Connect with us

Technology

BIOMETRICS, EVOLVED

biometrics

By Farkas Rabai, technical product manager, One Identity 

 

With one third of cybersecurity incidents being identified as previously unseen threats, companies including financial institutions struggle to defend themselves from an enemy they can’t visualise and whose techniques and attack methods are still unknown. One of the ways the financial sector can get ahead of the curve and strengthen their security posture is the use of behavioural biometrics.

 

The sophistication of attacks is on a constant incline. Determined attackers can often integrate numerous components to gradually infiltrate their victim’s network and launch a discreet attack or, on the contrary, launch a vast attack at the most opportune moment. Very often, one of the main vectors is the violation of a user account (a regular user or an administrator with privileged access) via phishing attacks, for example. The reason is simple: if the attacker succeeds in posing as a legitimate user – or if the attacker himself is a collaborator – it becomes difficult to detect that his actions are malicious.

 

But in recent years, a counter-offensive has been launched thanks to machine learning and behavioural biometric technologies which reduce the advantage taken over time by cybercriminals over defenders.

 

The rise of biometrics 

Biometrics refer to measurements related to human characteristics. The uniqueness of certain characteristics, such as fingerprints and irises, make them a potential way to identify individuals with accuracy, without the risk of a password being stolen or a code forgotten. Most people are familiar with physical biometrics. However, hackers have discovered clever ways to steal or duplicate fingerprints. For example, it is possible to take a picture of the glass a person has touched and create a fingerprint with a 3D printer. Behavioural biometrics, as opposed to physical biometrics, is a new and effective defence against cybercriminals. Our physical traits are not the only things that make us unique. The way we speak, type or write can distinguish one individual from another as reliably as fingerprints.

 

The evolution of biometrics: reading behaviour

Behavioural biometrics are an effective form of authentication for a number of reasons. First, because of its accuracy, it is more secure than physical biometrics. Indeed, because of its nature, behavioural biometric data is unlikely to be stolen or replicated by another person or machine. 

 

As its name suggests, it allows for the monitoring of behavioural patterns. How can it be used? Machine learning technology will analyse a user’s behaviour for several weeks to create a profile of its own. Once the technology is operational, it becomes capable of detecting any deviation in behaviour by observing and correlating dozens of factors. And because it is executed using algorithms, it is constantly being improved.

 

The data examined includes: mouse movement, typing style, IP address, computer or applications used, etc. The software analyses and records the behavioral patterns of individuals and groups. With a behavioural biometric scoring system ranging from zero to 100, companies can easily assess the risk involved. The closer the score is to 100, the higher the level of risk.

 

How do Behavioural Biometrics work?

The principle at the basis of behavioural biometrics is to set up a baseline profile for a privileged user or account. This baseline contains, in a way, the connection habits, for example, the time of connection, the systems accessed, the browser used, etc., but also biometric data that is unique to each individual.

 

The risk score will be between 0 and 20, when an employee maintains his or her work habits. However, if the employee logs on to the system at 2 a.m., which is abnormal behaviour, the biometric system will then trigger a signal and the score will be raised to around 40. If he or she is connected to his or her computer, following his or her usual behavioural pattern (similar portal, same way of clicking, etc.), the system will not shut down.

 

If the score is higher than 50, for example, the security team will receive a notification. This will allow the security team to do further investigation. Since the score is divided into different algorithms and each factor is weighted differently, it is possible that the night-time logon may have generated a security alert, but since the behavioral pattern is verified, the security team can conclude that there is no obvious malicious behaviour. This helps to ensure that operations run smoothly and provides staff with a high degree of flexibility in their work.

 

Unfortunately, there is no panacea in cybersecurity, and no solution will ever be completely secure from all types of attack. Given the tools currently available, however, behavioural biometrics seem the most reliable way to identify users with critical security clearances and access privileges – after all, security starts with identity. 

 

Technology

WHY TECHNOLOGY IS KEY TO THE FUTURE OF AUDITING

By Piers Wilson, Head of Product Management at Huntsman Security

 

The Financial Reporting Council (FRC), which is responsible for corporate governance, reporting and auditing in the UK, has been consulting on the role of technology in audit processes. This highlights growing recognition for the fact that technology can assist audits, providing the ability to automate data gathering or assessment to increase quality, remove subjectivity and make the process more trustworthy and consistent. Both the Brydon review and the latest AQR thematic suggest a link between enhanced audit quality and the increasing use of technology. This goes beyond efficiency gains from process automation and relates, in part, to the larger volume of data and evidence which can be extracted from an audited entity and the sophistication of the tools available to interrogate it.

As one example, the PCAOB in the US has for a while advocated for the provision of audit evidence and reports to be timely (which implies computerisation and automation) to assure that risks are being managed, and for the extent of human interaction with evidence or source data to be reflected to ensure influence is minimised (the more that can be achieved programmatically and objectively the better).

However, technology may obscure the nature of analysis and decision making and create a barrier to fully transparent audits compared to more manual (yet labour intensive) processes. There is also a competition aspect between larger firms and smaller ones as regards access to technology:

Brydon raised concerns about the ability of challenger firms to keep pace with the Big Four firms in the deployment of innovative new technology.

The FRC consultation paper covers issues, and asks questions, in a number of areas. Examples include:

  • The use of AI and machine learning that collect or analyse evidence and due to the continual learning nature, their criteria for assessment may be difficult to establish or could change over time.
  • The data issues around greater access to networks and systems putting information at risk (e.g. under GDPR) or a reluctance for audited companies to allow audit firms to connect or install software/technologies into their live environments.
  • The nature of technology may mean it is harder for auditors to understand or establish the nature of data collection, analysis or decision making.
  • The ongoing need to train auditors on technologies that might be introduced, so they can utilise them in a way that generates trusted outputs.

Clearly these are real issues – for a process that aims to provide trustworthy, objective, transparent and repeatable outputs – any use of technology to speed up or improve the process must maintain these standards.

 

Audit technology solutions in cyber security

The cyber security realm has grown to quickly become a major area of risk and hence a focus for boards, technologists and auditors alike. The highly technical nature of threats and the adversarial nature of cybers attackers (who will actively try and find/exploit control failures) means that technology solutions that identify weaknesses and report on specific or overall vulnerabilities are becoming more entrenched in the assurance process within this discipline.

While the audit consultations and reports mentioned above cover the wider audit spectrum, similar challenges relate to cyber security as an inherently technology-focussed area of operation.

 

Benefits of speed

The gains from using technology to conduct data gathering, analysis and reporting are obvious – removing the need for human questionnaires, interviews, inspections and manual number crunching. Increasing the speed of the process has a number of benefits:

  • You can cover larger scopes or bigger samples (even avoid sampling all together)
  • You can conduct audit/assurance activities more often (weekly instead of annually)
  • You can scale your approach beyond one part of the business to encompass multiple business units or even third parties
  • You get answers more quickly – which for things that change continually (like patching status) means same day awareness rather than 3 weeks later

Benefits of flexibility

The ability to conduct audits across different sites or scopes, to specify different thresholds of risk for different domains, the ease of conducting audits at remote locations or on suppliers networks (especially during period of restricted travel) are ALL factors that can make technology a useful tool for the auditor.

 

Benefits of transparency

One part of the FRC’s perceived problem space is that of transparency, you can ask a human how they derived a result, and they can probably tell you, or at least show you the audit trail of correspondence, meeting notes or spreadsheet calculations. But can you do this with software or technology?

Certainly, the use of AI and machine learning makes this hard, the learning nature and often black box calculations are not easy to either understand, recalculate in a repeatable way or to document. The system learns, so is always changing, and hence the rationale that a decision might not always be the same.

In technologies that are geared towards delivering audit outcomes this is easier. First, if you collect and retain data, provide an easy interface to go from results to the underlying cases in the source data, it is possible to take a score/rating/risk and reveal the specifics of what led to it. Secondly, it is vital that the calculations are transparent, i.e. that the methods of calculating risks or the way results are scored is decipherable.

 

Benefits of consistency

This is one obvious gain from technology, the logic is pre-programmed in.  If you take two auditors and give them the same data sets or evidence case files they might draw different conclusions (possibly for valid reasons or due to them having different skill areas or experience), but the same algorithm operating on the same data will produce the same result every time.

Manual evidence gathering suffers a number of drawbacks – it relies on written notes, records of verbal conversations, email trails, spreadsheets, or questionnaire responses in different formats.  Retaining all this in a coherent way is difficult and going back through it even harder.

Using a consistent toolset and consistent data format means that if you need to go back to a data source from a particular network domain three months ago, you will have information that is readily available and readable.  And as stated above, if the source data and evidence is re-examined using a consistent solution, you will get the same calculations, decisions and results.

 

Benefits of systematically generated KPIs, cyber maturity measures and issues

The outputs of any audit process need to provide details of the issues found so that the specific or general cases of the failures can be investigated and resolved.  But for managers, operational teams and businesses, having a view of the KPIs for the security operations process is extremely useful.

Of course, following the “lines of defence” model, an internal or external “formal” audit might simply want the results and a level of trust in how they were calculated; however for operational management and ongoing continuous visibility, the need to derive performance statistics comes into its own.

It is worth noting that there are two dimensions to KPIs:   The assessment of the strength or configuration of a control or policy (how good is the control) and the extent or level of coverage (how widely is it enforced).

To give a view of the technical maturity of a defence you really need to combine these two factors together.  A weak control that is widely implemented or a strong control that provides only partial coverage are both causes for concern.

 

Benefits of separation of process stages

The final area where technology can help is in allowing the separation and distribution of the data gathering, analysis and reporting processes.  It is hard to take the data, evidence and meeting notes from someone else and analyse it. For one thing, is it trustworthy and reliable (in the case of third-party assurance questionnaires perhaps)? Then it is also hard to draw high-level conclusions about the analysis.

If technology allows the data gathering to be performed in a distributed way, say by local site administrators, third-party IT staff or non-expert users BUT in a trustworthy way, then the overhead of the audit process is much reduced. Instead of a team having to conduct multiple visits, interviews or data collection activities the toolset can be provided to the people nearest to the point of collection.

This allows the data analysis and interpretation to be performed centrally by the experts in a particular field or control area. So giving a non-expert user a way to collect and provide relevant and trustworthy audit evidence takes a large bite out of the resource overhead of conducting the audit, for both auditor and auditee.

It also means that a target organisation doesn’t have to manage the issue of allowing auditors to have access to networks, sites, data, accounts and systems to gather the audit evidence as this can be undertaken by existing administrators in the environment.

 

Making the right choice

Technology solutions in the audit process can clearly deliver benefits, however if they are too simplistic or aim to be too clever, they can simply move the problem of providing high levels of audit quality. A rapidly generated AI-based risk score is useful, but if it’s not possible to understand the calculation it is hard to either correct the control issues or trouble shoot the underlying process.

Where technology can assist the audit process, speed up data gathering and analysis, and streamline the generation of high- and low-level outputs it can be a boon.

Technology allows organisations to put trustworthy assurance into the hands of operations teams and managers, consultants and auditors alike to provide flexible, rapid and frequent views of control data and understanding of risk posture. If this can be done in a way that is cognisant of the risks and challenges as we have shown, then auditors and regulators such as the FRC can be satisfied.

 

Continue Reading

Finance

HOW TECHNOLOGY IS CHANGING ACCOUNTING

Mike Whitmire is Co-founder and CEO of FloQast,

 

The fundamentals of accounting have been around for hundreds of years. They’re not likely to change any time soon, other than adapting the way they interact with new business regulations and tax laws. But the day-to-day process of accounting has seen a rapid change in the past few years resulting from disruptive new technology. But, is this a good thing or a bad thing?

Taking the Accounting Department on the Road

Cloud-based technology is one of the most significant shifts in the modern accounting department. If 2020 has taught us anything, it’s the importance of location flexibility for businesses. With cloud accounting platforms and applications, accountants can work from almost anywhere.

Even on a typical, office-based day, cloud tech allows an accounting team to collaborate seamlessly, sharing access between several people in real-time. No need to worry about multiple versions of the financials when the current iteration is always just a click away.

Cloud technology also makes it easier to integrate apps into the base accounting software. In addition to an accounting suite, many companies use inventory software, AR/AP software, and other specialized tools to meet their needs. With so many cloud-based apps available, it’s getting easier and easier to set up an entire ecosystem of apps for your business that sync and integrate seamlessly with one another. Not only does that save time and effort, but it also reduces the chances of mistakes, omissions, and accidental double entries of data from one system to another.

 

Convenience for Accountants and Clients

For those accountants working in private practice or in the public accounting sector, technology and cloud-accounting can be a lifesaver. Files and documents can be uploaded digitally and client work can be handled remotely with no need to ever visit the client’s place of business. This makes for a more flexible and much less disruptive workday for many accountants.

For clients, this is a more convenient way to work too. They no longer need to travel across town to deliver a stack of documents and across town is no longer the limit of their accountant options. They can just as easily work with someone across the state or across the country, allowing them to find the best fit for their business needs. This is a win/win for both parties.

The New Role of Accountants

Technology has all but eliminated some part of the job for accountants, and that can be scary. As

AI takes a bigger role in accounting, many of the manual tasks are being automated. Connected bank feeds and AI can match transactions and even automatically reconcile accounts in some cases. But that doesn’t mean the job of the accountant is disappearing. In fact, it’s the beginning of a whole new role for many accountants.

But those aren’t bad things. Quite the opposite, in fact.

With their time free from the drudgery and monotony of manual data entry (and all that double-checking and second-guessing about typos and transposed digits) more and more accountants are taking on a strategic role. The numbers are beginning to take care of themselves, but businesses still need people who know what the numbers mean and can apply them to business problems.

For example, as technology makes reconciliations easier, the accounting team can get through more reconciliations each month and close the books with more confidence. They now have time to follow through with things like flux analysis and future projections. These strategic moves let the business make better business decisions, backed up by solid financial data.

 

Preparing for the New Accounting Landscape

Adapting to new technology is a key skill for the modern accountant. Those looking to get into the industry, or looking for upward mobility in their accounting career, need to seriously consider upping their tech comfort level.

Accounting degree programs are increasing their focus on technology and creating more tech-savvy accounting grads. Those already in the industry should take the hint and seek out continuing education to increase their own tech skills and understanding.

But the new accountants won’t only need tech skills, they’ll also need greater communication and teamwork skills. As they take on a more strategic and integrated role in the company, accountants will need to work well with other departments and communicate financial information to non-financial team-members. These “soft skills” have been lacking in the caricatured accountant, but they’re making a serious comeback in the new generation.

Conclusion

The future (and present) of accounting is bright. Technology is making the job easier and taking over a lot of the tedious tasks but the job outlook continues to grow. Instead of data entry and number crunching, accountants are free to analyze, strategize, and guide their clients and businesses with their financial insights.

 

Continue Reading

Magazine

Partner Events

Trending

Finance8 hours ago

SAFEGUARD YOURSELF FROM FINANCIAL STRUGGLE AND UNCERTAINTY IN THE CASE OF DEMENTIA

Despite the rising incidence of dementia globally – The World Health Organization (WHO) estimates one new case every three seconds...

Technology8 hours ago

WHY TECHNOLOGY IS KEY TO THE FUTURE OF AUDITING

By Piers Wilson, Head of Product Management at Huntsman Security   The Financial Reporting Council (FRC), which is responsible for corporate...

Finance1 day ago

BOOM OR BUST: HOW THE FINANCIAL SERVICES SECTOR IS COPING

by Simon Black, CEO, Awaken Intelligence   Covid-19 has had an impact across all industries and businesses are feeling the...

Business1 day ago

BACK TO SCHOOL – CEOS NEED TO LEARN A NEW LANGUAGE, FAST!

By Simon Axon, Financial Services Industry Consulting practice lead in EMEA, Teradata   Chief Executive Officers of banks know all...

Business1 day ago

REVITALISING THE TOKEN MARKET

By Gavin Smith, CEO at Panxora   With interest rates near zero and fears that whipsawing stock markets are set for...

Business1 day ago

A SLEEPING DIGITAL GIANT WAKES? 4 KEY TRENDS ACCELERATING PAYMENTS TRANSFORMATION IN THE US

Lauren Jones, International Payments Ambassador, Icon Solutions   The US payments industry is undoubtedly ripe for change. Before the unprecedented...

Finance1 day ago

CAN ACCOUNTING DEPARTMENTS WIN THE FIGHT AGAINST FRAUD?

Magali Michel, Director, Yooz   Despite the implementation of increasingly sophisticated security systems, corporate fraud continues to gain ground: half...

Finance1 day ago

REMOTE INVOICE CAPTURE: ADAPTING TO THE NEW WAY OF WORKING

Author: James Adie, Vice President EMEA Sales at Ephesoft   When the government announced a country-wide lockdown on March 23,...

News1 day ago

GALA TECHNOLOGY SELECTS NUAPAY TO ENABLE OPEN BANKING PAYMENTS

Nuapay, powered by Sentenial, today announces it has been chosen by Gala Technology, a payment security solution specialist, to provide Open...

Top 102 days ago

THE ROLE OF OPEN SOURCE IN UNCERTAIN TIMES

Kris Sharma, Finance Sector Lead, Canonical   Financial services are an important part of the economy and play a wider...

Wealth Management2 days ago

SIMPLIFYING THE RETIREMENT FUND DEATH CLAIMS PROCESS

By Dolana Conco, Regional Executive at Alexander Forbes   Losing a loved one is one of the most difficult experiences...

News2 days ago

THE EMBEDDED BENEFITS IN ESEF DIGITAL FINANCIAL REPORTING

The inclusion of a simple link delivers serious gains in transparency, trust and real time verifiability for the whole financial...

News2 days ago

YAPILY AND OZONE API PARTNERSHIP MARKS TURNING POINT IN OPEN BANKING ADOPTION FOR BANKS

Open banking leader Yapily has today announced a strategic partnership with Ozone API, the leading API standards-based platform, to enable banks and...

News3 days ago

PROGRESSIVE SCENARIO PLANNING FOR THE LIBOR TRANSITION

James Gannaway, Head of Financial Services, Board International   The Financial Stability Board have announced that disruption to markets caused...

News3 days ago

AS DIGITAL TRANSFORMATION ACCELERATES, ENTRUST DATACARD BECOMES “ENTRUST”

Entrust name and identity reflect the critical need for trust at the heart of the digital transformation – and the...

Finance3 days ago

HOW TO TAME YOUR FINANCES TO REGAIN CONTROL OF YOUR MONEY

Credit, combined with bad spending habits, means many South Africans find themselves living from payday to payday, but you can...

Business3 days ago

HOW DATA VIRTUALISATION CAN HELP THE FS INDUSTRY REGAIN COMPLIANCE CONTROL

Charles Southwood, Regional VP – Northern Europe and MEA at Denodo    In recent years, the financial services (FS) sector has witnessed a...

Finance4 days ago

HOW TECHNOLOGY IS CHANGING ACCOUNTING

Mike Whitmire is Co-founder and CEO of FloQast,   The fundamentals of accounting have been around for hundreds of years....

Top 104 days ago

THE COMPLETE GUIDE TO TRANSFERRING SHARES FROM ONE DEMAT ACCOUNT TO ANOTHER

A Demat Account functions like a savings bank account with the obvious difference in the fact it stores stocks instead...

Interviews6 days ago

MAXIMISING THE SPEED OF RECOVERY: ALLOCATING CAPITAL EFFECTIVELY

Simon Bittlestone, CEO of Metapraxis   How has COVID-19 impacted businesses’ financial plans? The uncertainty thrown up by the COVID-19...

Trending