Business
How bug bounty programs can help financial institutions be more secure
Published
2 years agoon
By
admin
Rodolphe Harand, Managing Director at YesWeHack
Financial services have been one of the most heavily targeted industries by cybercriminals for several years. One alarming stat from the Boston Consulting Group found these firms to be 300x as likely as other companies to be targeted by cyberattacks.
Furthermore, the pandemic has led to a significant increase in the number of cyberattacks targeting financial institutions (FIs), with around 74% experiencing a spike in threats linked to COVID-19.
With FIs holding some of the largest collections of sensitive and private data, it’s clear they will remain an attractive target for malicious actors, especially as any data stolen can be used for fraudulent activities. This leads to the reputational damage of the financial entity that was compromised and has a knock-on effect in terms of monetary and reputational damage to affected customers.
For CISOs at FIs, the conundrum faced is how do you protect intellectual and customer data, and ensure accountability and transparency for clients and stakeholders, at a time when the pandemic has created budget constraints. Research from BAE Systems found that last year alone, IT security, cybercrime as well as fraud and risk departments had their budgets cut by a third.
Below we look at how bug bounty programs can help to address these pressing issues.
Protecting valuable data
Protecting customer and intellectual data has always been a top priority for FIs. However, as opportunistic cybercriminals have a lot to gain by stealing this valuable data, there is a constant evolution of threats, which means FIs must stay on their toes. By deploying a bug bounty program, FIs can work with ethical hackers that have a wealth of experience and unique skills when it comes to identifying security weaknesses within a FI’s defence, thus helping to implement effective security measures to help prevent data breaches.
Building trust among various stakeholders such as customers, suppliers and investors is critical for achieving business goals. By deploying a bug bounty program, FIs send out a message that they care about protecting the security of the data of those they work with – which in turn can have a cascading effect resulting in better business performance.
Improving accountability
For FIs to win customers and keep them happy, amidst the growing threat of neo banks and customer-centric fintech organisations, speed of innovation is crucial. As such, many FIs have adopted an agile approach to build, test, and release software faster to bring online and mobile banking solutions to market quicker. However, this can create frictions between development and security teams. Security mandates are deemed to be unnecessarily intrusive and a cause of delayed application development and deployment.
Yet, with DevOps teams needing to build and deploy applications faster than ever before, an epidemic of insecure applications has emerged. According to Osterman Research, 81% of developers admit to knowingly releasing vulnerable applications, while research from WhiteSource found 73% of developers are forced to cut corners and sacrifice security over speed.
With developers often not having the time, tools, skills, or motivation to write impeccably secure code, there is an evident need to provide developers with more support when it comes to building applications securely Fortunately, bug bounty programs can provide a “fact-based” financial implication of inherent security flaws within the process. This makes it possible to hold development teams and service providers accountable for creating or delivering insecure products, thus addressing inherent security gaps within the business units and helping to drive continuous improvement.
Moreover, security awareness and education of developments teams can be improved significantly for those developers that are directly involved with the management of vulnerability reports for their bug bounty programs. This is because, the mere fact of exchanging information with ethical hackers, or assimilating the thinking of a potential hacker and having proof of concepts of vulnerability exploitation on their application components, naturally accelerates consideration of security early in the development stage and provides ongoing learning.
Get more return on your investment
According to Gartner, 30% of CISOs effectiveness will be directly measured on their ability to create value for the business. When security budgets are challenged, CISOs need to demonstrate business value through initiatives designed to enhance efficiency whilst stretching the dollar.
This is where bug bounties can help tremendously. Compared to conventional penetration testing, bug bounty offers a fast, complete, and measurable return on your security investment, with businesses only paying out for successful discovery of vulnerabilities. Equally, businesses get access to hundreds of ethical hackers that can test their programs, each with their own unique skillsets as opposed to only one skilled researcher testing the network. This results-driven model ensures you pay for the vulnerabilities that pose a threat to your organisation and not for the time or effort it took to find them.
Bug bounty programs also deliver rapid vulnerability discovery across multiple attack surfaces. With this approach, organisations receive prioritised vulnerabilities and real-time remediation advice throughout the process to accelerate the discovery of, and solution to vulnerabilities.
Another appeal of bug bounties is that due to the continuous nature of testing, more vulnerabilities are found over time as opposed to pen-testing. This is key to financial institutions that require agility to keep up with the continuous roll-out and updates of applications.
The cornerstone to a successful security programme
The risk posed to financial institutions by cyber threats will only continue, as evidenced by the number of data breaches seen in recent times. The COVID-19 pandemic has only exacerbated these risks, especially with almost all FIs having needed to shift to a remote working environment – which has only widened the attack landscape.
For FIs, a bug bounty program should be considered a fundamental cornerstone of any security strategy, with it being a modern-day cybersecurity solution that is well-equipped to tackle the immediate security challenges they face. In doing so, FIs will not only prove to customers and stakeholders their commitment to data protection and security but this will also be help them to avoid the monetary damages that could be imposed by regulators if a breach was to take place.
Banking
Building towards an inclusive financial future
Published
4 days agoon
September 22, 2023By
editorial
By Catharina Eklof, CCO of IDEX Biometrics
From the visually impaired to displaced migrants, the unbanked, and people living with dementia – a burgeoning financial gap exists across many areas of society. In fact, as of late 2021, almost one-third of adults around the world were reported as unbanked according to the World Bank Group. That’s around 1.7 billion people – with half coming from the poorest 40% of the world’s population. Being financially excluded in this way means not having access to common financial services including savings accounts, loans, a credit rating, or even a bank account. Those who are awaiting clearance to join a country’s financial ecosystem, such as migrants, are also finding themselves left behind by the modern financial infrastructure.
As societies reliance on digital and contactless transactions over cash continues to grow, this financial gap is only set to widen. In less than 10 years, the share of Americans not using cash for payments has increased by double digits, reaching 41%. By 2031, cash payments are expected to make up only 6% of all transactions.
Fortunately, biometric smart cards can bridge this gap for people in the Global South, migrant populations, as well as those with visual or cognitive disabilities worldwide, who deserve to feel secure, included, and independent.
The challenges surrounding passwords
COVID accelerated the transition from cash to contactless payments and the use of digital wallets, creating a challenge for many. By 2024, it is expected that digital wallets and cards will account for 84.5% of all e-commerce spend.
Digital transactions traditionally rely on the use of PINs that can easily be forgotten, as studies have found that we manage 100 passwords on average across various sites and services. In the US alone, consumers report relationships with more than three financial institutions and have more than four accounts per household. The challenge of password recollection is only growing. To counter rising cybersecurity threats, several countries now mandate two-factor authentication for retailers and service providers, creating further complexity.
However, organizations are responding to financial exclusion. Card provider Mastercard introduced its contactless PayPass offering, as well its Touch Card developed alongside Amjan Bank which enables the visually impaired to distinguish between their cards. Both look to provide a better customer experience for people struggling with the digital changeover. For those living with dementia, Mastercard has also partnered with Sibstar and the Alzheimer’s Society to create a specific card where limits, transactions, top-ups and notifications can be viewed and managed via a complementing app. Likewise, Turkish neo bank Papara introduced a Bluetooth debit card that provides visually impaired users with audio prompts when making payments.
Protecting the visually impaired
There are at least 2.2 billion visually impaired people globally. In 2019, it was found that 89% of visually impaired have been victims of fraud or have made errors when paying for goods and services. This figure comes prior to the pandemic, and the proliferation of digital transactions, suggesting an even bigger concern today.
PINs present an obvious security issue for this demographic, with others able to oversee their inputs and then manipulate them. Contactless payments go some way to solving that problem but pose the risk of fraud as there is no PIN verification below the increasing threshold amount, now at £100 in the UK, where the average annual wage is £27,756. In India, where the average annual wage is 9,45,489 rupees (roughly £9000), contactless limits are set to 5000 rupees (£48). Many accounts also require visual-based inputs to prove identity, such as CAPTCHA, proving as a barrier for the visually impaired.
Enhancing awareness on a regulatory level is key for driving change and reassuring vulnerable groups. The EU Accessibility Act is an example of how payment service providers are obliged to comply with accessibility standards. This includes making interfaces perceivable, operable, understandable, and robust, to ensure that individuals with disabilities can effectively navigate payment interfaces.
Paving the way with biometrics
Including braille on cards for easy identification is a crucial step for the visually impaired. This can also be used on biometrics smart cards, with sensor textures to confirm the user has selected the correct method of transacting. Not only do these cards provide convenience and inclusivity, but they also promote ultimate security by linking a person’s identity directly to their fingerprints. This data is encrypted within the card itself, reducing any concerns surrounding fraudulent behaviour or of data being lost via a centralized breach or large-scale hack.
In this context, biometrics can be used to serve the unbanked and those currently unrecognized within national infrastructures. South America is an example of an early adopter of biometrics, turning to the solution to cope with swelling population sizes, and the challenges associated with accessing proof of identity when setting up traditional bank accounts. Meanwhile in India, pension payment fraud has dropped by 47% thanks to bypassing the need for prior credit ratings or credentials.
Liveness detection, however, which ensures the biometric sensor is reading a true biometric source (rather than a false or recreated image of one), is vital to the success of financial aid programs globally. Securing remittances through biometric authentication ensures transparency and better fund control. Directing funds to cold wallets or biometrically authenticated cards can also improve program efficiency, safeguarding the interests of individuals and communities.
Overall, the biometrics market is expected to grow to US$87.4 billion by 2028, at a CAGR of 17%. Whilst its value as a simple and secure method of transacting is growing substantially, you can’t put a price on its impact on those who have so-far fallen through the gaps of finance’s digital revolution.
Business
Euro deep tech M&A deal value expected to reach $20bn+ in the next 15 months
Published
4 days agoon
September 22, 2023By
editorial
Written by Oliver Warren, Associate at DAI Magister
Investment in European deep tech has mirrored the broader decline in the technology sector; it has halved since the peak of 2021’s boom, reflecting investor preferences for ventures with lower capital expenditures and associated risks. Start-ups within the following verticals: Health and Bio, Transportation, Energy, and SaaS and AI experienced the most significant drops.
However, Dealroom data shows stark differences in funding for deep tech start-ups at the early, breakout (Series B & C), and late stages. After experiencing a modest deceleration between 2021 and 2022, early-stage deep-tech fundraisings have been surprisingly healthy, bucking the market trend, due in part to the hype surrounding Generative-AI and in Q1 2023 they received the highest infusion of capital for over a year.
However, this positive trend conceals a sharp decline in B and C round fundraises, which have seen investment activity plummet to $1 billion in Q1 2023 from a peak of $3 billion in Q1 2022. Late-stage rounds (>$100M) have also experienced massive declines, falling almost 70% from $2 billion in Q1 2022 to $634 million in Q1 2023.
$20bn+ worth of deep tech M&A in the next 15 months alone
While venture capital continues to show interest in the sector, the retreat of growth investors and the genuine prospect of a prolonged down cycle ahead has left growth-stage deep tech companies needing to implement stringent cost-cutting strategies to curtail expenses and extend their runways. But even those fortunate enough to have secured inflated funding rounds during the exuberant market conditions of 2021 will soon need additional investment.
Deep tech companies typically have high burn rates due to their heavy focus on research and development, requiring funding approximately every two years on average. With dwindling access to VC cheques, a non-existent IPO market, and practical limits to self-sufficiency, M&A is already emerging as a valid route to realising substantial profits for investors and founders, even if it doesn’t deliver the lofty $1bn+ valuations seen in 2021.
We’re already seeing more companies take this route. European deep tech M&A activity has rebounded to levels not seen for years and across our focus verticals, spanning Advanced Materials, Space, AI & ML, Cybersecurity, and Robotics, European M&A transactions have already rebounded to surpass 2020 levels (183 this year, annualised versus 176 in 2020), with some notable exits such as InstaDeep’s sale to BioNTech and SLM Solutions metal 3D printing business being acquired by Nikon.
In 2024, we forecast 250+ M&A deals in European deep tech, with at least 20 above $100m, making it the strongest M&A year since 2016. A key driver of this resurgence is the substantial increase in established deep tech companies across Europe, with many more companies fielding 100+ employees and sizeable, valuable engineering teams. The funding-driven growth in the size of European deep tech companies now makes many more sizeable, more strategic targets for international acquirers.
Overall, we anticipate the remainder of 2023 and 2024 will be banner years for European deep tech M&A, with potential deal value reaching $20 billion or more in the next 15 months alone.
Magazine
Trending


Investing In Bitcoin: What You Need To Understand Before You Buy
Bitcoin—the digital currency that launched a financial revolution—is more than a trending investment. This decentralized currency, free from traditional banking...
How the LEI Can Help Financial Institutions ‘Address’ a Growing Challenge in ISO 20022
The vast complexity and inconsistency of address formats globally presents significant challenges for financial institutions. In this blog, GLEIF’s Head...


Building towards an inclusive financial future
By Catharina Eklof, CCO of IDEX Biometrics From the visually impaired to displaced migrants, the unbanked, and people living...


Euro deep tech M&A deal value expected to reach $20bn+ in the next 15 months
Written by Oliver Warren, Associate at DAI Magister Investment in European deep tech has mirrored the broader decline in...


Why ESG Investing Is Becoming More Important
Author: Urtė Karklienė, Sustainability Manager at Oxylabs Environmental, social, and governance (ESG) term was first mentioned in a 2004...


Preparing banks for digital transformation
By Joman Kwong, Strategic Solutions Manager, Financial Services at Laserfiche Today, digital transformation is imperative for every industry. After...


The critical tech to deliver personalised digital financial experiences
Jay Sanderson, Senior Product Marketing Manager, Digital Experience at Progress Providing customers with outstanding digital experiences is now a must...


Bank-fintech partnerships can shape the future of cross-border payments
Steve Naudé, Head of Wise Platform People and businesses are more interconnected than ever. In today’s global economy, international...


DORA Compliance in Financial Organisations: What You Need to Know
Nick Hogg, Director of Security Training, Fortra The regulatory landscape is tightening for European banking, financial, and insurance institutions....


How sound investment research can revive the City of London
Author: Neil Shah, Director at Edison Group A few months ago, leading portfolio manager Nick Train described the modern...


Why Finance should stop leaving inventory to Operations – a guide for CFO’s
Matthew Bardell, Managing Director, nVentic Traditionally, Finance is the only function within a company that really focuses on net...


Vertical thinking: Why banks need to decouple their payments processing value chain
Esther Groen, Head of Payments Centre of Excellence, Icon Solutions The traditional payments processing model for account-based payments is...


Front-door, personalised delivery – why more effective last mile data integration is critical in financial services
by Martijn Groot, VP Marketing and Strategy, Alveo Financial services firms invest significantly in the acquisition and warehousing of many data sets...


Navigating equity markets in a high-interest rate environment
Marios Chailis, CMO, The Libertex Group For over a decade, investors have become used to navigating equity markets in...


How can your office support the collaboration demands of today?
Rob Quickenden, CTO, Cisilion Over the past decade, the office environment has evolved, with online collaboration tools becoming the norm. But...


Improving CX in digital-first banking
By Nina Mack, CX Director at CTI Digital The financial industry has undergone a seismic transformation over the past...


How data engineering can effectively support financial institutions
Adding efficiencies, automating processes and strengthening cybersecurity efforts: data engineering can be crucial in support scaling fintechs, says Krzysztof Michalik,...


Industrial Revolutions – How AI Refactors Finance, Manufacturing & Healthcare
Author: Lori Witzel, Thought Leader Alumnus, Spotfire, a business unit of Cloud Software Group Today, Artificial Intelligence (AI) is...


Beyond money: What private equity needs to bring to ventures on the African continent
By Bryan Turner, Partner, Spear Capital If you ask an entrepreneur or even the leadership team of a larger...


Will AI lead to a better business?
Article by engineer Sara A. Al-Emadi, Research Associate at Qatar Computing Research Institute (QCRI – part of Qatar Foundation), an...

Investing In Bitcoin: What You Need To Understand Before You Buy
How the LEI Can Help Financial Institutions ‘Address’ a Growing Challenge in ISO 20022

Building towards an inclusive financial future

Euro deep tech M&A deal value expected to reach $20bn+ in the next 15 months

Why ESG Investing Is Becoming More Important

Preparing banks for digital transformation

PCI DSS v.4.0 Latest Updates That You Need to Know

RBI’s MASTER DIRECTION ON DIGITAL PAYMENTS SECURITY CONTROLS

EMV® 3-D SECURE: ENABLING STRONG CUSTOMER AUTHENTICATION

HOW TO SIMPLIFY IDENTIFICATION IN THE GLOBAL DIGITAL ECONOMY WITH THE LEI

EXEGER – CHANGING THE PERCEPTION OF POWER

FUTURE FX PROMO
Trending
-
Banking4 days ago
Building towards an inclusive financial future
-
Business4 days ago
Euro deep tech M&A deal value expected to reach $20bn+ in the next 15 months
-
News3 days ago
How the LEI Can Help Financial Institutions ‘Address’ a Growing Challenge in ISO 20022
-
Finance18 hours ago
Investing In Bitcoin: What You Need To Understand Before You Buy