Connect with us

Wealth Management

HOW RESILIENT IS YOUR ORGANISATION’S SECURITY?

Kimon Nicolaides, Digital Services Group Head at MASS

 

Organisational security can be thought of like peeling the layers of an onion – with critical assets sitting in the middle protected by multiple layers, and if one layer is removed or breached, there’s another one underneath. At least that’s the way it should be – too often, however, we see a siloed approach to the different areas of security. In practice, physical, cyber and personnel security can be much more inter-related than many imagine.

The finance sector is arguably one of the more mature in terms of established security measures. However, it’s also vastly diverse, targeted by some of the most advanced threat actors, and one where even the smallest breach has the potential for significant impact, monetarily, or on market reputation, perception or confidence. Security measures should therefore be viewed holistically, led and understood by senior management, otherwise gaps for exploitation will be found by intelligent and experienced people, supported by an ever-growing arsenal of exploitation technology.

Here, we take a closer look at some of the things that comprise a holistic view of security – based on the approach we take with public sector and defence organisations.

 

Physical security

It may seem obvious, but the first layer to assess should be the physical access to your business. For all organisations, this step remains as true today as it ever has been – even for the finance industry where physical security principles have been established over many years.

This stage should go back to the basics of how an intruder could gain access, starting by reviewing the ‘perimeter’ controls. In fact, the first question is, ‘what is the perimeter?’. With the potential for distributed site facilities, linked remote assets, and supply chain dependencies, this simple question needs careful consideration.

Scenario-based analysis, using threat actor personas, motivations and objectives can really help by defining a where a ‘perimeter’ really lies. It’s also an invaluable methodology for exposing how an organisation could be exploited.

This stage should involve a review of physical controls such as fencing, access technology, CCTV coverage etc., including, their role in deterrence and detection of hostile reconnaissance activities.  Disrupting the planning cycle of attacks is often overlooked relative to direct prevention of unauthorised access.

Ultimately, security measures are only as effective as the people that apply them, so an understanding of human behaviours is essential. It’s important to consider how people’s actions affect overall site security and, why these actions occur.

Issues can range from the wearing of security badges in the street through to poor motivation and effectiveness of roving security staff or those monitoring CCTV. Simple and innocent human mistakes could form the seed of future security breaches.

 

Cyber security

The finance sector has progressed its cyber resilience considerably as it’s been dealing with threats for many years. But business sizes now range from the very large to the small and, as new forms of financial transactions evolve, protection becomes more challenging. There is an increased availability of cyber exploitation toolsets and associated managed services and coupled with a reduction in their cost – lowering the financial and technical barriers to advanced cyber-attacks.

This means that cyber security, even for the finance sector, needs to be taken to a new level and existing assumptions continuously challenged.

For example, while penetration testing regimes remain a vital tool in mitigating network cyber risk (including ‘CBEST’ which has been widely rolled out across the finance sector), these still remain a snapshot in time. While they deliver valuable depth of analysis within a network, they are often constrained in breadth of scope and can potentially leave vulnerability blind spots. Very frequent, lighter-touch cyber assessments can fill this gap as they offer a more dynamic view of ongoing vulnerabilities over a wider proportion of the estate, which could represent ‘low hanging fruit’ for the cyber actor. Assessments can be enhanced by applying modern threat intelligence techniques to rapidly identify existing compromises and potential weaknesses (including personnel and corporate digital footprint). This establishes a picture of cyber posture and vulnerabilities before any testing taking place.

Similarly, end-user device security is often viewed in terms of the encryption strength, keys etc.  However, modern methods of fault injection attack (a device’s response to artificially applied ‘fault conditions’ used to derive security credentials), can effectively sidestep assumed security measures, which would normally take decades to ‘crack’ using computer power. So, it makes sense to test a device’s vulnerability to fault injection, rather than assuming encryption alone will protect it.

For this reason, it’s crucial to examine the wider supply chain. In the finance sector, there is high dependence on suppliers of digital telecommunications and energy services, and when different systems are interconnected its challenging to pinpoint cyber resilience risks. Despite this, it’s possible to map complex information to establish risk, by identifying ‘hot-spot’ concentrations of dependencies that represent single-point failures within the complexity of the overall business operation.

 

The insider threat

The potential threat from insiders – those who might misuse their legitimate access to an organisation’s assets for unauthorised purposes – is often overlooked.

This is particularly true for financial businesses, where personal financial gain could be an incentive, or where security controls are so effective that hostile actors must exploit those with legitimate access to circumvent them. You can think of insider threat as the ‘grand master skeleton key’ of security, as there are few security measures that cannot be overcome by the right insider, or team of insiders.  Security compromises involving insiders can also have a disproportionately high business impact.

Yet many organisations consider insider risk to be mitigated simply by pre-employment screening and fail to recognise the spectrum of risks ranging from genuine human error, through to orchestrated insider activity by paid professionals. Insider cases frequently involve individuals who have been with an organisation for some years and have had some personal vulnerability exploited or exposed, or simply become disgruntled.

It’s a broad area to address. Internal governance, security culture, employee wellbeing, employment measures, corporate digital footprint, and perceived employee sentiment are some of the aspects that should be considered. When you have understood this for your own organisation, you should make the same assessment of your supply chain.

If the business is committed, it’s possible to use structured analytical methods to quantify your organisation’s maturity and assess where the key vulnerabilities and risks could lie. This understanding paves the way for improvement, and even small changes can make a big difference.

 

The hidden layers

Like an onion, there are hidden layers to security that may be overlooked so it’s important to consider physical, cyber and personnel security collectively, and to understand the dependencies you have as a business.

For example, your own environment may be protected, but if data is shared with your suppliers or partners, is it still secure? Similarly, if a supplier or partner has a security breach, what does it mean for your operation, your business continuity and your customers?

When assessing security measures, it’s essential to go an extra layer deeper and consider how a range of factors could impact your organisation and its readiness to respond to an incident.

At MASS, our security experts consist of professionals with extensive experience in preventing security breaches and performing assessments in accordance with Ministry of Defence processes, so that we can ensure our security analysis meets and exceeds industry best practice.

For more information, please visit: https://www.mass.co.uk/what-we-do/cyber-security/cyber-security-training/

 

Wealth Management

DON’T RISK IT ALL WITH NON-COMPLIANCE

By Paul Sleath, CEO at PEO Worldwide

 

Did you know non-compliance costs more than twice the cost of maintaining or meeting compliance requirements?

Yet, companies continue to overlook proper compliance procedures, choosing to ‘wing it’ or do it on a shoestring budget instead.

We get it. Today’s business owners have a multitude of priorities to juggle, top of which is turning a profit and growing. When you’re focusing on driving success, compliance can easily fall by the wayside.

But success is of little consequence if a government entity dissolves your company because you failed to comply with certain legal requirements.

Keeping on top of regulations

In the corporate world, compliance involves adhering to a wide range of laws and standards designed to protect your employees, customers and other stakeholders — and generally making sure you “do the right thing”.

No matter what industry or type of business you work in, compliance is a big deal. But when you’re looking to expand your operations into markets all over the world, it’s an entirely different ballgame.

As you grow and move into new jurisdictions, you’ll encounter a whole host of new regulations — from tax returns and statutory filing to international employment rules about payroll — and face much higher compliance costs than operating solely in one location.

Many countries require that filings and contracts are made in the local language and change their regulations frequently. Without a contact on the ground, it can be difficult to keep up. Each country will also have its own authorities and governing bodies to deal with.

For example, in the US, you have the Occupational Safety and Health Administration (OSHA) to contend with while companies operating in the UK will need to comply with the Health and Safety Executive’s (HSE) standards.

 

Compliance across borders

The point is, no two countries are the same, and when you’re trying to operate across multiple locations, things can get messy.

Late filing in Denmark could lead to your company being dissolved within a few months. In Serbia, the tax regulations are so confusing that many companies have taken to paying extra tax where they have no liability just to ensure they don’t get stung with any penalties.

If you’re expanding into Spain, it’s worth knowing that terminating employee contracts is notoriously tricky, and you’ll have to budget for a severance fee (which equates to 33 days of salary per employment year).

In Singapore, you’ll be responsible for sending the monthly payment (including both yours and the employee’s respective contributions) to the Central Provident Fund (CPF) — a key pillar of the country’s social security system. This payment has to be sent by the 14th of the following month.

A couple of notable points to bear in mind if you’re expanding into Germany is that employees can only be leased for a maximum of 18 months. After this, you must hire them permanently or let them go. Chain leasing is also prohibited, meaning the company holding the licence must contract directly with the party receiving the labour.

And if you’re global expansion journey is taking you down under to Australia, you’ll need to pay a Fringe Benefit Tax (FBT) if you’re providing certain benefits to your employees — even if a third party provides them.

Without this knowledge of local regulations, you quickly (albeit unintentionally) run the risk of non-compliance and find yourself on the wrong side of the law.

So, what could happen if you don’t comply?

There’s no way around it, if you fall foul of compliance, you’ll end up paying for it — one way or another.

Penalties come in multiple forms. The most common penalties for non-compliance are fines, which may be levied against the company or individual directors.

However, one of the most financially damaging events a company faces is having their products blocked at the border or being forced to destroy merchandise due to compliance issues. In some cases, non-compliance can even result in the mandatory closure of ALL operations within that country or imprisonment of the directors.

Even if your organisation is not given an actual penalty, the inconvenience and costs of righting the mistake, damage to the company’s reputation and possible loss of contracts could prove disastrous.

But the highest cost of non-compliance is business disruption. When found to be non-compliant, you may be forced to implement changes before business can resume, which can have a knock-on effect on other areas of your organisation.

Whether you’re looking for a PEO in the UK, US, Spain or Singapore, compliance should be your top priority. So, it’s worth seeking the help of a Global PEO with local knowledge of your chosen country to ensure you always remain on the right side of international employment laws.

That’s where we come in. At PEO Worldwide, we ensure you remain compliant at all times by taking full responsibility for hiring, contracts, employee benefits, payroll and termination if needed. To find out more about our global employment services, don’t hesitate to get in contact.

 

Continue Reading

Wealth Management

FOR PE TO SNAP UP “GOOD” COMPANIES, THEY MAY NEED TO WADE INTO “BAD” ECONOMIES

FINANCIAL MARKET

By  Martin Soderberg, Partner at SPEAR Capital

 

There’s no shortage of global challenges for investors currently, especially for those concerned with private equity (PE). PE and risk managers with their fingers on the pulse are turning to often overlooked opportunities in emerging markets. As Martin Soderberg discusses, while there are arguably higher levels of risk associated with such investments, the key is being able to identify good companies – and some of these may be found in bad economies.

While the current state of global markets and the enduring pandemic are anything but favourable for fundraising, some estimates indicate that up to $2.5 trillion in unutilised capital was sitting in PE houses globally earlier this year, simply waiting for the tide to turn. The McKinsey Private Markets Review 2020 reveals that $1.47 trillion of investor capital was deployed through the PE asset class globally in 2019. This represents impressive growth of private market assets under management by 10% for the year, on the back of total growth of 170% for the past decade. While, as any risk or asset manager will tell you, past performance is no guarantee of future results, the existing levels of available capital (if prudently allocated) have the potential to extend this decade of growth through the COVID-19 storm.

The International Monetary Fund (IMF) has already announced that it expects global growth to contract by 3% for 2020, representing a revised downgrade of 6.3 percentage points from January 2020. The IMF concluded that a revision of such magnitude over such a short period is an indication that the world is in the midst of the worst recession since the Great Depression and in a far worse position than during the Global Financial Crisis of 2009. While some would argue that investment in any country is potentially unstable in the current recession – evidenced by prices in investor safe havens such as gold skyrocketing to all-time highs, almost testing the $2,000 level this week – stability exists within key sectors such as healthcare and fast-moving consumer goods (FMCGs). This was exemplified late last year through Nigerian edtech learning platform uLesson’s closing of a $3.1 million seed-level round led by TLcom Capital, to address infrastructure and learning gaps in Africa’s education sector.

Martin Soderberg

Population growth and urbanisation typically drive consumption in these and other sectors. Sub-Saharan Africa has experienced growing numbers of first-time migrants into cities and leading economic nodes, with pre-COVID estimates that 50% of Sub-Saharan Africa’s population will be living in cities by 2030. In addition, burgeoning middle classes and the younger populations of developing nations is resulting in increasing levels of disposable income. At a media briefing in June, however, the IMF projected that Sub-Saharan Africa’s economy will contract 3.2% in 2020 – double the contraction forecast earlier in April. FMCGs will have taken a knock across all markets and varying recovery periods, which also ought to be borne in mind. So PE firms need to revise their approaches to investor engagement, strategy and transparency to convince, secure and guide investor capital into emerging markets presently.

 

Finding the right quality asset

There is of course a definite need for macro analysis of the country your investment or acquisition target is stationed in. Along with the six different forces macro environments typically consist of – namely Demographic, Economic, Political, Ecological, Socio-Cultural, and Technological – under the current coronavirus circumstances additional consideration by investors and risk managers also needs to be given to the COVID-19 policies and responses being implemented by the countries these companies operate within, as well as the fiscal measures being implemented. Although these are particularly complicated and extraordinary variables to attempt to measure, their impact on GDP contraction as well as debt-to-GDP ratios within the countries concerned can potentially be forecast in the short- to medium term.

With this in mind, it’s worth identifying scalable entities with realistic potential for regional expansion where instilling a balanced measure of operational and strategic influence is possible at management and board levels. A recent example is PE firm Mediterrania Capital Partners, which focuses on growth investments in SMEs and mid-cap companies in North and sub-Saharan Africa, acquiring a stake in Akdital Holding, which operates five clinics in Morocco.

It’s important that liquidity management takes precedence over solvency, which often serves as an indication of top line growth. At the same time, one must also take into account worst-case scenarios within the markets one is investing in and plan accordingly for crisis scenarios, such as debt, liquidity options and operational costs that can be scaled back.

In addition, micro and macro risk management should be thorough, particularly in light of escalating trade wars between developed nations and instances of seemingly nationalistic legislation being passed that may be unfavourable to specific emerging markets and spur further GDP contraction. Furthermore, evaluation of local political risk and the potential for obstruction or intrusion at investment and operational levels should be borne in mind.

The lockdown conditions associated with COVID-19 have also significantly impacted logistics planning and provision, across borders to neighbouring states as well as overseas. Furthermore, we’re in a period of increased currency volatility which has a knock-on effect on export and import potential. However, such limitations create broader opportunities for PE firms to generate further value by concentrating greater focus on ESG in the markets in which they already operate. Such focus is typically undervalued, yet has the potential to generate greater revenue while ultimately attracting further investment – providing firms are willing to transparently evidence tangible progress..

 

PE and foreign direct investment scepticism

When entering and engaging with companies that have scalable investment potential in emerging markets, one should expect varying degrees of caution by companies in emerging markets, which is sometimes misinterpreted as protectionism. Historical injustices in many Sub-Saharan nations have understandably dented local confidence in foreign direct investment. Furthermore, companies will be wary of recurring instances where opportunistic investments by PE entities rendered relatively worthwhile returns for investors but created debt rather than any genuine value for the company concerned.

Therefore transparency and the ability to wear your PE credentials on your sleeve is paramount, such as evidence of accelerated revenue growth, increased capital expenditures and expanded profit margins in the financial reporting of your existing portfolio. If your portfolio is little more than smoke and mirrors designed to conceal debt as well, slowing revenue growth or capital expenditure as a percentage of sales declined and little evidence of revamped strategies and additional management perspective, then you’re setting yourself up to fail.

There will be continuing debate for some time to come as to whether reluctance to invest in emerging markets will be a PE stumbling block, given the hunt for yield. Thoroughly investigated company investment opportunities have to be afforded genuine investment value in terms of expansion and enrichment, not only for yields to materialise but also for the yields to be worthy of the investment itself. While now is the time for PE firms to begin putting in the groundwork, as much as an additional year, by conservative estimates, may need to be factored in before capital can realistically be deployed. But for those who carefully identify unwavering trends in emerging markets over the next six to 12 months and articulate genuine opportunities to investors, there is scope for the PE asset class to exhibit substantial growth over the course of the coming decade, while capitalising on the “good” companies blooming in “bad” economies.

 

Continue Reading

Magazine

Partner Events

Trending

Business24 hours ago

WHY AUTOMATING CAN FUTURE PROOF YOUR BUSINESS

By Ryan Demaray, Managing Director SMB EMEA at SAP Concur   Every business has administration duties that can be considered...

News24 hours ago

VIBEPAY SETS SIGHTS ON GROWTH WITH INTEGRATION OF MORE UK BANKS AND NEW BUSINESS ACCOUNTS

VibePay is continuing on its ambitious path of growth, with the integration of more UK banks and payment providers via...

Banking1 day ago

HOW BANKING IS USING AI TO PROCESS CUSTOMER FEEDBACK

By Dan Somers, CEO of Warwick Analytics   More banks are turning to practical AI to rapidly analyse customer conversations...

News1 day ago

BOARD REPORT HIGHLIGHTS COMPLEX DECISION-MAKING PROCESS ACROSS BANKING AND FINANCE SECTOR

‘The State Of Decision-Making’ report from Board, reveals business decisions made in silos without modern planning tools A third (33%)...

Business1 day ago

COULD GRAPH TECHNOLOGY BE A POWERFUL WEAPON AGAINST CORONAVIRUS FRAUD?

Crisis funds and loans put in place to help support businesses during the health emergency have become a prime target...

News1 day ago

THOUGHT MACHINE JOINS THE BANKING INDUSTRY ARCHITECTURE NETWORK (BIAN)

Thought Machine, the cloud native core banking technology firm which builds Vault, today announces it has joined the Banking Industry Architecture...

Wealth Management4 days ago

DON’T RISK IT ALL WITH NON-COMPLIANCE

By Paul Sleath, CEO at PEO Worldwide   Did you know non-compliance costs more than twice the cost of maintaining or...

News5 days ago

BANKIA TRANSFORMS THE CUSTOMER AND EMPLOYEE EXPERIENCE WITH BIANKA BY IPSOFT

Developed with cognitive artificial intelligence, IPsoft’s conversational agent can carry out transactional tasks, perform different roles in customer service and...

Finance5 days ago

FIDUCIARY MANAGEMENT

by Devan Nathwani, FIA and Investment Strategist at Secor Asset Management   Defined Benefit pension schemes are one of the most significant institutional...

Business5 days ago

TOUCH-FREE AUTHENTICATION FOR ALL: WHY WE NEED A SAFER PAYMENT METHOD IN THE ‘NEW NORMAL’

David Orme, SVP, Sales & Marketing, IDEX Biometrics ASA   Ever since March, when the World Health Organization encouraged people to...

Banking5 days ago

WHY BANKS NEED TO EMBRACE OPEN SOURCE COMMUNITIES

Nikolai Stankau, Director Business Development, EMEA Financial Services at Red Hat, the world’s largest enterprise open source solutions provider.  ...

FINANCIAL MARKET FINANCIAL MARKET
Wealth Management5 days ago

FOR PE TO SNAP UP “GOOD” COMPANIES, THEY MAY NEED TO WADE INTO “BAD” ECONOMIES

By  Martin Soderberg, Partner at SPEAR Capital   There’s no shortage of global challenges for investors currently, especially for those...

Business6 days ago

THE BASICS OF BUSINESS FINANCE

When you’re starting your business, you’ve got a lot to be thinking about. You need to find affordable suppliers, market...

Business6 days ago

HOW THE IMPORTANCE OF E-COMMERCE PLATFORMS GREW DURING THE PANDEMIC

Never in history has the world relied more on the internet than during this Covid-19 pandemic. With governments imposing lockdowns...

Business6 days ago

UNBANKED AND UNCONNECTED: SUPPORTING FINANCIAL INCLUSION BEYOND DIGITAL

Darren Capehorn, Director, Icon Solutions   Many of us take it for granted, but accessing basic financial services is fundamental...

Banking1 week ago

MORE THAN REGULATION – HOW PSD2 WILL BE A KEY DRIVING FORCE FOR AN OPEN BANKING FUTURE

Ralf Ohlhausen, Executive Advisor, at PPRO   Whilst initially seen as simply a regulation exercise, the second Payment Service Directive,...

Top 101 week ago

TIME TO THINK OUTSIDE OF THE BLACK BOX

Mike Brockman, CEO, ThingCo   If you have the unbridled joy of parenting a teenager you’ll probably know what telematics...

Banking1 week ago

BANKING’S SECOND WAVE OF TRANSFORMATION: INTEGRATING THE CLOUD-ENABLED FUTURE BANK

Keith Pearson, Head of Financial Services EMEA, ServiceNow   The last six months have seen significant changes to the financial services landscape, with operational resilience, economic recovery, cost reduction and an...

News1 week ago

RISK AND INVESTMENT SPECIALIST, CARDANO, TAKES TO DOCUMENT AND EMAIL MANAGEMENT IN THE CLOUD WITH ASCERTUS AS IMPLEMENTATION PARTNER

Ascertus also providing document comparison tool, compareDocs    Cardano, a privately-owned, purpose-built risk and investment specialist, has chosen Ascertus Limited as its implementation...

Wealth Management2 weeks ago

HOW SALARY SLIPS HELP YOU UNDERSTAND TAX DEDUCTIONS ON YOUR SALARY

A salary slip is defined as a document that is provided by your employer which contains the breakdown of your...

Trending