.

 

Accelerating with automation

To truly keep up with aggressive, fast-moving threats such as APT groups, detection and prevention measures are not enough. Banks must also be able to respond to and shut down attacks before they cause significant damage.

Once a threat is detected, it can take around 45-60 minutes before security analysts investigate and respond. Each minute that ticks by increases the chances of the threat actor exfiltrating essential data or causing significant damage to the network.

It’s not just about time either. Security teams are also responsible for managing high volumes of alerts. Research has found that security teams with too many incoming alerts will often either disable certain alert functions to reduce the numbers, or simply ignore some alerts entirely. In both cases the chance of incurring a serious breach goes up.

Keeping up requires financial firms to automate as much of the response process as possible. While there’s no substitute for professional security analysts to scrutinize and resolve advanced threats, today’s automated systems can handle much of the time-consuming investigative workload.

Automation, however, is only effective when current processes and business demands are properly understood. Furthermore, it is impossible to automate everything overnight. Firms must assess their current situation and start with the areas that will benefit most.

The systems that generate the largest threat alert volumes, typically phishing or web-based attack analytics, are a good place to start. Automating these first immediately eases the burden on security resources.

Organisations should also adopt a risk-based approach to automating security management processes. This means ranking potential threats according to their potential to damage the business. Sometimes this is obvious – for example if a receptionist and the CEO are repeatedly on the receiving end of attacks – responding to the latter is a clear priority. However, it is not always so clear cut. Automation tools like Security Orchestration and Response (SOAR) offer a risk-based approach tailored to an organisation’s unique structure and objectives. Having set these thresholds, the organisation can pass alerts from their SIEM (Security Information and Event Management) systems through them to form a dashboard. From the intelligence provided by these dashboards, security teams can quickly identify which threats are the most serious and prioritise steps to mitigate them.

As the financial sector continues to digitise, it will remain a top target for cyber criminals. The evidence is that attacks are increasing in both volume and sophistication. Using automation to increase the speed and efficiency of their response capabilities, provides financial institutions with a fighting chance of keeping one step ahead of adversaries as they continue their digital transformation journeys.

 

Top 10

Pro Tips To Consider Before You Decide To Refinance Your Vacation

Published

on

By

Refinancing debt is when you attempt to apply for a new loan or debt instrument. The goal is to get more favorable terms than you had with your previous contract, such as a lower interest rate or longer term. It’s a fairly common thing for people in debt to try and do.

Vacation refinancing occurs when you take out vacation loans from a lending entity, such as a bank, credit union, or credit card company. Then, you try to refinance that particular debt. In some instances, it may work in your favor.

There are a few factors that you should consider before you move in this direction, though. We’ll talk about some of them right now.

 

1. Lower Interest Rates

Refinancing isn’t typically very hard to do if you can find an entity willing to work with you. That’s true with vacation debt and debt stemming from other things as well.

However, it is never to your benefit to refinance if you can’t get a better interest rate. This is certainly the case with vacation debt refinancing. A lower rate should be one of your main priorities if you’re pursuing this option.

If you can’t find an entity willing to give you a better interest rate if you refinance your vacation debt with them, it’s not going to be worth your time.

 

2. Simplification

It’s also possible that you didn’t get a single loan, but that you spread out the costs of your vacation among a few different credit cards.

If so, you may want to refinance your vacation debt. In this scenario, you’re paying several different entities instead of one, which can get a little confusing. Maybe you have vacation debt on a few different cards with different interest rates and payment dates.

Refinancing can simplify paying back the money you owe from that vacation. Just like refinancing for other financial obligations, you can usually set up a system where you’re paying back only one lending entity, and you owe a set amount to them on the same day each month.

 

3. Compare Offers

A mistake that those with vacation debt sometimes make is taking the first refinancing offer they get because they feel like the terms are acceptable. Maybe they are, but it does no harm to shop around to see if you can find better terms.

It’s helpful to understand that many lending entities will want you to refinance with them. They can potentially make a profit from the deal from both interest and maintenance fees. Because of that, you’ll want to compare rates from different lending entities before you refinance your vacation debt with them.

 

Vacation Refinancing Can Be a Smart Move

Refinancing debt from your vacation may make sense from a financial standpoint. You’ll always want to compare rates from any companies that offer you this option. You might use a spreadsheet to see which one looks the most favorable.

You should also only refinance vacation debt if it will result in a lower interest rate on your debt. The least amount of interest you need to pay on your vacation debt over time, the better.

Simplification is one more factor that might go into this decision. If you have several entities to which you’re paying money stemming from vacation expenses, such as credit card companies, it can make your life easier to refinance with a single company. That way, you’re paying only one entity a set rate one time per month.

Refinancing vacation debt can often benefit you, and it’s certainly worth looking into for the reasons we mentioned.

Continue Reading

Business

Out of office, home and away, moving up, moving on; when security goes AWOL

Published

on

By

Steve Bradford, Senior Vice President EMEA, SailPoint 

 

The financial services industry has one of the highest rates of insider data breaches, costing on average $21.25 million in the past year alone. Whether it’s an employee acting with malicious intent, or through accidental data mishandling, staff have access to sensitive information and systems that make them a constant vulnerability. And this threat only escalates when staff go on the move.

With the summer holiday season upon us, thoughts will be turning to well-deserved time off, travel and downtime. However, for many, especially in the financial industry, the notion of waiting until the summer months to sample a new life was not feasible. In the period following Covid, the industry has suffered at the hands of the Great Resignation as burnt-out employees left for new roles. As a result, research from PwC suggests that financial services leaders have had to prioritise employee retention amid the swathes of staff exiting.

This exodus is not just a threat to the workforce itself. It also results in greater threats to resilience, security and compliance. Ensuring that the doors to the organisation’s data are appropriately locked behind them is vital whenever employees are on the move. When a staff member leaves a bank or financial institution, security leaders must ensure they have not inadvertently handed over the keys to the safe as a leaving present. Revoking any and all access and privileges to company data must be a priority.

 

Don’t leave the door ajar 

Disorganised, ill-managed and manually-processed access requirements and identity management protocols are an open invite for security breaches.

However, it is not just those leaving for good that pose a threat. Recently promoted your long-serving payroll manager to a longed-for role in financial oversight? That positive move could result in entitlement creep, where the permissions to data, apps, information and systems she enjoyed in payroll follow her to her new home.

Permission creepers are those staff who collect permissions and access rights as they go through their career, picking up credentials to systems and data as they go. Of course, to restrict the opportunities for hacking, insider threat or illegal or incompliant activity, permissions should only be granted when relevant and required for an individual’s job. However, too many companies allow permissions to creep by not taking a proactive approach to access. This can result in toxic permissions combinations, where employees are granted inappropriate access to the systems, making fraud and error far more likely.

Even a simple summer holiday can provide an open-door opportunity. We are all conscious about signaling to would-be home burglars that we are going away on holiday, and we will take steps to protect our property in our absence. The same principle applies to businesses with staff out of the office on vacation – potentially logging in from insecure locations or signaling to cybercriminals that their attention is elsewhere.

The results of leaving the door ajar are costly. According to the IBM Cost of a Data Breach Report 2021, the average cost of a data breach in the financial sector is $5.72 million.

Permissions creep, unrevoked access and unmanaged identity provide the perfect conditions for the insider threat to propagate. As Gaurav Deep Singh Johar, of the Information Systems Audit and Control Association explained, “While these challenges are present in any institution, insider threats pose a greater risk for banks. There is a big reputational impact, thanks in part to increasing regulatory oversight.”

 

Don’t let permissions security set sail into the sunset

Financial organisations are complex landscapes, with labyrinthine corporate structures and siloes that cast a dark shadow over access and identity visibility. However, identity security technology is moving fast. Now, automated systems powered by AI and machine learning mean that permissions can be automated and access granted on a need-to-know basis, based on individuals’ employment status, roles, and responsibilities.

An automated system will quickly track down and disable ex-employees’ accounts and automatically halt permissions creep as employees move about the organisation.

The same technology can now also be even more diligent than that, monitoring access requirements based on any change in the workforce, like people being out of the office.

The evolving variety and fluctuating workforce mean that the insider threat can only be met with automated, streamlined identity security that moves as quickly as employees themselves. Without intelligent, streamlined identity governance, banks cannot ensure they are in a state of compliance, nor ensure cybersecurity in real-time. They also miss out on opportunities to improve operational efficiency and reduce the risk of fraud and error. Automation also ensures the accuracy and completeness of data sets so critical for keeping on top of compliance and delivering critical services.

As financial workforces are on the move, home and away and to pastures new, now is the time for banks to give identity security its time in the sun. Do not let shifting sands collapse the walls around you. Wherever your employees are coming from and going to, robust security and sustained compliance start with automated identity management.

 

Continue Reading

Magazine

Trending

Business20 hours ago

Four ways traders can manage risk

By Dáire Ferguson, CEO at AvaTrade   Understanding the markets in which you are trading is incredibly important to optimising...

Top 101 day ago

Pro Tips To Consider Before You Decide To Refinance Your Vacation

Refinancing debt is when you attempt to apply for a new loan or debt instrument. The goal is to get...

Finance1 day ago

The Rise of the Modern CFO: A Leader for the Information Age

Adam Zoucha, Managing Director, FloQast EMEA   Financial management is one of the oldest professions in the world, and for...

Business1 day ago

Out of office, home and away, moving up, moving on; when security goes AWOL

Steve Bradford, Senior Vice President EMEA, SailPoint    The financial services industry has one of the highest rates of insider...

Top 101 day ago

Looking to the future: How the insurance sector can meet new customer demands

By James Harrison, Head of Insurance at Dun & Bradstreet   It’s been over two years since the pandemic began,...

Business1 day ago

How IT optimisation can reduce costs and increase efficiency for businesses

by Alan Hayward, Sales and Marketing Manager, SEH Technology   In today’s digital world, business success is centred around technology....

The data literacy gap The data literacy gap
Business1 day ago

How Strong Customer Authentication can Prevent Cart Abandonment

Sham Careem, Telecom Solutions Consultant, Infobip   In 2020-21, UK residents and businesses lost over £2.5bn to fraud and cyber-crime....

News1 day ago

OneID® is now a certified Digital Identity Service Provider (ISP) under the UK Digital Identity & Attributes Trust Framework (DIATF)

OneID® is now a certified Digital Identity Service Provider (ISP) under the UK Digital Identity & Attributes Trust Framework (DIATF)...

News1 day ago

Lack of corporate disclosures forces asset managers to cast a wide net for ESG data

Buy-side financial services firms using an average of close to ten ESG sources today   More than seven out of...

Business1 day ago

Why mid-sized businesses are the driving force behind global B2B payment innovation

By Spencer Hanlon, Head of Europe, Nium   Change is coming to global B2B payments, and it is being heavily...

Business2 days ago

Finance brands need a new approach in the Privacy-first era

By Richard Wheaton, UK MD of global data company fifty-five   Trust is a brand value that pertains to every...

Finance2 days ago

Why You Should Work on Your Financial Literacy

Ebo Aneju   A lack of financial understanding plagues our society. Most people have very little understanding of finances, which...

Business3 days ago

A new beginning for financial services B2B marketing

Michael Richards, Managing Director, alan agency   Financial services B2B marketing is dead. A bold statement with B2B ad spend...

Finance3 days ago

Boosting Blockchain Security with Graph Technology

Dan McGary is Senior Sales Executive for Mid-Market Enterprise East at graph database leader Neo4j   As blockchain-backed cryptocurrencies become...

Business3 days ago

Need a business broadband package? Here’s what you need to know

Author: Kerry Fawcett, Digital Director at Radius Payment Solutions   Does your business have a broadband supply that is speedy,...

Finance3 days ago

Double and triple extortion tactics cornering financial services organisations

By Ian Wood, Senior Director and Head of Technology, UK&I at Veritas Technologies   Ransomware continues to keep those in...

Banking3 days ago

How are Variable Recurring Payments set to revolutionise the future of banking?

Sean Devaney, Vice President of Banking and Financial Markets at CGI UK   The adoption of Variable Recurring Payments (VRP)...

Top 103 days ago

Energy Storage Represents Latest Investment Opportunity in the Clean Energy Transition

Alan Greenshields, Director of Europe, ESS Inc.  The ongoing transition to clean energy has spurred new technologies, new markets and...

Business4 days ago

Innovate UK £25 million up for grabs: July deadline approaching

By Emma Lewis, Myriad Associates   The latest instalment of Innovate UK’s SMART grant competition was launched in April and...

Business4 days ago

Is telephone Hot Desking really needed anymore?

By Simon Horton, VP of International Sales at Sangoma   The world of work has totally transformed as we all...

Trending