Connect with us

Finance

Enterprise Investment Schemes – four tax reasons that make them great

Published

on

Since 1994, Enterprise Investment Schemes (EIS) have been an important tool in the investors’ kit, but many potential investors worry that EIS-eligible businesses are too high risk. Here, Craig Harman, a tax specialist at Perrys Chartered Accountants, explains everything you need to know about Enterprise Investment Schemes, and the tax savings you might be missing out on if you’re not getting involved.

A government-backed initiative, the Enterprise Investment Scheme was designed to encourage individual investors to buy shares in higher-risk companies by offering generous tax reliefs to those who invest. To be eligible for funding under the EIS, a business must be within seven years of its first commercial sale, not have gross assets worth more than £15 million before shares, and have less than 250 full-time employees. It’s true that investing in less established businesses may carry a greater investment risk. However, there is the potential for higher returns and the tax relief available can minimise any loss should the worst happen.

Craig Harman

Income tax relief

Of all the benefits of investing in an EIS, one of the most attractive is the income tax relief you can receive. You can claim relief for a maximum annual investment of £1 million, or £2 million if you have invested in a knowledge-intensive company. You can claim for up to 30% of your investment, meaning that you could receive up to £300,000 tax relief a year – or £600,000 for investments in knowledge-intensive companies. This is one of the most generous tax relief schemes currently on offer in the UK.

Loss relief

Of course, returns are not guaranteed when investing in early-stage companies, and indeed most investments carry an element of risk. However, the EIS provides attractive loss relief at your marginal tax rate. When you combine this loss relief with the income tax relief you receive when investing in an EIS eligible company, you greatly reduce the amount of capital you have at risk.

They support small/medium businesses 

Since its launch in 1994, the EIS has been pivotal in helping small to medium, new starter companies in the UK achieve vital growth capital. Over the last two decades, the scheme has helped EIS businesses access billions of pounds which might otherwise have been ploughed into lower risk companies. The EIS stipulates that those receiving investment under the scheme must use it to grow their business – increasing revenue, customer base and number of employees. This means that you can be sure that your investment is helping small businesses to thrive, while providing valuable jobs and services to local communities.

Profits are tax free

Another initiative of the EIS are the Capital Gains Tax advantages. For most non EIS investments, any returns will be liable for Capital Gains Tax (CGT) above the CGT-free personal allowance. When you invest in an EIS, provided you meet the conditions, all growth in value is exempt from CGT, meaning you can achieve a greater net profit, while saving your personal allowance for other investments.

The use of the scheme is subject to detailed conditions. Therefore, it is important these are met otherwise your investment may not qualify. If you have any doubts, it is best to seek advice from a specialist EIS accountant.

 

Business

A lack of training and email security solutions is contributing to a rise in email threats targeting the finance sector.

Published

on

By

Mike Fleck, Senior Director, Sales Engineering at Cyren

 

Email remains the most popular and successful attack vector in the digital landscape, the reason being because it is simply the most commonly used digital communication channel across the globe. On average, over 330 billion emails are sent every day. The sheer volume-and the fact that almost every employee within an organisation uses email- makes this channel a popular target for potential security threats. Finance organisations use email not only for internal communication but also for customer service interactions and marketing. A banking survey in 2021 showed that over 76.8% of users consider email as the primary channel for communicating with banks. That’s why financial institutions are at the frontline of email-driven security risks.

In order to attain more insight into the email threats targeting the financial sector and the potential remedies, we talked to Mike Fleck at Cyren, a leader in enterprise email security solutions.

  1. What do you see as the main reason for the continued increase in successful email threats targeting the financial sector?

Email threats have become much more dynamic over the years.  Although phishing continues to be the most common attack vector in the domain of email threats, the mix of breaches attributed to email attacks has expanded significantly in recent times. In our latest benchmark research, we surveyed 226 organisations that use Microsoft 365 for email. We found that compared to 2019, there was a 71% increase in ransomware-driven email attacks, 44% increase in phishing attacks, and 49% increase in credential compromise attacks. Phishing is no longer the only path for email threats, as attacks are now being driven by multiple sophisticated methods, which evidently leads to more successful threats.

Mike Fleck

The financial sector has always had a red mark on its back to threat actors, mainly because of the highly sensitive information and valuable assets managed by financial organisations. Email serves as the most vulnerable and easily compromised access point for threat actors, which is why the number of email breaches has massively increased over the years. Our research found that the number of email breaches across all organisations has almost doubled each year over the past three years.

Although most organisations are using email client plug-ins for reporting suspicious messages, only 22% of the organisations stated that they analyse all reported messages for malicious content, leaving a major gap in awareness and threat response. Our survey showed that inefficient threat response and a lack of urgency is the most concerning factor for security managers. Threat actors are consciously aware of these shortcomings, which is why they are able to frequently launch successful email attacks targeting the financial sector.

  1. Why is the email channel so appealing for fraudsters, and what are the techniques they use to target financial service organisations in this way?

Historically, email has always been the primary channel for business communication, and as businesses continue to attain cloud-based services, email has become a productive norm for file-sharing and communication. Email channels also integrate easily with any cloud application, facilitating businesses to pursue more productive interactions. There is also the fact that email is accessible to most personnel regardless of their technical ability.

This flexibility and continued dependency on email is also the reason why it is an appealing channel for threat actors. Because email channels are integrated with almost every organisation’s platform, breaching an email allows cybercriminals to backtrack into critical network infrastructure and compromise valuable assets. Most threat actors tend to target the user rather than the system, and email channels are used by almost every employee in a financial organisation regardless of their experience, role, technical awareness, or skills. Therefore, targeting emails allow threat actors to utilize a much wider attack surface.

Another major reason is breaching the email channel is far less complex than breaching secured network endpoints and access firewalls. With techniques like social engineering and phishing, threat actors often don’t have to use significant resources or complex methods to breach employee email accounts. Our research showed that phishing is still the most used technique by attackers; 69% of all email breaches were due to phishing attacks. Other frequent techniques were Microsoft 365 credential compromise (60%), malware (59%), and ransomware (51%).

The means of carrying out these attacks are also easily accessible and available to almost anyone. Threat actors can buy a ransomware kit for as low as $66, and phishing kits are available for as little as $20. So, even the most inexperienced attackers can use such tools to exploit the email accounts of users and gain access to the critical resources of financial organisations.

Simply put, email provides a direct and economical path to the weakest point of every organisation’s cybersecurity program – its people.

  1. How important is proactive security awareness training when it comes to defending against email attacks?

The previous consensus was that email threats thrive on the user’s lack of awareness. Cybersecurity leaders believed that the “last mile” problem of phishing attacks can be solved if employees are able to detect and avoid fraudulent emails. Frequent awareness training is important to help employees stay up to date on evolving email attacks and identify malicious content or messages more easily. Over 99% of organisations offer awareness training, but only one in seven organisations offer training monthly or more frequently.

The dynamics of the attack vectors and techniques change constantly with the emergence of new technologies and vulnerabilities. Without frequent training, employees won’t develop a conscious awareness of email threats. We found that organisations that offer email awareness training every 90 days or more frequently, are less likely to fall victims to phishing, business email compromise (BEC), and ransomware attempts.

Our research also showed a correlation between frequent training and email reporting frequency. Organisations that offer frequent training also experience a high rate of malicious or suspicious email reports – meaning that employees become more conscious and aware of the potential threats. That’s why frequent proactive awareness training is critical for protecting against email attacks. However, organisations need to appreciate that a higher volume of reported emails will result in a higher number of alerts that Security Operations Centre analysts must investigate.

  1. What are the steps you would recommend financial organisations take to implement effective inbox security solutions that bolster their cyber resiliency immediately?

Financial organisations need to act quickly when responding to a potential threat, as even a fractional security breach can cause unprecedented damage to its assets. Organisations are beginning to realise that employees fall victim to these scams because they are busy and distracted – not because they are apathetic or gullible. Also, relying on employees to spot and report suspicious messages is not a complete or efficient solution to the problem. Employees do not consistently report every threat, and what alerts they do generate have a false positive rate of at least 41%. In addition to constant awareness training, organisations must incorporate effective inbox security solutions to increase their cyber resiliency.

When implementing effective inbox security solutions, financial organisations must consider the response and reporting time.  They must choose solutions that can detect threats in real time and automate the response to those threats for quick remediation.

An effective approach for financial leaders is to invest in automated solutions that can detect and remove social engineering threats in real time. Automated inbox security solutions can continuously scan inbound and outbound email folders, including their contents such as URLs and web pages. Such solutions can detect and report anomalies, resulting in real-time detection. Automated threat response solutions can strengthen the built-in security capabilities of the email gateway, such as Microsoft 365 Defender. Combining automated solutions with the existing threat response framework can optimise the response process and significantly reduce the time and cost of threat investigation.

 

Continue Reading

Finance

Main Factors Accelerating API Security Risks in Financial Services

Published

on

By

By: Yaniv Balmas, VP of research at Salt Security

 

The API ecosystem is exploding and nowhere has API delivery accelerated as much or as fast as in financial services. Leveraging APIs, financial services organisations can innovate and quickly bring to market unique customer experiences and services. While more than three-fourths of software developers say API development is or will be a top business priority, the figure is even higher in financial services – topping all other industries at more than 80%.

Because successful attacks are so lucrative against financial institutions, they have always been a top target. The growth of the API economy has made the financial sector an even bigger target, which is why minimising API security risks has become the top priority.

Four factors are driving the urgent need for better API security in financial services:

  • API usage in financial services is increasing
  • API attacks threaten digital transformation initiatives
  • API security incidents hurt customer trust
  • Traditional security solutions don’t protect APIs

API Usage Will Increase Even More

In financial services, the high-growth trajectory of APIs will continue to rise. With each use case and new service, the number of APIs in a typical financial services company grows ever higher.

APIs provide the required data connection to support today’s mobile financial applications and peer-to-peer payment systems. APIs are at the center of open banking. APIs enable financial services companies to standardise how they connect and exchange data, allowing consumer financial information to be instantly shared across organizations and third-party service providers. With different partners and technology suppliers, API connections are being continuously added to the financial ecosystem.

For financial services, that means even more APIs and a continuously growing attack surface that must be adequately protected.

API Attacks Threaten Key Business Initiatives

Open banking gives consumers more choices and convenience to address their financial needs. It also increases competition across the financial services industry and generates new revenue avenues. In addition, open banking provides more traditional financial institutions the opportunity to compete with faster-moving fintech companies.

Moreover, in financial services, Covid has hastened the adoption of digital transformation, including mobile and remote banking. In a pandemic-mandated stay at home world, consumers made their needs clear. They want integrated services and the ability to connect their financial lives when and where they desire. This requires banks and other finance companies to roll out new capabilities or risk becoming obsolete and losing customers and revenue.

Digitalisation has become a critical business initiative and is increasingly important in financial services. However, without the ability to protect the data being used within these services, financial organisations lose that opportunity entirely. Financial data breaches can cost the business in lost revenue from new opportunities and cause irreparable harm to an organisation’s brand.

Just a single API attack has the potential to wipe out all the gains made from an organisation’s digital transformation.

API Security Incidents Damage Consumer Trust

In financial services, the costs of lost trust can be high. Salt Labs, the research arm of Salt Security, provides ongoing API vulnerability research. In its latest report, Salt Labs uncovered a server-side request forgery (SSRF) flaw on a large fintech platform that provides a wide range of digital banking services to hundreds of banks and millions of customers.

The vulnerability had the potential to compromise every user account and transaction data served by its customer banks. Imagine the leaking of customers’ banking details and financial transactions and users’ personal data or, worse, unauthorised funds transfers into the attackers’ bank accounts.

None of these nightmares came to be, because Salt Labs found the problem before a bad actor did, and all issues have been remediated. But this type of exploit, had it occurred, would have likely caused irreparable reputational damage – not to mention financial losses, theft, and fraud.

The nature of financial services applications is to exchange sensitive financial and customer data, making APIs a high-stakes asset requiring protection.

Traditional Solutions Don’t Deliver Adequate API Protection

Most financial services companies have sophisticated runtime security stacks with multiple layers of security tools, such as bot mitigation, WAFs, and API gateways. These traditional tools provide foundational security capabilities and protection for traditional applications; however, they lack the context needed to identify and stop attacks that target the unique logic of each API.

Attacker activity looks like normal API traffic to traditional tools, such as WAFs, API gateways and other proxy-based solutions. The architecture limits them to inspecting transactions one at a time, in isolation, and beyond rate-limiting. They also depend on signatures to detect well-known attack patterns. If the transaction does not match a known attack signature, the WAF will send it through. Since each API is unique with unique vulnerabilities, signatures cannot help prevent API attacks.

API security requires big data to capture all API traffic and artificial intelligence (AI) and machine learning (ML) to continuously analyse the large volumes of API traffic. Without continuous analysis of API traffic, you cannot understand normal behaviour for each unique API and gain the context required to pinpoint attackers.

In addition, while open banking defines standards around how APIs should be structured to enable predictable integrations and communications, open banking provides no standard to meet the majority of API security requirements. Moreover, basic controls, such as authentication, authorisation, and encryption, fall short of meeting API security challenges.

API Security at the Forefront for Financial Services

APIs have become essential for financial services to meet changing consumer expectations and innovate to remain competitive. At the same time, APIs are now the most frequent attack vector. In the past 12 months, 95% of organisations experienced an API security incident, and API attack traffic grew 681% – more than twice as fast as overall API usage traffic.

Therefore, financial services organisations must put API security at the forefront to protect this growing attack surface. To do so requires dedicated API security tooling for the entire API lifecycle that provides continuous attack surface visibility, early attack prevention, and automated insights for continuous API improvement.

Continue Reading

Magazine

Trending

News2 days ago

Wombat partners with Currencycloud to launch its new, free Instant Investment service to open up investing for a wider market.

UK-based micro-investment platform Wombat has partnered with Currencycloud, the experts in simplifying business in a multi-currency world, to launch its...

Business2 days ago

A lack of training and email security solutions is contributing to a rise in email threats targeting the finance sector.

Mike Fleck, Senior Director, Sales Engineering at Cyren   Email remains the most popular and successful attack vector in the...

Top 102 days ago

Insurance providers must be ready to tackle quote manipulation as potential fraud rises

Sam Marsh, director, product management at LexisNexis Risk Solutions Insurance As road fuel costs reach a record high[i]  and inflation...

News2 days ago

Urban Company rolls out health insurance for service professionals in partnership with ACKO Insurance

Health insurance plan to benefit 40,000+ service partners in India Service partners can avail up to 12 free-of-cost online doctor consultations in a year...

Finance2 days ago

Main Factors Accelerating API Security Risks in Financial Services

By: Yaniv Balmas, VP of research at Salt Security   The API ecosystem is exploding and nowhere has API delivery...

Business2 days ago

Automation: the future of supply chains?

By Andrew Scargill, Logistics Operations EMEA at Digital River   Caught between the chaos of coronavirus and fallout from Brexit,...

News2 days ago

Can intelligent automation ensure the survival of the insurance industry?

Eric Tyree, SVP of AI and Innovation, SS&C Blue Prism   The economic viability of the insurance industry’s current business...

Business2 days ago

Time to make your energy future more predictable

– Alistair Booth, MD, Ortus Energy   UK businesses have a real opportunity to lock-in some energy certainty as a...

Top 102 days ago

Signals: Simplifying Trading Experiences

by LegacyFX Trading signals are a way for investors to indicate that the market is moving in a specific direction....

News4 days ago

Rivery Raises $30M B Round of Venture Funding from Tiger Global

With data needs growing and data talent scarcity, there is huge demand for Rivery’s 100% SaaS solution to create an...

Banking5 days ago

Wealth Managers and the Future of Trust: Insights from CFA Institute’s 2022 Investor Trust Study

Author: Rhodri Preece, CFA, Senior Head of Research, CFA Institute   Corporate responsibility is more important than ever. Today, many...

Interviews6 days ago

Q&A with Andréa Jacquemin, founder and CEO of Beamy

Beamy is a fast-growing scale-up that focuses on pioneering a new approach to SaaS management for large companies. Founded in...

News1 week ago

How to reignite your store with streamlined operations and a distinctive customer experience

Colin Neil, MD, Adyen UK   Retailers know that prioritising customer experience is vital to success today. This, amongst the...

Business1 week ago

5 tips to ensure CSR efforts come across as genuine

By Mick Clark, Managing Director, WePack Ltd   Corporate social responsibility – or CSR – is playing an increasingly pivotal role...

Business1 week ago

How to Build Your Credit Up Safely

by Taylor McKnight, Author for Compare Credit   What Is Credit? Credit is money owed by a person that allows...

News1 week ago

PCI DSS Compliance in the Cloud – Everything you should know

Introduction PCI DSS 4.0 is the latest and updated version of PCI DSS that was introduced on March 31st, 2022....

Banking1 week ago

2022 ESG Investment Trends

Jay Mukhey, Senior Director, ESG at Finastra   Environmental, Social and Governance (ESG) themes have been front and center throughout...

Business1 week ago

PROTECT THE VALUE OF YOUR SAVINGS AND AVOID RISING INFLATION PRESSURE

Planning for the next financial year? Former Bank Manager and successful whisky investor, Roger Parfitt, tells us why cask ownership is...

Technology1 week ago

UK Organisations turn to artificial intelligence to fight sophisticated cyberattacks

New research by cybersecurity expert Mimecast finds that email attacks are becoming more frequent and sophisticated More and more companies...

Finance1 week ago

The power of diversity: The need for female role models in FinTech

By Isavella Frangou, VP of Sales and Marketing, payabl.   As our world is constantly evolving, it’s easy to believe...

Trending