Connect with us

Finance

Double and triple extortion tactics cornering financial services organisations

Published

on

By Ian Wood, Senior Director and Head of Technology, UK&I at Veritas Technologies

 

Ransomware continues to keep those in the financial services industry up at night – and not without good cause. There was an alarming 105% surge in ransomware attacks last year and a according to our research, companies in the financial services space are more likely to be struggling to keep pace with their security than those from most other sectors, with nearly half (48%) stating that their data security is lagging behind their digital transformation deployments. To add to their anxiety, malicious actors continue to ramp up the threat, by adding multiple layers to their attacks, including double and triple layers of extortion.

 

A two-pipe problem

Double extortion, also named pay-now-or-get-breached, is where criminals not only hold systems hostage by encrypting their data, but also threaten to leak sensitive information online. This ensures that businesses still face jeopardy, even if they are confident in their ability to restore their data from backups.

The double extortion tactic has been used widely by Maze operators, however, due to its success, we are seeing its proliferation in many other attacks. According to research, double extortion ransomware attacks increased by almost 500% in 2021, with the number of attacks rising nearly 200% quarter over quarter.

Allied Universal’s Systems is cited as the first major breach in which double extortion was deployed. However, the Colonial Pipeline attack in May 2021, is by far the highest-profile case of double extortion. Here, the hacking group DarkSide stole 100 GB of data, forcing its victim to pay a $5 million ransom, to unlock its data and avoid a massive leak.

 

Ian Wood

Bad-things-come-in-threes

Triple extortion, as you might imagine, involves the attackers finding a third pressure point for their victims. This might, for example, be by threatening to tell major customers or partners that the company has been breached, by threating to share details of the leak to the press, or by launching a DDoS attack to distract and overstretch the IT team.

The first widely published ransomware attack using triple extortion was in late 2020. Vastaamo, a healthcare company from Finland, was put under increased pressure following a ransomware attack as calls from patients flooded in to its support service and the police.

Ransomware can cause chaos on its own. However, when mixing this with a DDoS attack and a mob of frustrated customers, businesses see their ability to cope reduced significantly. Ultimately hackers want to push companies, who could potentially have avoided paying, into submission.

 

Five steps to fighting back

So, what can you do to protect your business? There are five key steps:

  1. Implement a comprehensive and robust data protection and recovery solution – encrypting data and locking it away from victims is the first thing that ransomware hackers will try to do.
  2. Encrypt your own data – exfiltration attacks only work if the hackers can read the information that they’ve stolen.
  3. Follow a zero trust methodology for data access – business can limit what data is locked, blocked or stolen by ensuring that people and applications only have access to the data they need.
  4. Monitor data in real time – businesses need to react rapidly to threats and stop them in their tracks, this requires immediate alerts when anomalies are detected.
  5. Understand your data – most ransomware attacks rely on the victim assuming that the attacker has hold of something valuable, yet only 15% of the data that businesses store is valuable to them. Knowing if the data that has been breached is worth paying for should be a key factor when deciding what to do.

 

Augmentation and Autonomy

The challenge of triple extortion is that it requires vigilance on three fronts and IT departments at financial services companies can end up feeling like the boy with his finger in the dyke. As more threats arise, they have to pull their finger out of one leak to use it to plug another and, soon, they’re overwhelmed.

As hackers increasingly try to break the IT team by stretching them too thinly, FSIs need to recognise that the solution to their problems can’t rely on people alone, since they aren’t infinitely scalable. Rather, their skills need to be augmented with technology that can harness AI and machine learning to autonomously fight back.

Rather than relying on their existing team alone to implement the five-step plan, organisations can empower their protection solutions to autonomously assist them in the process.

Triple extortion is another example of hackers moving the goalposts and hoping that they can score before their victims have noticed the change. Companies in the financial services space can outsmart their would-be attackers not by simply moving their defenders into new formations, but by flooding the pitch with bots that will assist them.

Business

How can businesses boost employee experience for finance professionals?

Published

on

By

By Martin Schirmer, President, Enterprise Service Management, IFS

Over the course of the last year, The Great Resignation has seriously impacted organisations across the globe. Staff are quitting in huge numbers, leaving companies unprepared and struggling to fulfil their workloads. In fact, mass departures are happening at all levels of the labour market, as employees attempt to adapt to the hybrid working model and growing socio-economic uncertainty.

In light of this, optimising the employee experience (EX) to attract and retain talent has become a top priority for employers. Organisations have come to understand the necessity of taking immediate steps to drive employee engagement and reshape workplace culture.

The financial services (FS) industry is no exception to this trend. From increasing employee burnout to growing career dissatisfaction, the pandemic has exacerbated the need for transformation across finance teams. This is exemplified by recent data from Spendesk, which found that approximately 40% of finance professionals are willing to leave their roles or already have concrete plans to do so.

Organisations looking to get ahead of the competition must put in extra efforts to retain their existing workforce. The fact is that employee expectations and requirements have irreversibly changed, with more workforces becoming increasingly distributed. Today’s hyper-connected workforce values flexibility and simplicity, and it is organisations which offer these experiences that will succeed in the long term.

As part of this process, finance companies must look towards the power of technology to create seamless user experiences across devices. From automating workflows to improving overall efficiencies, Enterprise Service Management (ESM) can help organisations to boost user satisfaction and go that extra mile for their employees.

How poor EXs are driving finance teams to quit

With over 40% of employees spending a significant proportion of their time carrying out mundane, manual tasks, it is not surprising that poor EXs are having a detrimental impact on job satisfaction. Finance teams in particular have been slower to digitise core processes, leading to a heavy reliance on manual tasks. This not only increases the amount of time spent on each task, but also impacts the engagement levels of finance professionals who cannot focus on more strategic aspects of their roles.

As a result of the pandemic, flexibility has also moved to the forefront of finance teams’ desires. Given the fast-paced nature of this industry, the conversation surrounding work-life balance has increased rapidly. Failure to offer flexible working policies, coupled with a lack of technology to facilitate this flexibility, has led to poor EXs across the board.

Most notably, the overarching move to omnichannel, digital-first approaches has dramatically reset both customer and employee needs. Finance is the third-slowest running corporate function behind legal and IT. Operating in a competitive environment, 73% of finance operations are facing pressures to speed up, improve efficiency, and prioritise automation.

Mitigating the problem using technology

ESM, an offshoot of IT Service management (ITSM), is the cornerstone of smart digital transformation for organisations. It can help finance teams to streamline and automate routine processes, such as monitoring the status of service requests, approving expenses, sending invoices, and tracking payments. In turn, this will free up employees’ time, reducing the burden of manual tasks and enabling them to focus on the more strategic tasks.

Another advantage ESM can offer finance teams is the ability to adapt to each department’s minimum requirements for data privacy. Accounting, for example, needs additional layers of compliance built into the system.

ESM can also facilitate cross-departmental collaboration, helping finance professionals to communicate with the wider business and perform tasks more effectively.  Organisations can use ESM to incorporate all internal services into a single platform, offering employees a well-rounded view of the business and promoting a sense of community across all levels of an organisation. This will boost productivity, whilst enhancing visibility and control.

Ultimately, the current job landscape has brought with it a new set of challenges. Organisations in the FS industry looking to navigate the storm and retain top talent must refocus their efforts on bolstering the EX. Embracing a new era of technological innovation that empowers employees and boosts engagement is a critical step in this process.

 

Continue Reading

Finance

The penny has dropped – the finance sector needs Data Governance-as-a-Service

Published

on

By

By Michael Queenan, Co-Founder and CEO at Nephos Technologies

 

In our data-driven world, the amount of data is growing exponentially and it’s predicted that the amount generated each second in the financial industry will grow 700% this year. Leaders of financial services organisations have realised two things since the start of the pandemic – that data on their customers and services is their greatest asset and that they must embrace technology to make intelligent business decisions to grow successfully and outperform competitors.

Since the financial sector holds arguably the most valuable and sensitive information, organisations must do more than just store this data. They need to ensure its security, integrity, and governance so that it’s useful in improving the brand’s customer experience, innovating products and services or predicting future trends to improve risk management.

Yet without a robust data governance model – a strong set of rules and processes for what data means, and how it is categorised, owned, accessed, stored, and used – data is worthless. Only when an effective data governance model has been established, will data meet regulations and be secure. Data leaders must shift gear in their data processes to avoid hefty compliance penalties and unlock potential value from their data assets.

 

The data governance challenges faced by financial sector organisations

The barriers for achieving ‘good governance’ are many and varied. Ignorance of the benefits of data governance is a major hurdle for developing a governance strategy. Many financial firms have invested – at significant cost – in data governance tools, but struggle to deliver the benefits they are looking for. Many don’t have the right skills and resources to maximise or set the right metrics to measure the business value. Some are compromised by unoptimised gaps in their approach.

With many different elements to master, data governance is complex – from identifying the right tools to managing the challenges presented by encryption, all whilst ensuring that data quality is sustained and data is managed responsibly.  The negative impact of misplaced investment in ineffective data governance strategies can be significant, for the short and long-term.

 

Why data governance matters

With the acceleration of digital adoption in the financial services industry, it has become crucial to deliver seamless, intelligent customer experiences. Data governance is the key to managing data flow, ensuring compliance, and scaling up. Proof that data governance matters is evident in the Master Data Management Market growth prediction, from $16.7 billion in 2022 to $34.5 billion by 2027.

Data governance is a comprehensive methodology for ensuring the quality and security of the company’s data. The various benefits of an effective data governance strategy include minimised risk, coherent policies, metrics and processes, and better implementation of compliance and enhanced data value. However, for financial services, there are significant advantages as a result of the following:

  • Data governance saves the company money by increasing efficiency. Precious time can be saved by having good quality data and a single source of truth, with less duplication of data, and less time needed to correct data errors.
  • Good data governance gives the business confidence in having accurate and trustworthy data, the holy grail for delivering outperforming customer experiences.
  • A data-driven culture can also be introduced to your business through good data governance. With the ability to gather critical customer and market insights that can guide the direction of your business, data governance allows financial institutions to drive innovation and gain competitive advantage.

 

Bridging the governance gap with Data Governance-as-a-Service (DGaaS)

Increasingly organisations are turning to the ‘as-a-Service’ model to bridge the gaps in their data governance capabilities, as well as ensure critical alignment between objectives and results. This dedicated approach aims to minimise the risk of investments and delivers the strategy and proven technologies required to ensure data governance success.

DGaaS can be applied across each major component required to deliver good data governance. First, it uses software tools to scan all data within a typically complex financial services data infrastructure in its data discovery and classification phase. Without this detailed insight, organisations can’t always identify their data assets, any data mishandling and the level of risk generated.

The next part of the process is creation and documentation. This means organisations can drive their governance objectives through to execution, while removing the operational and recruitment overheads, which means they can purely focus on value created from data. In doing so, organisations can convert the raw outputs from the toolsets into meaningful business outputs.

With a holistic approach, DGaaS allows financial services organisations to focus on the transformational potential of data while critically staying compliant.

 

Reaping the benefits

Data is a vital asset to enable financial sector organisations to build the right capabilities to deliver their services and remain competitive. With a robust data governance model, financial firms can assess risk, predict trends, and seize market opportunities based on data-driven insights. Only data-driven processes, built on high quality and effectively governed data, will enable them to build outstanding customer experiences. It’s essential that leaders realise data governance is a fundamental discipline, not a luxury, and establish an effective model to formalise processes and responsibilities before their data lets them down.

Continue Reading

Magazine

Trending

Business3 days ago

How can businesses boost employee experience for finance professionals?

By Martin Schirmer, President, Enterprise Service Management, IFS Over the course of the last year, The Great Resignation has seriously...

Business4 days ago

CBDCs: the key to transform cross-border payments

Dr. Ruth Wandhöfer, Board Director at RTGS.global   If you work in finance, you’ll have been hearing a lot about...

Business4 days ago

Green growth: The unstoppable rise of climate technology investment

With the investment community focusing more and more on renewable technologies, investor interest is at an all-time high. Ian Thomas,...

Business4 days ago

Bolstering know your customer processes as regulation tightens

Nick Payne, banking services, customer advisory, SAS UK & Ireland, discusses how new technologies allow financial services companies to develop rigorous KYC...

Finance4 days ago

The penny has dropped – the finance sector needs Data Governance-as-a-Service

By Michael Queenan, Co-Founder and CEO at Nephos Technologies   In our data-driven world, the amount of data is growing...

Business4 days ago

Seven tips for financial services brands using mail

By Cameron Russell, Head of Marketing at Marketreach   Customer experience (CX) is a powerful differentiator for modern brands. If...

Top 104 days ago

Turn the data landfill into an insight goldmine

Andrew Watson, CTO, MHR Today, businesses have access to a wealth of data, with vast amounts of information created daily....

Business4 days ago

A Culture of Cyber Security Throughout Financial Services Organisations

Michael Cantor, CIO, Park Place Technologies Financial Services organisations have long been a top target for cyber-attacks given both the...

Business6 days ago

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation The strongest recommendation yet by the Financial...

Business6 days ago

On-demand pay: why payroll needs a modern approach

Byline:  Paul Bartlett, CEO, CloudPay   While the world of work has evolved drastically over the last decade, payroll has...

Business6 days ago

 ‘What should real estate investors be doing now – has the market hit rock bottom or is now the time to buy?’

Following many years of housing prices soaring and competition steadily increasing, real estate growth has finally started to slow, likely...

Business7 days ago

Expert Guide for Email Marketing to Improving Your Conversion Rates

If you talk about email marketing campaigns, it would seem like an old-fashioned advertising style. But it is still an...

Banking1 week ago

Augmented automated underwriting and the evolution of the life insurance market

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions   It’s almost inevitable. Spend your working life...

Banking1 week ago

ESG in the finance and banking industry – are you ready?

By Julian Moffett, CTO BFSI, EDB   Environmental, Social and Governance (ESG) has soared towards the top of banking, financial...

Top 102 weeks ago

An Entrepreneur’s Guide to Investing in Bitcoin

Marcus de Maria, Founder and Chairman of Investment Mastery.   Over recent years, Bitcoin has been steadily growing in popularity...

Business2 weeks ago

Overcoming macroeconomic challenges

By Mike Chambers, formerly CEO of Bacs and a consultant at Access PaySuite.   For businesses offering a subscription-based service, the...

Banking2 weeks ago

How unlocking the potential of tokenised markets can help banks keep pace with the digital economy

Giulia Secco is the Strategic Partnership & Ecosystem Manager at Fnality International.   In the aftermath of the 2008 financial...

Banking2 weeks ago

The role of Artificial intelligence in compliance at banks

Sujata Dasgupta, Global Head – Financial Crime Compliance Advisory, Tata Consultancy Services   There’s not a financial institution across the...

Technology2 weeks ago

Scaling securely in the automation-first era

By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk   Robotic process automation (RPA) has been one of the...

Business2 weeks ago

Putting technology to work on entrepreneur fund-raising

By Simon Glass, CEO, Qodeo   Human relationships are behind the most successful venture capital deals. The chemistry between an...

Trending