Connect with us

Banking

From Dwell to Destruction: the evolution of cyber attacks in the financial services sector

Published

on

By Tom Kellermann, Head of Cybersecurity Strategy at VMware

 

The last couple of years has not only seen an increase in the number of cyber-crime cartels in Europe, but a significant increase in the sophistication of their operations too. According to research by the UK cabinet office, the UK experiences the highest number of cyber-crimes in Europe every year, followed by France.  Powerful cybercriminal groups now operate like multinational corporations and are relied upon by traditional crime syndicates to carry out illegal activities such as extortion and money laundering. These cartels are more organised than ever before and enjoy greater protection and resources from the nation-states that view them as national assets.

Howler-Tom-Kellermann-

With this ground truth serving as the backdrop for the threats facing financial institutions, I interviewed 130 financial security leaders and CISOs from around the world for VMware’s  fifth edition of the Modern Bank Heists report. This year’s findings should serve as a warning to the financial sector that attackers are moving from dwell to destruction:

 

Geopolitical Tension Is Metastasizing in Cyberspace

Cybercriminals targeting the financial sector often escalate their destructive attacks in order to burn evidence as part of their counter incident response. Our report found that 63% of financial institutions experienced an increase in destructive attacks, a 17% increase from last year. Destructive attacks are launched punitively to destroy, disrupt, or degrade victim systems by taking actions such as encrypting files, deleting data, destroying hard drives, terminating connections, or executing malicious code. In fact, we’ve recently witnessed destructive malware like HermeticWiper being launched following Russia’s invasion of Ukraine. Notably, the majority of financial leaders I spoke to for this report stated that Russia posed the greatest concern to their institution.

 

The Year of the RAT

Financial institutions were certainly not immune to the recent resurgence of ransomware. 74% of financial security leaders experienced one or more ransomware attacks in the past year, and 63% of those victims paid the ransom. This is a staggering statistic.

One of the reasons that traditional crime syndicates have become loyal dark web customers is because of the well-funded ecosystem of readymade and available ransomware kits. Cybercrime cartels, such as the Conti ransomware gang, have made it as easy as possible for their associates to launch ransomware attacks on critical industries like the financial sector.

A technical analysis in the VMware Threat Analysis Unit’s latest threat report provides a view into the proliferation of ransomware and how Remote Access Tools (RATs) help adversaries gain control of systems. Ransomware has a sinister relationship with these RATs, given these tools allow bad actors to persist within the environment and establish a staging server that can be used to target additional systems. Once an adversary has gained this limited access, they will typically work to monetise it by relying on the victim’s data for extortion (including double and triple extortion) or through stealing resources from cloud services using cryptojacking attacks.

 

Manipulation of Financial Markets

Cybercrime cartels have realised that the most significant asset of a financial institution is nonpublic market information. 2 out of 3 (66 percent) of the leaders I interviewed experienced attacks that targeted market strategies, and 1 in 4 (25 percent) stated that market data was the primary target for cyberattacks on their financial institution.

What exactly are these cybercrime cartels looking for? We’re witnessing an evolution from bank heist to economic espionage, where cybercriminals target corporate information or strategies that can affect the share price of a company as soon as it becomes public. This information can then be used to digitise insider trading and front-run the market. Our report also found that 44% of Chronos attacks targeted market positions. A Chronos attack involves the manipulation of time stamps – a concerning development considering how critical of a role the clock plays in the markets.

 

Defense Is the Best Offense

Security has become a top-of-mind issue for financial sector leaders. According to our report findings, the majority of financial institutions plan to increase their security budget by 20-30% this year and named extended detection and response (XDR) as their top security investment priority.

As security leaders, we know that a strong defence is the best offense. Modern threat hunting on a weekly basis should be adopted as a best practice to help security teams detect behavioural anomalies, as adversaries can maintain clandestine persistence in an organisation’s system. Our report found that currently, only 51% of financial institutions are conducting weekly threat hunts. I am hopeful that this number will jump in next year’s report as threat hunting programs have multiple outputs beyond finding a cybercriminal, such as fuelling threat intelligence.

In today’s evolving threat landscape, cybersecurity has become a brand protection imperative. Trust and confidence in the safety of financial institutions depends on effectively avoiding, mitigating, and responding to modern cyber threats. As governing bodies introduce new regulations and levy hefty fines, it is time for the sector to take control and get one step ahead of the cyber cartels.

 

 

 

 

 

Banking

Three tips to help banks profit from the rise of managed services

Published

on

By Chris Mills, Global Head of Managed Services Sales, Finastra

Research from IDC finds that only 29% of banks claim to have a long-term, strategic digital transformation plan in place, despite results showing firms that had invested in transformation saw improvements of 27% in reducing risk, 27% in innovation and 26% in improved customer satisfaction. The days when banks’ IT teams operated in isolation of business goals should be very old news. Effective CEOs build digital transformation into their strategies from the start, and the most successful CTOs understand how to apply technology to achieve business success.

In many ways, CTOs have become more like orchestrators or conductors than individual instrumentalists. They need everybody on their team to work in concert to deliver value according to desired business outcomes. It’s less about building IT from scratch and more about assembling components and making sure that they operate smoothly and cost-effectively.

Chris Mills

One of the most striking findings is that 40% of financial institutions said that the pandemic meant they had to accelerate and increase all of their digital-first initiatives. They had to innovate to remain viable and competitive. It’s also clear that there is no longer just one, singular path of IT delivery. Instead, CTOs are facing multi-threaded challenges. It means CTOs must consider many different deliverables and leverage all the resources at their disposal, including internal and external partners.

Changing customer expectations

The financial services sector was facing a range of external challenges even before the pandemic arrived. For example, from a consumer’s perspective, the exponential advancement of a smartphone’s technological capabilities in recent years has increased their expectations for new updates and improvements. This behavioural change has impacted customer decision-making and they now expect a high level of service and responsiveness, whether they are customers of a retail or a corporate bank.

The banking industry also faces regulatory, compliance, resilience, and sustainability issues. As ESG agendas become an increasingly important priority for financial institutions, pushed by the rise of net-zero targets, CTOs must respond to these demands, and that’s why they see innovation as such a key focus.

But how can financial institutions that are late to the digital transformation party use technology to capture competitiveness and improve responsiveness for their clients?

One approach that has proved successful is managed services, which is a term used to capture the blending of services, product, and functional capabilities. When CTOs consider this option, they need to start by thinking about the business outcomes with the associated technical and functional expertise they need.

This includes the business uptime that is required, scalability and deployment speed. Does the bank need to roll out capabilities across the globe, and does it need to serve only the main financial markets, or emerging markets too?

Another question CTOs must consider is choosing what service partner to work with. Large system integrators have been providing these services for a long time, but a software partner like Finastra has advantages in terms of product proximity.

Service providers must offer tailored products focusing on the needs of its clients. Offering quality software allows banks to achieve their long-term strategic outcomes.

It’s important to look at all areas of a banks’ business, For example, what does the payments team need?

What does the head of lending need? What does the head of treasury need in order to grow their business over the next five years?

With that in mind, I offer three tips to banks when considering managed services.

1. Be very clear about what your business outcomes need to be. Really drill down into KPIs and metrics that we can look at to ensure we provide the service your bank demands. This can range from resiliency, compliance, regulation or even functionality and capabilities – such as how often you require upgrades.

2. Measure and assess your own resources, skills and capabilities. Understand where you want to draw the line between the responsibilities you would want a service partner to take on and what you want to retain. There shouldn’t be any grey areas. You want a clearly-defined line where responsibilities lie, so that everyone is very clear about who’s doing what and how KPIs and service levels will be met.

3. Be prepared to develop a long-term strategic partnership, over five or 10 years. We expect hard questions, and you should be expecting them back – ultimately that’s how good relationships and partnerships work.

As IDC writes in its report ‘New service models to accelerate innovation in banking’ these holistic and software-led models require banks to master a set of new skills, including governance and partner management. Service partners should be industry-savvy, should supply end-to-end expertise, and should be aligned to support the financial institution’s business goals, not just technical KPIs.

Digital transformation infrastructure management requires CTOs to act as a conductor, rather than a solo performer.

 

Continue Reading

Banking

How Biometric Payments Are Tackling Financial Exclusion

Published

on

By Catharina Eklof, CCO, IDEX Biometrics

We are moving closer to a cashless society: 89% of payments in the UK are contactless and, globally, contactless payment transaction values are set to surpass $10 trillion by 2027. Ease, convenience, security, and inclusion have accelerated the transition away from cash. However, many of today’s current payment solutions are leaving entire cross sections of society behind: including the most vulnerable, underserved, and unbanked populations.

Developments in the payment sector over the past decade still aren’t a perfect fit for all. Those suffering from dementia, literacy challenges, or impaired vision can find current payment methods – with a PIN to remember – extremely challenging. Financial inclusion requires us to make payments accessible to all demographics. Though the financially excluded represent minorities, they account for an estimated 1.7 billion people – almost a third of adults globally.

Enabled by huge advances in technology, our evolving social dialogue has become accelerated and unfettered, on a global scale. It is critical to harness technology as a force for dynamic economic improvement: democratizing access to banking and payments. As such, we need to look beyond mobile wallets or digital payments and support those in need of easier access to payment and fintech solutions. A more inclusive form of payment technology is essential.

Catharina Eklof

 

Personal Identity as the New Pin Code

Many communities remain vulnerable or underserved by the functionality of traditional payment solutions such as bank cards. These products are, at their core, only linked to the owner by way of name and signature, offering limited security and protection. With contactless payments, no link whatsoever is required to a card for payment.

In an increasingly contactless society, fraud and digital security are growing concerns. Credit and debit cards can be used by anyone, and card readers don’t understand if cards have been apprehended illegally. Vulnerable groups may also struggle to input their credentials into what can be, for some, a complex system. Empowering those vulnerable groups therefore means providing them with the independence to access payments with greater ease.

Biometric payment cards play a significant role in bridging the gap between the financially underserved and the financially included. Simple and secure financial authentication, like facial or fingerprint recognition, allow payments to become about who a person is rather than what they know or remember. If individuals can be personally linked to a payment card via biometrics, it can address the significant 1.1 billion people worldwide who are currently without official government identification or access to it. In Nigeria alone, 149 million individuals lack the legal means to evidence their identity, while in South Africa, 12 million individuals are excluded from the country’s formal identity system.

Fingerprint authentication has the added benefit of optimizing security, in that it requires the individual to opt into a purchase, avoiding any issues of unauthorized or unintentional payments from having a reader placed near the card owner’s face. This provides increased independence for the blind and visually impaired, who account for an estimated 2.2 billion people globally, as it allows for seamless payment authentication without sensory barriers. Similarly, biometric smart cards can be transformative for more than 55 million people living with dementia and Alzheimer’s, as it enables access to payment without the difficulty of remembering passcodes.

Literacy is also a little talked about hurdle to inclusion. Globally, there are 750 million “functionally illiterate” individuals struggling to use and understand financial products. Across all levels of education, biometric authentication is a universally inclusive concept. It is easy to communicate and understand that one’s fingerprint is inherent to their identity, and can act as a form of verification. Biometric smart cards facilitate and secure payments with ease by simply requiring their fingerprint to instantly authenticate their own card.

 

Pushing on With Progress

Even the most reluctant individuals are likely to have succumbed to contactless payments and some form of digitized banking in recent times. This will have the positive impact of making the needed transition to biometrics more seamless. Using fingerprints or facial recognition to unlock phones or access apps is not unusual. If anything, they have been convenient and comforting additions to the surge of tech innovations over the last couple of decades. There is a relief in knowing that these portals are being secured by methods that are almost impossible to replicate.

It is a breakthrough that financial players and governments in the world’s most developed countries still need to catch up with, as emerging economies have already capitalized on biometrics’ capabilities for almost a decade now. In India, for example, internal fraud and leakage from pension payments dropped by 47 percent after transitioning from cash to biometric smart cards. Because the solution bypasses the need for prior credit ratings or credentials, the country has also been able to catalyze safe online banking among previously unbanked adults since biometrics’ introduction in 2014.

Meanwhile, in Pakistan, the total number of mobile wallet accounts tripled from 5 to 15 million in 2015, with an estimated 50 percent of new registered mobile wallet accounts opened using biometric authentication. This was a result of Pakistan’s National Database and Registration Authority’s (NADRA’s) effort of collecting biometric information to allow for more convenient and democratic account opening processes.

Many around the world have been marginalized by both the pace of change in banking and the solutions that have, to this point, been created to accommodate such change. With the mass adoption of biometric smart cards, the same benefits seen in India could be realized on a global scale. If we take on the opportunity in front of us – promoting solutions like biometric smart cards to increase accessibility to the global economy – we will foster a digitally-focused, equitable and inclusive society. This doesn’t just mean ease and convenience, but also security for all and financial inclusion of those who have been left out of digital evolution, until now.

Continue Reading

Magazine

Trending

News16 mins ago

Tata Motors partners with IndusInd Bank to offer exclusive Electric Vehicle Dealer Financing

Key Highlights:   One-of-its kind Electric Vehicle Inventory Financing program for Tata Motors’ dealers  Limits extended towards EVs will be over...

Finance26 mins ago

astrantiaPay Selects SaaScada to Enrich Swiss Landscape of Business Payments and Fill Market Gap

Swiss financial firm, astrantiaPay, to use SaaScada’s cloud-native core banking engine to simplify cross-border payments for SMEs and facilitate international...

Business14 hours ago

How Big Data is Transforming Bilateral Trading

By Stuart Smith, Co-Head Business Development – Data & Risk   Since its inception, Big Data has been an important...

Banking15 hours ago

Three tips to help banks profit from the rise of managed services

By Chris Mills, Global Head of Managed Services Sales, Finastra Research from IDC finds that only 29% of banks claim...

Banking15 hours ago

How Biometric Payments Are Tackling Financial Exclusion

By Catharina Eklof, CCO, IDEX Biometrics We are moving closer to a cashless society: 89% of payments in the UK...

Banking2 days ago

Poor software testing puts banks at high risk of IT failures

 Sune Engsig, VP Product at Leapwork   IT failures have plagued the banking industry for several years. From the TSB computer...

Finance2 days ago

The Importance of Experienced Customer Service Advisors in Finance

If there is one thing which can be said about the finance sector, it would be that as a customer-facing...

Business4 days ago

Financial Services Makes Gains In Employee Engagement

By Phil Chambers, GM Workday Peakon Employee Voice    A new report shows that the financial services industry improved in...

Business4 days ago

The FTX collapse: Lessons learnt for the CFO

Hartmut Wagner ,CEO of Serrala   ‘A complete absence of trustworthy financial information’ were the words used to describe the...

Business5 days ago

Black Friday, Cyber Monday and beyond: The inevitable shift to mcommerce

Arunabh Madhur, Regional VP & Head Business EMEA at SHAREit Group   Last year, we saw explosive growth in Black...

Business5 days ago

Keeping your options open and flexible: How to manage cloud migration for Financial Services Organisations

By Rachel Mcelroy, Marketing Director at Cloud Gateway   Financial Services Organisations, such as banks, insurance firms, and accounting firms,...

Business5 days ago

What makes a good entrepreneur?

By Emma Lewis, Myriad Associates Ireland   Many of us have dreamed of coming up with the next big thing...

Finance5 days ago

Things To Think About Before Starting Your Cryptocurrency Investment Journey

Making the decision to start investing can be an exciting time. Knowing that you’re going to be taking a more...

Banking5 days ago

How banks can increase customer acquisition and user engagement with sustainability

By Karolina Szweda, Head of Growth Marketing at Connect Earth Young people are demanding more innovation from traditional financial institutions,...

Banking5 days ago

The new blueprint for Open Finance? – A look inside the new Saudi Open Banking Framework

Chris Michael, Co-Founder & CEO, Ozone API   It has been a genuine privilege for all of us at Ozone...

Business6 days ago

How intelligent AP automation can put construction businesses on solid ground for growth

Cody Manning, NORAM Chief Sales Officer at Yooz   The ability to access personal emails, utility bills, invoices and other...

Finance6 days ago

Unlocking the power of AP Automation to tackle payment fraud in an economic downturn

Daniel Ball, SVP Innovation at Medius   Fraudulent activity in the workplace is not stopping any time soon. According to...

Business1 week ago

Why building trust in the workplace should be an employer’s priority

Emma Price, Head of Customer Success of ActiveOps discusses why managers should focus on workforce trust to negotiate the management...

News1 week ago

Times International and SaaScada partner to deliver innovative trade and commerce financial solutions

Global trade is forecast to increase between 30% and 70% by 2030, with 80% relying on trade finance. With traditional...

Top 101 week ago

Top 5 Holiday Season Fraud Trends

By Doriel Abrahams, Head of US Analytics, Forter With International Fraud Awareness Week and the holiday shopping season officially underway,...

Trending