Connect with us

Banking

HOW BANKS CAN PROTECT THEMSELVES AGAINST RANSOMWARE

Published

on

Jay Ralph, Managed Cloud Global Sales Lead at SoftwareONE

 

We’ve seen a slew of high-profile ransomware attacks in 2021. From hackers compromising IT management software supplier Kaseya, to the long-running cyber-attack on the Irish health service, hackers have caused devastation to businesses. GCHQ say ransomware attacks in the UK have doubled in a year, with the banking industry being a particular target. Not surprisingly, hackers see banks as an ideal target due to the sensitive customer data, records and huge financial rewards they could reap if an attack succeeds. Globally, financial institutions experienced a 1,318% year-on-year increase in ransomware attacks in the first half of 2021, which is leading organisations to consider their security posture.

While large, multinational banks have robust cyber defences and more in-house cyber resources to fend off hackers, middle-market banks are more vulnerable to attack. These banks are less likely to use traditional, on-premises infrastructures, instead operating hyperscale and multi-cloud environments. This expands their digital footprint and can mean ransomware spreads more quickly throughout their IT infrastructure, putting them at greater risk of suffering major data loss and paying a ransom. The first step in avoiding this fate and fending off hackers successfully is for banks to know what they are up against. The following steps are those most commonly used by malicious actors using ransomware to attack financial organisations:

  • Social Engineering – Hackers prey on end-users’ trust and emotions. They require users to take an action, like clicking a link, which sets the ransomware process in motion. A dangerous email could be as simple as your boss seemingly sending you an appreciation gift card, or have an attachment purporting to be financial documents from a customer.
  • Executable Ransomware – Bank employees downloading an attachment or clicking a link triggers malicious code to write a file to the disk. Unfortunately, they have now downloaded and installed ransomware that executes when installed. From there, the ransomware spreads rapidly across the bank’s network and will execute on the malicious actor’s cue.
  • Fileless Attacks – When an employee clicks on the link or document, they download the ransomware code. However, they do not need to install the ransomware for it to execute and impact their device. Malicious code can hide inside legitimate applications, like Microsoft Word, which means any web-based application, storage location, or database is at risk. Fileless ransomware leaves little evidence as it doesn’t save anything on a device, which makes it difficult to find and remove it.

Typically, attacks happen at night or at a weekend. This puts strain on small IT teams at middle-market banks to carry out root cause analysis with limited insight into infrastructure. They must also communicate with key stakeholders on how the attack happened, its severity and impact, when it can be fixed, and whether to pay the ransom. Finally, teams must restore the affected data so the bank can get up and running. While protecting against ransomware might seem like a Herculean task for smaller banks, creating a proactive, defence-in-depth approach can mitigate both the likelihood and impact of a ransomware attack.

 

How to build defence-in-depth

Understanding vulnerabilities in their security strategy can help banks take a proactive approach to mitigate data breach risk. Here are four steps they can take to protect their business against ransomware:

  1. Start with Cybersecurity Awareness – Making employees aware of risks can help stop a ransomware attack ever occurring. Banks should look at training programs that offer baseline testing, to get a sense of what employees currently understand about cybersecurity and appropriate reporting to measure training effectiveness. They should use interactive and engaging content, incorporate gamification, and automate simulated phishing attacks to ensure users retain what they learn.
  2. Engage in Penetration Testing – Banks should schedule regular vulnerability assessments and penetration tests. Malicious code generally needs to engage in a pattern of behaviour as part of a ransomware attack, so it’s important that small banks test for these attack patterns and ensure their security controls’ effectiveness.
  3. Create a Regular Backup Plan – Many banks assume if they have Microsoft 365 that their systems are backed up. This is incorrect. Banks still need to set up backup and recovery procedures to prevent lost income and data from ransomware attacks. This can either be done in-house or through a partner. The ideal partner can automatically detect, compress, and duplicate data across your IT infrastructure, and will consolidate backup solutions to lower costs and maintain compliance with backup policies and security controls. They will also be able to restore data in the event of an attack, meaning the victim bank can concentrate on root cause analysis and communicating with customers and stakeholders.

Ransomware will continue to plague banks for as long as cybercriminals can make money through it. Any organisation of any size could be a victim, but there are steps smaller banks can take to mitigate risk of an attack and reduce impact on your organisation if one ever takes place.

 

Banking

Cryptoassets and the European Central Bank’s new “PISA” Framework

Published

on

By

Alpay Soytürk, Chief Regulatory Officer Spectrum Markets

 

The European Central Bank has published a new oversight framework for electronic payment instruments, schemes and arrangements: “PISA”. In doing so it is further expanding its supervisory portfolio and entering into an area of significant public interest as the framework includes crypto-assets.

Crypto payments

The PISA framework will cover crypto-asset-related services but only to the extent they are relevant to the task of promoting the smooth operation of payment systems, which is as central an element of the ECB’s mandate as the definition and implementation of monetary policy, foreign exchange operations or the management of the euro area’s foreign currency reserves.

As an example of the scope of crypto-payments subject to the PISA framework, the ECB has highlighted the acceptance of crypto-assets by merchants within a card payment scheme and the option to send, receive or pay with crypto-assets via an electronic wallet. There seems to be a clear focus on payment tokens that does not include utility tokens, security tokens, Initial Coin Offerings or Security Token Offerings.

 

Out of scope

PISA excludes services where the transfer of value has only an investment focus. It also excludes services for which the transfer of value is executed solely in banknotes and coins, paper cheques, paper-based bills of exchange, promissory notes or similar. Paper-based vouchers or cash card issuance are also not in scope. The latter refers to cards that are issued for the purpose of depositing funds on it at the disposal of the receiver of a payment.

In other words, PISA focuses on all mechanisms that are based on electronic payment instruments with a general purpose, i.e., whose value transfer function is not limited to a single type of payment recipient or specific use, including instant payments and payment mechanisms in the B2B-sector, plus the usage of electronic payment instruments to place or withdraw cash.

 

Regulatory context

The ECB defines electronic payment instruments as (sets of) personalised devices, software or procedures agreed between the end user and the payment service provider to request the execution of an electronic transfer. In practice, this covers payment cards, credit transfers, direct debits, e-money transfers and digital payment tokens.

Consequently, there are overlaps with the PSD2[1] rather than with the MiCA[2] or the DLT Pilot Regime[3] proposals. As such, the ECB is expanding the scope of definitions to take into consideration the technological progress of recent years.

For the ECB, all representations of value backed by claims or assets denominated or redeemable in euros are in scope as well as other digital assets that are accepted under the rules of a scheme for payment purposes or to discharge payment obligations in euros.

 

Oversight and enforcement

The ECB maintains a Crypto-Assets Task Force, and it was this body’s analysis that led to the conviction that there are potentially material financial stability risks, and risks to the safety and efficiency of the payment system as a whole, should payments via stablecoins remain unregulated.

Following a 2020 public consultation, this finally led to the establishment of the PISA framework. However the ECB lacks the infrastructure to perform all the relevant surveillance and enforcement tasks to ensure the very highest levels of governance.

Consequently, for oversight purposes, i.e. the collection and assessment of information and implementation measures, the ECB assigns primary oversight responsibility to the national central banks within the Eurosystem.

The ECB has explained that, in this assignment, it emphasises proximity to the entity subject to oversight (e.g., the country of incorporation, national laws attributing specific oversight responsibilities to central banks concerned, subject to any Treaty-based requirements).

“Schemes” and “Arrangements”

PISA aims at the governance bodies of so-called “schemes” and “arrangements”, ensuring they behave in compliance with the ECB’s oversight expectations.

A scheme is defined as “a set of formal, standardised and common rules enabling the transfer of value between end users by means of electronic payment instruments”, managed by a governance body – while in practice, the governance body and the payment services provider are identical. Examples of schemes are card payment schemes, e-money schemes, digital payment token schemes, credit transfer schemes and direct debit schemes.

The ECB defines an “arrangement” as “a set of operational functionalities which support the end users of multiple payment service providers in the use of electronic payment instruments”. An example of an arrangement is an electronic wallet. The definitions, which are cryptic in the most literal sense, are designed to cover the entirety of the relevant area which would be difficult with classic categorisations where a service is provided organisationally and physically decentralised.

Looking to 2022

PISA was approved by the ECB’s Governing Council on 15 November 2021 and becomes applicable as of 15 November 2022 for schemes that are already subject to oversight by a national central bank within the Eurosystem. New schemes and arrangements have to abide by the PISA rules within one year after being informed that they fall within its scope.

 

[1] Directive (EU) 2015/2366, the “Payment Services Directive (PSD2)”
[2] Regulation on “Markets in Crypto-assets”
[3] Regulation on a “pilot regime for market infrastructures based on distributed ledger technology (DLT pilot regime”)

Continue Reading

Banking

Cloud technology in banking: Why adoption is on the rise

Published

on

By

Alpesh Tailor, Executive Director at digital transformation specialist GFT

 

The banking sector has never shied away from innovation, whether it is new products to improve customer savings habits or new ways of interacting with people and business, but embracing new technologies such as cloud has, until recently, been relatively slow. However, leading global financial institutions such as Goldman Sachs and Deutsche Bank have accelerated their adoption of cloud, which can provide insights for efficient technology transformation across the sector.

We conducted research to measure 21 medium-size and large banks’ sentiment and operations regarding cloud technology. Examining the relationship between cloud technology and banking professionals, our research provides an insight into the overall finance sector’s perception of cloud technology and how its application can improve banking procedures and efficiency.

 

Scale-up abilities

A significant trend showed that the way people use their finances and banking systems has changed, particularly when it comes to payments and transfers. Our research revealed that 86% of bankers have adopted cloud services to harness its virtually unlimited scalability, citing a definitive change in transaction behaviour as the main reason for moving to the cloud.

In the world of retail banking, buy-now-pay-later, open banking, and contactless payment systems have revolutionised the way people use their bank, making financial management easier and more efficient. However, despite these evolutions, high street banks are playing catch-up to the challenger banks who possess fewer legacy processes and, therefore, an easier migration to new technologies, such as the full utilisation of cloud and artificial intelligence.

The cloud provides a dependable, scalable, and flexible data system that allows traditional banks to modernise quickly and stay abreast of the innovations that ‘born-in-the-cloud’ challenger banks are bringing to the market. An increasingly popular way of doing this is by adopting a hybrid and multicloud approach.

Most organisations are considering diversifying their cloud technology, with 76% of bankers now agreeing with the importance of implementing multicloud systems in order to benefit from resilience and security improvements made by the main cloud providers. These cloud ‘hyperscalers’ also provide regular updates and continue to release exclusive new services and platforms as they continue to innovate.

 

Optimising costs

Our research indicates that cost optimisation is a primary reason that banks are looking toward the cloud for their future storage needs, with 81% of bankers confirming they have adopted cloud technology to save costs.

Installing and maintaining on-premise IT systems is lengthy and costly for financial institutions. When using the cloud, however, purchasing and installing hardware is no longer required as the cloud service provider hosts all the required infrastructure. The management of the hardware is included within this, reducing the overall cost of IT support further.

 

 Organisational inertia

Technological innovations are usually heralded for their ability to streamline operations, making them quicker and more secure. Our research illustrates that 62% of bankers believe organisational culture and inertia to be a key challenge within the sector. Besides being flexible for scalability and cost, adopting cloud technology can bolster organisational efficiency, since banks can spend fewer resources managing the relationship between trading volumes and payment infrastructure. Bankers acknowledge this opportunity, with 95% of organisations understanding that cloud technology can reduce time-to-market.

 

Overcoming misconceptions with cloud technology

Misconceptions usually exist around any emerging technology and our research found that this theme continues with cloud technology.

43% of the bankers we spoke to admitted that security concerns have impeded full cloud migration – a concern that has frequently been confirmed when speaking to financial services institutions. However, cloud providers invest heavily in the security of their cloud infrastructure which, as a result, makes it almost always safer than its on-premise, client-owned counterpart.

One aspect of adopting the cloud that continues to cause concern, is that which is commonly termed the ‘digital skills gap’. More than half of banks claim a lack of cloud-savvy employees internally has slowed down adoption. At GFT, we understand that this is a major issue for the adoption of cloud technology in all sectors, including banking, and have committed to training and encouraging young people to learn the required skills and enter the sector. We recently launched our Manchester Innovation Hub – a dedicated location to support the upskilling and growth of tech roles in the north.

Going forwards, cloud technology is the primary option for banks seeking to evolve and scale their business, whilst minimising risk, time and cost. Bankers recognise these benefits and the overall findings of our research suggest they will continue to grow their investment in cloud technology. Whilst evolving traditional legacy systems is very challenging, cloud technology continues to advance and we believe that over time it will become a powerful mainstay within the financial services industry.

 

Continue Reading

Magazine

Trending

News5 hours ago

Russia and Turkey still keep door open to crypto adoption

Bitcoin dropped around 5% yesterday after the much-anticipated FOMC meeting, where Jerome Powell was more hawkish than expected. Although there...

Business5 hours ago

Using OKRs to transfrom business in a new working environment

Managing the challenges of rapid business growth while also adapting to a hybrid world of working forced by the global...

Business5 hours ago

The evolution of the CFO: 91% still carry out repetitive and manual tasks despite the new demands of their role

‘The future CFO’ research conducted by Xledger, the cloud finance software provider, finds that there is a lack of support...

Finance5 hours ago

Why indirect tax continues to cause headaches for the finance, IT, and tax teams

By Roger Lindelauf, Director, SAP Centre of Excellence, Vertex Inc   Businesses across Europe continue to navigate a complex tax...

Top 105 hours ago

Why the rise of millennials spells change for insurance companies

By Stephan Kaiser, CEO at KoverNow   Most of us, regardless of our age, use our phones to inform shopping...

Banking6 hours ago

Cryptoassets and the European Central Bank’s new “PISA” Framework

Alpay Soytürk, Chief Regulatory Officer Spectrum Markets   The European Central Bank has published a new oversight framework for electronic...

Business6 hours ago

Are we there yet? The journey of consumer spending habits is not over

Dr. Alexandra Dobra-Kiel, Head of Behavioural Research and Insight, Behave   One of the upheavals in our lives over the...

Business2 days ago

What Every Small Business Should Do

The majority of the difficulties associated with establishing a business stem from failing to accomplish the small things correctly. The...

Business2 days ago

5 Ways That Businesses Can Get the Most Out of Their Digital Marketing

Everyone knows that the world of marketing has been changing for the last two or three decades. The days of...

News2 days ago

Transact365 launches seamless cross border payments in India

Transact365 enables merchants to transact locally in India Merchants can partner directly with Transact365 without needing to source local partners...

Banking2 days ago

Cloud technology in banking: Why adoption is on the rise

Alpesh Tailor, Executive Director at digital transformation specialist GFT   The banking sector has never shied away from innovation, whether...

Technology2 days ago

A Smarter World: What role will electronics play in 2022

There has been a sharp increase in technology and devices designed to make our lives simpler, faster and more productive...

Business2 days ago

Top 4 Electronics Development from 2021

Phil Simmonds, Chief Executive Officer of EC Electronics.   As we embark on a new year of business, it is a good time to...

Top 102 days ago

Investing in workforce intelligence now, leads to an optimised tomorrow

Michael Cupps (Senior VP, Marketing, ActiveOps) discusses four critical ways in which a new world of workforce data improves organisational...

CRACKING THE CRYPTO CODE CRACKING THE CRYPTO CODE
Business2 days ago

The Evolution and Challenges of Crypto Regulation

Cryptocurrency regulations are evolving quickly around the globe with authorities responding to developing risks professed by criminals exploiting the latest payment...

News2 days ago

Europe’s first blockchain neobank, BENKER, opens for pre-registration

BENKER(http://www.benker.io/) is to become the first officially licensed blockchain neobank launched in Europe following approval by the Bank of Lithuania under the Electronic Money Institution...

Technology5 days ago

AI-Powered Fraud Prevention for Digital Transactions

By Martin Rehak, CEO of Resistant AI Fraud is on the rise, thanks to the rapid escalation of digital channels...

Top 105 days ago

The future of retail trading

Joe Jowett, CEO of StrikeX   The 2020s look set to be the decade of the retail trader. As the...

Business5 days ago

Dissecting the expansion of online checkouts

Daniel Kornitzer, Chief Business Development Officer   Card payments have long existed as the preferred payment method for online consumers....

Business5 days ago

How bug bounty programs can help financial institutions be more secure

Rodolphe Harand, Managing Director at YesWeHack   Financial services have been one of the most heavily targeted industries by cybercriminals...

Trending