Connect with us

Top 10

AUTOMATING FINANCE SECURITY

Published

on

FINANCE

By Faiz Shuja, co-founder at SIRP

The financial (finance) sector today is dominated by all things digital. Consumers and businesses alike can now manage everything from paying bills to applying for loans entirely through online services, eliminating the need for many traditional face-to-face services. Agile young challenger banks built entirely around digital native approaches have emerged to claim large chunks of the market. Established banks meanwhile have been heavily investing in their own capabilities.

Traditionally slower than other industries to adopt new technologies the financial sector, under pressure to stay competitive and relevant is widely embracing the digital switch-over. IDG estimates that this investment will produce worldwide compound annual growth in digital transformation of 20.4 percent between 2017 and 2022. It puts the finance sector above average compared to other industries.

Trading conditions arising from the Covid-19 pandemic are further accelerating the race to go digital. Housebound high street customers are increasingly accessing their accounts online while staff across all operational areas are working remotely.

However, as banks and other financial organisations expand their digital footprints, they also increase their exposure to cyber threats. Investment in digital transformation must therefore be matched by attention to security capabilities.

 

FINANCE

Faiz Shuja

Finance in the firing line

Most cyber-attacks are the work of opportunist criminals on the hunt for a big payday. Given the sector’s close relationship with managing capital in all its forms, it’s scarcely surprising that financial institutions are among the most popular targets for cyber criminals seeking quick profit. Indeed, a recent report from the IMF states that the high volume of sensitive financial information held by banks makes them “one of the most highly targeted economic sectors for data breaches”.

Finance firms face a variety of cyber threats. By far the greatest risk is posed by APTs (advanced persistent threats), often planted by criminal gangs or state-sponsored threat actors. A data breach could mean crucial financial information from millions of customers is stolen, or the withdrawal of large sums of money.

The sector also tempts insiders to misuse their knowledge and access privileges to beat security for personal gain. Unwelcome outcomes include insider trading activity or direct data breaches. The Capital One data breach was a prime example.

Alongside direct network infrastructure attacks, the sector must also contend with threats aimed at customers. Phishing attacks – emails that impersonate the company’s trusted brand – are a common way to trick customers into divulging personal or financial information.

 

Keeping up with digital threats

Financial organisations have always been tempting targets for criminals, from simple smash-and-grab bank robberies to sophisticated fraud schemes. It’s one of the reasons they are one of the world’s most heavily regulated industries. As a result, the finance sector is highly mature in respect of policies and procedures governing data privacy and security.

Cyber crime, however, presents a very different proposition. Threat actors continually adapt their tactics to find new vulnerabilities and penetrate defences. To protect their capital and their customers from these ever-evolving threats, banks and other financial institutions must match their antagonists for agility.

Accordingly, they have invested heavily in threat detection and prevention technology. Measures typically include web and app security to reduce exploitation of online and mobile customer interfaces, EDR (endpoint detection and response) to identify attacks on internal devices, and behavioural analytics to detect unusual user activity that signifies both external intruders and malicious insiders.

 

Accelerating with automation

To truly keep up with aggressive, fast-moving threats such as APT groups, detection and prevention measures are not enough. Banks must also be able to respond to and shut down attacks before they cause significant damage.

Once a threat is detected, it can take around 45-60 minutes before security analysts investigate and respond. Each minute that ticks by increases the chances of the threat actor exfiltrating essential data or causing significant damage to the network.

It’s not just about time either. Security teams are also responsible for managing high volumes of alerts. Research has found that security teams with too many incoming alerts will often either disable certain alert functions to reduce the numbers, or simply ignore some alerts entirely. In both cases the chance of incurring a serious breach goes up.

Keeping up requires financial firms to automate as much of the response process as possible. While there’s no substitute for professional security analysts to scrutinize and resolve advanced threats, today’s automated systems can handle much of the time-consuming investigative workload.

Automation, however, is only effective when current processes and business demands are properly understood. Furthermore, it is impossible to automate everything overnight. Firms must assess their current situation and start with the areas that will benefit most.

The systems that generate the largest threat alert volumes, typically phishing or web-based attack analytics, are a good place to start. Automating these first immediately eases the burden on security resources.

Organisations should also adopt a risk-based approach to automating security management processes. This means ranking potential threats according to their potential to damage the business. Sometimes this is obvious – for example if a receptionist and the CEO are repeatedly on the receiving end of attacks – responding to the latter is a clear priority. However, it is not always so clear cut. Automation tools like Security Orchestration and Response (SOAR) offer a risk-based approach tailored to an organisation’s unique structure and objectives. Having set these thresholds, the organisation can pass alerts from their SIEM (Security Information and Event Management) systems through them to form a dashboard. From the intelligence provided by these dashboards, security teams can quickly identify which threats are the most serious and prioritise steps to mitigate them.

As the financial sector continues to digitise, it will remain a top target for cyber criminals. The evidence is that attacks are increasing in both volume and sophistication. Using automation to increase the speed and efficiency of their response capabilities, provides financial institutions with a fighting chance of keeping one step ahead of adversaries as they continue their digital transformation journeys.

 

Business

JUMP-STARTING PROCUREMENT TRANSFORMATION WITH A CLEAR AND REALISTIC PLAN

Published

on

By

by Alex Klein, COO at Efficio Consulting

 

Following a period of ongoing economic uncertainty, business spend has risen high up on the C-Suite agenda, with the procurement function shifted into the hot seat as the enablers of not only rapid cost-cutting but future profitability. In fact, according to Efficio’s experts and authors of recently released PROFIT FROM PROCUREMENT, companies that break down the silos between departments and effectively optimise the procurement function can expect to add 30% to their bottom line.

But where to begin? In order to successfully embark on a roadmap to profitability, a concrete and realistic plan must be put in place – one that has clear objectives and actions agreed amongst all involved. Unfortunately, this is not something that can be achieved overnight. As with anything worth having, this involves a program of gradual transformation and is likely to take no less than 18 months to really drive an impact. With a long lead time to success, the CPO must ensure that the program makes the desired splash – proving its value and keeping internal stakeholders engaged throughout. This requires a plan that will have a high impact, high visibility, cross-functionality, and be fully resourced. Only then can procurement’s profit potential be truly unleashed.

 

Take a step back and listen

When embarking on a Procurement Transformation mission, getting to know the key stakeholders involved will be a crucial first step to getting the project off the ground. Whether that be the CEO, CFO, functional heads, or business unit heads – the CPO must take the time to listen and understand their expectations, needs, and requirements before a vision for the road ahead can be formed.

Suppliers are often forgotten in this mix, yet they are equally as crucial. Questions need to be asked, such as – what improvement options do they see? How could they help us to reduce cost? And how can we help them in return? What each stakeholder wants from procurement, and where they see value will likely differ, so it is important to have all cards on the table upfront. Not only should these considerations sit at the heart of your plan, but they can actually assist in making it a reality.

 

Determining the desired outcomes

Next up, and at the top of the pyramid that comprises your plan, needs to be a clear vision. Whilst the outcome of your efforts may seem pre-defined – such as, to cut costs and release profitability – the scope of this can span as wide or as narrow as you’d like. Now is the time to consider how far you want to stretch this outcome, and the only way to determine this is to ask yourself, “what does the next level of procurement look like in my organisation”?

This procurement vision, of course needs to link back to the businesses overall corporate strategy. For example, if the business is looking towards aggressive growth, procurement should help facilitate this by aiming for scalability. If the strategy is to rapidly digitise, procurement can play a part in digitising the supply chain.

As part of this vision, the CPO must also consider their desired role and remit. For example, how do you see procurement’s way of working changing? How do you see your procurement people interacting with the rest of the business? What do you want your suppliers to say about you?  Once defined, a clear ambition can keep Procurement Transformation on track and aligned. Without it, and with every stakeholder having varying needs, the desired outcome can quickly become lost.

 

Establishing a step by step improvement plan

So, you now have a solid vision – you’ve spent time listening to your internal customers – surely, you’re now ready to focus on getting there? Not so fast – you now need to think about the various facets of the function, including the organisation, people, and processes to establish where you currently stand. This will act as a baseline, in which a roadmap can then be developed and will require set objectives along the way to keep the journey on track. “House of Procurement tools” can be particularly effective here – these frameworks break down the procurement function in terms of strategy, organisation, people, processes, and systems – marking them against a benchmark of bad, average, and good. By plotting against this framework, you can tackle transformation in chunks, setting concreate objectives as a sub-factor level.

Once the current state of play has been established, the goal can then be plotted at the other end of the roadmap, with the activities needed to get to this end goal plotted in between. Key to plotting such a roadmap will be a review of which activities matter, what people are doing currently, and whether these tasks having a meaningful impact. This may require a restructure of the current team, which may require investing in additional strategic procurement resources as well as upgrading internal capability.

Nevertheless, this plan must be granular, and it must be actionable. It is all well and good having great ambition, but it is nothing unless you know exactly how and what it takes to get there. Transformation takes time, and it will certainly not happen overnight, so make sure to break down your roadmap into smaller, more achievable, chunks. Rather than focusing on a single  end goal 18 months down the track, ensure you have milestones to aim for after month three and month six, that contribute to the overall picture. Assembling such a plan is no easy task, but it is the very foundation needed for procurement teams to jump-start transformation.

So, what comes next? Buy in from the rest of the business of course. After all, a plan can only be successful once it has board level approval and sufficient investment. In part two of this series, Alex Klein will explore the stages that follow, including: developing a savings execution plan, building a business case for procurement investment, and ensuring program structure and governance.

 

Continue Reading

Finance

THE IMPORTANCE OF MANAGING DATA RISK IN THE FINANCE FUNCTION 

Published

on

By

Written by Steph Charbonneau, Senior Director of Product Strategy, Vera by HelpSystems  

 

CFOs and financial controllers play a pivotal role in how organisations evaluate and manage data risk. Analyst firm Gartner reports that more than 30% of organisations will use financial risk assessments of their data assets to prioritise investment choices for IT, analytics, security, and privacy by 2022.

Data is particularly at risk within the finance function. Sensitive data such as customer and supplier information, financial statements, and personnel records are processed and shared daily both inside and with vendors outside the organisation. The finance team communicates with banks, auditors, and lawyers on a regular basis and while laws and policies exist to provide protection, there’s no certainty as to where your data could end up, and you can’t control it once it is sent. The information that resides outside the organisation’s security perimeter is accessible with equal permissions, meaning access is not restricted once someone gains it.

 

Assess Your Vulnerability 

All of this presents an immense risk. Understanding what the risks and potential costs are is an important component of organisational planning. How would the organisation react if sensitive information were disseminated to the wrong audience? What could it cost? Simply thinking ‘it won’t happen to me’ or assuming a party erroneously receiving sensitive data will act with integrity and delete the information can no longer be justified. Data breaches are common and can have a significant impact on your business.

The financial risk of a data breach is typically the cost of lost revenue, compliance challenges, cost of litigation, privacy regulation penalties, and reputational damage. Revenue loss risk and litigation costs risk are tangible impacts that can be measured. However, it is more difficult to quantify the probability. On that front, understanding your data’s level of vulnerability is important. If you are SOC2 compliant, your risk will be mitigated by the controls within the internal bounds of your system. On the flip side, it is difficult to assess the probability for data that leaves your repositories. Internal compliance, including SOC2, cannot address it.

Thankfully, there’s a multitude of methods to protect assets and minimise your cyber risk. Consider securing and managing your data with technology like digital rights management (DRM), data loss prevention (DLP), data classification and security incident and event management (SIEM) software. There are network controls you can put in place, and you should have a process for evaluating the security of any apps you use to minimise your vulnerability. Evaluate your cyber risk holistically to ensure nothing slips through the net, otherwise your vulnerability remains.

 

Implementing Data Security Best Practices

Cybersecurity can be very complex depending on the size and industry of the organisation. New attack methods and new technologies to deal with those attack vectors show up all the time. To maximise efforts at assessing security risk, allocate resources so the most effective tools and strategies (such as encryption or digital rights management) are used to protect the most important information assets.

Finance leaders should follow these best practices to manage their team’s cyber risk.

  • Identify exposures in either tools or processes and work with the IT team to close the gaps in security.
  • Classify your files and with it, understand where your sensitive data is located and how access is provided to parties that need it, especially those outside your organisation. Company policies and processes often overlook, or have no direct control of, data outside the organisation so this awareness is important.
  • Adopt a zero-trust approach to protecting your sensitive data and implement technology that allows you to manage your risk. Software such as digital rights management,for example, protects your most valuable data assets no matter where they travel, allowing you to secure, track, audit, and revoke access if data accidentally or maliciously falls into the wrong hands.
  • Educate and train finance team members to recognise and manage risk. Employees need to understand the importance of the data they are using and have access to the right tools and processes so that it is handled correctly.

 

Protect Your Most Valuable Assets

Evaluating an organisation’s cyber risk starts with clearly understanding the company’s risk tolerance. Is the organisation risk tolerant, or extremely risk averse? The answer may differ depending on what needs to be protected and what industry you operate in. In the finance function, what level of risk are you willing to accept and still justify and defend to stakeholders? Start by identifying those assets where the risk is unacceptable and where access needs to be carefully controlled and managed and focus your execution from there.

 

Continue Reading

Magazine

Trending

News20 hours ago

FINTECH COMPANY PAYEN CHOOSES AQILLA FOR ITS LIMITLESS SCALABILITY AND SUPERIOR MULTI-CURRENCY FEATURES

Payen is a fast-growing FinTech company that provides gateway Payment and FX services to online merchants. Having launched in 2010,...

Business20 hours ago

THE ACCELERATION TOWARDS A MOBILE FIRST ECONOMY

By Brad Hyett, CEO at phos   Over the last year, we have seen a big shift towards contactless payments....

News20 hours ago

NEW RESEARCH REVEALS KEY ROLE OF KYC COMPLIANCE IN DRIVING CUSTOMER LOYALTY, ADVOCACY AND NEW BUSINESS

The impact of financial crime for institutions goes beyond crippling fines   A piece of original research conducted by RegTech...

Business20 hours ago

HOW MERCHANTS CAN IMPROVE THE ONLINE PAYMENTS EXPERIENCE

By Alan Irwin, Senior Director of Product at Global Payments UK   The dramatic increase in online shopping over the...

Business20 hours ago

JUMP-STARTING PROCUREMENT TRANSFORMATION WITH A CLEAR AND REALISTIC PLAN

by Alex Klein, COO at Efficio Consulting   Following a period of ongoing economic uncertainty, business spend has risen high...

Finance21 hours ago

NAVIGATING FINANCIAL SERVICES IN 2021: LOW-CODE TO THE RESCUE

Nick Ford, Chief Technology Evangelist, Mendix   Financial services are the poster child of great digital transformation: today, Britons can...

News21 hours ago

PAYSAFECARD AND NEO EXTEND THEIR SUCCESSFUL PARTNERSHIP

paysafecard, a market leader in eCash payment solutions, and NEO, one of the most successful FIFA teams in the world,...

Finance21 hours ago

WHY THE NORDICS WILL CONTINUE TO LEAD THE WAY IN DIGITAL PAYMENTS

Kriya Patel, CEO, Transact Payments   While the recent introduction of PSD2 — the second iteration of the EU’s Payment...

Banking2 days ago

COMBINED RISE OF M&A AND CYBER RISK CREATES STORMY SEAS FOR INVESTORS

UK organisations carrying out merger and acquisition (M&A) activities must improve pre-acquisition due diligence of software vulnerabilities By Philippe Thomas,...

News2 days ago

PPRO CLAMPS DOWN ON FINANCIAL CRIME RISKS, PARTNERING WITH AND INVESTING IN AI-DRIVEN TRANSACTION MONITORING STARTUP SENTINELS

PPRO, the leading local payments infrastructure provider, has today announced a strategic partnership and minority investment in Sentinels, Europe’s leading transaction...

Business2 days ago

EMV® IN TRANSIT: WHY AND HOW?

Taoufik Sakhi, Smart Mobility Technical Advisory Director at Fime   Today, contactless cards provide a fast and frictionless payment experience,...

News2 days ago

INSTANDA ENTERS THE MIDDLE EASTERN MARKETPLACE

INSTANDA expands global footprint by working with new client, NewTechMe  First product distributed in the Middle East  Announcement signals INSTANDA’s understanding of NewTechMe’s vision to drive digital transformation in UAE...

News2 days ago

RGU LEADS EUROPEAN INTER-REGIONAL NORTH SEA PARTNERSHIP TO HELP HOMEOWNERS IMPROVE ENERGY EFFICIENCY

NB: Image from left to right includes:   Mike Bauermeister, Kishorn Insulations, Jamal Alabid, RGU, Amar Bennadji, RGU, Richard Laing, RGU,...

News2 days ago

JUMIO APPOINTS JENNIFER N. HARRIS TO BOARD OF DIRECTORS

Addition of veteran CFO comes amid period of record growth and product expansion at Jumio   Jumio, the leading provider...

News2 days ago

WISE LAUNCHES ASSETS, YOUR WISE ACCOUNT INVESTED IN THE WORLD’S LARGEST COMPANIES

Assets offers current account flexibility, with the potential for investment returns Wise, the global technology company building the best way...

Finance2 days ago

A CHECKLIST FOR RETRENCHMENT READINESS

By Shelley van der Westhuizen, head of financial well-being strategy & applied research at Alexander Forbes   Your health may not...

News2 days ago

EQUIDUCT LAUNCHES TRADING IN EXCHANGE TRADED FUNDS FOR RETAIL INVESTORS IN EUROPE

Equiduct will offer 436 ETFs and ETPs for trading through Apex   Equiduct, the pan-European retail exchange, announced today that...

Finance4 days ago

THE IMPORTANCE OF MANAGING DATA RISK IN THE FINANCE FUNCTION 

Written by Steph Charbonneau, Senior Director of Product Strategy, Vera by HelpSystems     CFOs and financial controllers play a pivotal role in how organisations evaluate and manage...

Business4 days ago

THE DEMAND FOR BETTER B2B PAYMENTS

By Brandon Spear, CEO, TreviPay   Business-to-consumer (B2C) payments started adapting to digital processes when consumer shopping habits began shifting...

Finance4 days ago

HOW TO BUY USDT AND AVOID THE HIGH VOLATILITY OF CRYPTO

Understanding and breaking down all the different types of crypto can feel like a huge task—there are so many variations...

Trending