Top 10

AUTOMATING FINANCE SECURITY

Published

3 years ago

April 16, 2020

admin

By Faiz Shuja, co-founder at SIRP

The financial (finance) sector today is dominated by all things digital. Consumers and businesses alike can now manage everything from paying bills to applying for loans entirely through online services, eliminating the need for many traditional face-to-face services. Agile young challenger banks built entirely around digital native approaches have emerged to claim large chunks of the market. Established banks meanwhile have been heavily investing in their own capabilities.

Traditionally slower than other industries to adopt new technologies the financial sector, under pressure to stay competitive and relevant is widely embracing the digital switch-over. IDG estimates that this investment will produce worldwide compound annual growth in digital transformation of 20.4 percent between 2017 and 2022. It puts the finance sector above average compared to other industries.

Trading conditions arising from the Covid-19 pandemic are further accelerating the race to go digital. Housebound high street customers are increasingly accessing their accounts online while staff across all operational areas are working remotely.

However, as banks and other financial organisations expand their digital footprints, they also increase their exposure to cyber threats. Investment in digital transformation must therefore be matched by attention to security capabilities.

Faiz Shuja

Finance in the firing line

Most cyber-attacks are the work of opportunist criminals on the hunt for a big payday. Given the sector’s close relationship with managing capital in all its forms, it’s scarcely surprising that financial institutions are among the most popular targets for cyber criminals seeking quick profit. Indeed, a recent report from the IMF states that the high volume of sensitive financial information held by banks makes them “one of the most highly targeted economic sectors for data breaches”.

Finance firms face a variety of cyber threats. By far the greatest risk is posed by APTs (advanced persistent threats), often planted by criminal gangs or state-sponsored threat actors. A data breach could mean crucial financial information from millions of customers is stolen, or the withdrawal of large sums of money.

The sector also tempts insiders to misuse their knowledge and access privileges to beat security for personal gain. Unwelcome outcomes include insider trading activity or direct data breaches. The Capital One data breach was a prime example.

Alongside direct network infrastructure attacks, the sector must also contend with threats aimed at customers. Phishing attacks – emails that impersonate the company’s trusted brand – are a common way to trick customers into divulging personal or financial information.

Keeping up with digital threats

Financial organisations have always been tempting targets for criminals, from simple smash-and-grab bank robberies to sophisticated fraud schemes. It’s one of the reasons they are one of the world’s most heavily regulated industries. As a result, the finance sector is highly mature in respect of policies and procedures governing data privacy and security.

Cyber crime, however, presents a very different proposition. Threat actors continually adapt their tactics to find new vulnerabilities and penetrate defences. To protect their capital and their customers from these ever-evolving threats, banks and other financial institutions must match their antagonists for agility.

Accordingly, they have invested heavily in threat detection and prevention technology. Measures typically include web and app security to reduce exploitation of online and mobile customer interfaces, EDR (endpoint detection and response) to identify attacks on internal devices, and behavioural analytics to detect unusual user activity that signifies both external intruders and malicious insiders.

Accelerating with automation

To truly keep up with aggressive, fast-moving threats such as APT groups, detection and prevention measures are not enough. Banks must also be able to respond to and shut down attacks before they cause significant damage.

Once a threat is detected, it can take around 45-60 minutes before security analysts investigate and respond. Each minute that ticks by increases the chances of the threat actor exfiltrating essential data or causing significant damage to the network.

It’s not just about time either. Security teams are also responsible for managing high volumes of alerts. Research has found that security teams with too many incoming alerts will often either disable certain alert functions to reduce the numbers, or simply ignore some alerts entirely. In both cases the chance of incurring a serious breach goes up.

Keeping up requires financial firms to automate as much of the response process as possible. While there’s no substitute for professional security analysts to scrutinize and resolve advanced threats, today’s automated systems can handle much of the time-consuming investigative workload.

Automation, however, is only effective when current processes and business demands are properly understood. Furthermore, it is impossible to automate everything overnight. Firms must assess their current situation and start with the areas that will benefit most.

The systems that generate the largest threat alert volumes, typically phishing or web-based attack analytics, are a good place to start. Automating these first immediately eases the burden on security resources.

Organisations should also adopt a risk-based approach to automating security management processes. This means ranking potential threats according to their potential to damage the business. Sometimes this is obvious – for example if a receptionist and the CEO are repeatedly on the receiving end of attacks – responding to the latter is a clear priority. However, it is not always so clear cut. Automation tools like Security Orchestration and Response (SOAR) offer a risk-based approach tailored to an organisation’s unique structure and objectives. Having set these thresholds, the organisation can pass alerts from their SIEM (Security Information and Event Management) systems through them to form a dashboard. From the intelligence provided by these dashboards, security teams can quickly identify which threats are the most serious and prioritise steps to mitigate them.

As the financial sector continues to digitise, it will remain a top target for cyber criminals. The evidence is that attacks are increasing in both volume and sophistication. Using automation to increase the speed and efficiency of their response capabilities, provides financial institutions with a fighting chance of keeping one step ahead of adversaries as they continue their digital transformation journeys.

Top 10

5 Often-Overlooked Investment Options To Consider Exploring In 2023

Published

1 week ago

March 17, 2023

admin

When choosing what to invest in, many people will initially focus on the stock market which is considered a more mainstream investment. However, investments are more than stocks, and there is a wide range of alternative investments you can add to your portfolio to not only add growth to your long-term returns but also to spread the risk. If you’re looking to diversify your investments or if you simply want to get started with something different, this guide will cover the overlooked investment options that you should consider in 2023. From investing in EIS schemes and commercial property to commodities and collectables, there is plenty to discover.

EIS Schemes

One of the first on our list of overlooked investments is EIS investment opportunities, one of many flagship policies developed by the UK government to support early-stage companies. With an EIS investment, you would be helping to support businesses in exchange for various tax reliefs. Depending on your circumstances, this could include 30% income tax relief, tax-free gains, CGT deferral, loss relief, or inheritance tax relief. To understand more about investing in EIS schemes and their benefits, head over to Oxford Capital, to learn more.

Property Bonds

When property developers are looking to finance new commercial or residential projects, they typically do so with property bonds. These bonds are used to raise capital for the projects from investors and typically last for a fixed term, between two and five years. This form of investment is attractive due to the higher interest rates, ranging from 4% to 15%, offered in comparison to traditional government bonds, which generally perform at under 4%.

While there is a risk that the project could be abandoned due to external factors such as a rise in material costs, disruptions to supply, and a lack of finances, if the project goes to plan, you will see a return of your original investment as well as any interest accumulated. However, you can also opt to receive the interest payments monthly, quarterly, or annually throughout the course of the project, in which case, at the end of the project, your original investment will be returned with any leftover interest that has not yet been paid.

Commodities

The term commodity encompasses a variety of physical investments you can make. Unlike traditional investments such as stocks, bonds, or funds, these investments have both a use-value and an exchange value. This is because when you invest in commodities, you gain ownership over a small amount of the resource you are investing in. As there is always a need for physical goods, these commodities are an excellent way to diversify your investment portfolio and hedge against inflation, market changes, and the depreciating value of different currencies.

Some of the most common commodities you can invest in include:

Gold.
Agricultural products.
Crude oil.
Precious metals.
Timber.
Diamonds and other precious stones.
Spices, sugar, and salt.

Commercial Property

When looking into properties to invest in, many people choose residential options as they can renovate and sell or rent these homes. However, as the property market can be particularly volatile, a great option when you want to invest in properties is to look to commercial options instead. When it comes to commercial property, there are many ways you can invest, and these include:

Direct investment:This means buying a share or all of a property, which can then be rented out to businesses.
Direct commercial property funds:Often referred to as bricks-and-mortar funds, this is the most popular way to invest in commercial property. With this fund, you invest into a scheme that invests directly into an existing portfolio of commercial properties, which pays out the interest of your investment monthly, quarterly, or annually.
Indirect property funds:Similar to the direct commercial property fund, with this fund, you would invest in a collective investment scheme that invests in the shares of property companies in the stock market.

Peer-To-Peer Lending

Peer-to-peer lending is a risky venture where you would invest directly into start-up enterprises in order to help them get off the ground. It’s an excellent way to help small business owners get going with their dreams while also creating a lucrative investment. When you choose peer-to-peer lending, you loan the start-up a specific amount with the promise to pay back with interest. You can determine a timeline for this, or you can also choose to have the interest paid back monthly, quarterly, or annually.

However, as already mentioned, peer-to-peer lending is a risky venture, as the company you invest in could fail, and in that case, they would default on your loan. With this in mind, before you choose peer-to-peer lending, you should always thoroughly research the start-up’s fundamentals first, as this will give you a better insight into the viability of the business.

Finance

Innovating inclusivity: How invoice financing is diversifying access to financial streams

Published

1 week ago

March 15, 2023

admin

“Entrepreneurs, particularly those in the supply chain in Europe, the United Kingdom, and indeed the rest of the world, frustrated with the lack of access to traditional financial streams should consider invoice financing,” writes Morgan Terigi, Co-Founder and CEO of Incomlend

While the COVID-19 pandemic negatively impacted many businesses, the crisis was a moment of opportunity for others: As norms related to work, schooling, and life changed in the blink of an eye, many entrepreneurs started businesses to address related needs.

Many of these businesses grew dramatically. Now that the pandemic has settled, however, some of these businesses are hitting a plateau. Despite being profitable, they do not have enough working capital to grow the business further. They only have enough to maintain their current levels of profitability, but nothing more.

Some of these entrepreneurs will seek financing the most common way, via a bank loan. Unfortunately, this avenue will likely be inaccessible to them. Bank loans will favor organisations that have been in business for a long time, not those newly formed within the last few years. They may also require collateral that such businesses will not have right now. Some businesses created during the COVID-19 pandemic may meet the bare minimum requirements and go through the lengthy application process. They will meet with a banker, submit the necessary financial documents, including everything from financial statements to trade references, and then wait. This waiting period is actually the longest part and may encompass anywhere from a few weeks to months. After all this bureaucracy, the entrepreneur will get a denial from the bank. But, they will not be getting any financing.

Such time represents a major opportunity cost for the business leader. They could have spent the same amount of time either focused on the operations or seeking capital that is more friendly to newer businesses.

Entrepreneurs, particularly those in the supply chain in Europe, the United Kingdom, and indeed the rest of the world, frustrated with the lack of access to traditional financial streams should consider invoice financing. Many may have heard the term before but may be unsure how it actually works. Invoice financing is simple. Upon onboarding, exporters upload the export receivable that they want to be factored into the invoice financing platform, which then pays them cash in as little as 48 hours. They are spared the need of having to wait anywhere from 60 to 90 to 120 days to collect in a traditional payment cycle. They get working capital, which can be used to grow their business beyond the current plateau.

Invoice financing is also friendly for importers. Following a buyer-led approach, they can also upload their suppliers’ export receivables that they wish to be paid. Their trade partner will likewise be paid within 48 hours, and the importer gains a longer runway, anywhere up to 120 days depending on the terms, to pay back the platform. The importer can thus enjoy more working capital today, rather than worry about paying off vendors. As a result, they can also focus on revenue-generating activities that grow the business.

Investors benefit from both importer- and exporter-led invoice financing because they can back individual receivables or groups of receivables. Either situation represents a promising asset class that offers stable returns.

While invoice financing is subject to similar requirements as more traditional forms of financing – it is a financial instrument after all – it is arguably more accessible. To be eligible, importers or exporters need to have a trade history with their corresponding trade partner. They also do not need to be corporate (i.e. which is the preferred lending partner of banks), invoice financing platforms generally work with SMEs and other enterprises. It also does not require any form of collateral, so it is friendly to businesses without significant assets that they are willing to take a loan against. Finally, invoice financing occurs off-the-balance-sheet, so it does not saddle businesses in debt at a time they need positive income statements the most.

For all these reasons, I think invoice financing should not just be looked at as a financial innovation. It is very much a social one as well, opening up access to financial streams to entrepreneurs in the supply chain who may otherwise not have had access. Invoice financing, in short, has innovated how we extend inclusivity.