Connect with us

Banking

MODERN BANK HEISTS: FINANCIAL INSTITUTIONS ARE BEING HELD HOSTAGE

Published

on

By Tom Kellermann, Head of Cybersecurity Strategy, VMware Security Business Unit, @TAKellermann

 

The modern bank heist has escalated to a hostage situation over the past year. The new goal of attackers is now to hijack a financial institution’s digital infrastructure and to leverage that infrastructure against a bank’s constituents. As the world shifted to an anywhere workforce amid the pandemic, we witnessed attacker strategy evolve, becoming much more destructive and sophisticated than ever before.

In the fourth annual Modern Bank Heists report, we interviewed 126 CISOs, representing some of the world’s largest financial institutions, regarding their experiences with cybercrime campaigns. Given the nature of its business, the financial sector has established robust security postures and fraud prevention practices. However, they are facing an onslaught of sophisticated cybercrime conspiracies. Attacks against financial institutions more than tripled last year. This stark reality can be attributed to the organized nature of cybercrime cartels and the dramatic increase in sophisticated cyberattacks. The goal of this year’s report was to understand how offense should inform the financial sector’s defense.

 

Here’s an overview of some key findings:

  • From heist to hostage: 38%* of financial institutions experienced an increase in island hopping, escalating a heist to a hostage situation. Cybercrime cartels understand the interdependencies of the sector and recognize that they can hijack the digital transformation of the financial institution to attack their customers. They use brand trust (often times trust that’s been built up over hundreds of years) against the bank’s constituents by commandeering its assets. *Note: This excludes SolarWinds.
  • Increased geopolitical tension and counter IR triggering destructive attacks: There’s been a 118% increase in destructive attacks as we see geopolitical tension play out in cyberspace. Russia, China and the U.S. underground posed the greatest concern to financial institutions. It is also worth noting that cybercriminals in the financial sector will typically only leverage destructive attacks as an escalation to burn the evidence as part of a counter incident response.
  • The digitization of insider trading: 51% of financial institutions experienced attacks targeting market strategies. This allows for the digitization of insider trading and ability to front-run the market, which aligns with the strategies of economic espionage.
  • Cybercriminals launch Chronos attacks: 41% of financial institutions observed the manipulation of time stamps. This is occurring within a sector that’s incredibly dependent on time given the nature of its business. Because there’s no way to insulate the integrity of time once deployed in a time stamp fashion, this Chronos attack is quite pernicious.

As the threat landscape evolves, so will the tactics, techniques and procedures of cybercrime cartels, as seen in the above findings.

These groups have become national assets for the nation-states who offer them protection and power. In tandem with this, we’ve seen traditional crime groups digitize over the past year as the pandemic hampered them from conducting business as usual. This has popularized the industry of services provided by the dark web, increased collaboration between cybercrime groups, and ensured cyber cartels are now more powerful than their traditional organized crime counterparts.

 

So, how should the financial industry respond? To start, here are a few strategies for security teams:

  • Conduct weekly threat hunting and normalize it as a best practice to fuel threat intelligence. We were happy to hear from the CISOs we spoke with that 48% already conduct weekly threat hunts.
  • Integrate your network detection and response with your end-point protection platforms.
  • Apply “Just in time” administration.
  • Deploy workload security.

The game has changed, and so must the financial sector’s security strategy. Safety and soundness will only be maintained by empowering the CISO. 2021 should be the year that CISOs report directly to the CEO and be given greater authority and resources.

Bob Parisi, Head of Cyber Solutions – North America, Munich Re, echoed the importance of up leveling the role of the CISO as cyberattacks surge: “The report’s findings around an increased level of destructive attacks and island hopping makes it clear that financial institutions remain in the crosshairs. VMware’s recommendation that CISOs should be elevated to C-level aligns with the fact that cyber risk is an operational risk that needs to be managed across a spectrum of technology, process and people, including the use of financial instruments like cyber insurance.”

It’s no longer a matter of if, but when “the next SolarWinds” will occur. As a result, cybersecurity must be viewed as a functionality of business versus an expense. Trust and confidence in the safety and soundness in the financial sector will depend on it.

To learn more, download the full report.

 

Banking

Bringing Automation to Banking

Published

on

By

Ron Benegbi, Founder & CEO, Uplinq Financial Technologies

 

Automation is everywhere you look these days; from supermarkets to warehouses to automobiles. This prominent trend shows no sign of abating anytime soon. However, some sectors remain behind others when it comes to adopting automated technologies. Banking is one such segment, but there’s now evidence to suggest that this could be about to change.

 

What do we mean by automation?

There are a lot of ways to define automation, but broadly the term applies to any technological application where human input is minimized through design. Over the years, automation has evolved from a basic level, which took simple tasks and automated them, all the way to advanced automation powered by Artificial Intelligence (AI). In general, automated solutions work to increase productivity and efficiency within businesses and often result in a reduction in costs associated with human capital.

 

Ron Benegbi

Why has the banking sector been slow to adopt automation?

The banking sector has been built on a number of long-standing, tried and tested processes and protocols, which have been continually fortified and refined over time. This is one explanation as to why the sector has been so slow in adopting new, automated methods within its operations. Additionally, many major financial institutions have spent decades building their own internal legacy computer systems, which are often incompatible with modern automated solutions.

When combined, these two issues have caused a significant lag in the banking sector with regards to the adoption of automated technologies. This lag has created a market opportunity that a number of fintech providers have been able to exploit in recent years. Offering a more responsive and tech-first user experience, many fintech providers are leveraging the power of automation to better meet the banking needs of their customers. However, there is still time for the banking sector to start bridging this gap.

 

Does automation have a place in the banking sector?

The opportunity for automation to play a role within banking can be transformational.

To achieve this, it’s important that legacy organizations begin to learn from their more tech-savvy, smaller counterparts. If used effectively, automated financial solutions can greatly improve the experience of banking customers, both on a personal and business level. So, what exactly does this change look like, and how far away are we from seeing it become a reality?

A good place to start is the small business credit lending process, where not much has changed since the 1980’s. Over that period, the world has greatly transformed, but the methods used to assess credit worthiness have remained somewhat static. For the most part, banks assess data related to businesses’ accounting and banking records and from credit scores. For many businesses, especially the newer and less established ones, this antiquated approach is having a detrimental effect. In fact, it’s often cited as a contributor to the huge funding gap between SMBs and their larger counterparts.

 

How can automation benefit the banking sector?

By adopting more automated technologies, lenders in the banking sector can begin to assess more comprehensive information when making credit decisions. Notably, new methods exist, which enable additional data sets to be evaluated, in order to build a more accurate financial depiction of a business’ overall position. This data can come from sources like external market attributes, economic indicators, demographic data and exogenous shocks.

By leveraging additional data sets through new methods of financial automation, banks are now in a position to respond more effectively to small businesses, including those in emerging and evolving markets where there is a lack of conventional sources of information.

With more ways to access funding, facilitated by alternative data and automated processes, small business owners can improve their operational efficiencies and accelerate their growth efforts. In doing so, legacy oriented financial institutions can now better equip themselves in protecting against new, nimbler tech-based disruptors.

 

Continue Reading

Banking

MYTH BUSTING THE ROLE OF OPEN SOURCE IN FINANCIAL SERVICES

Published

on

Nigel Abbott, Regional Director North EMEA, GitHub

 

There is no denying the financial services (FS) industry is under pressure to innovate. Not only have customer and consumer expectations for digital experiences surged in recent years, but the emergence of nimble and ambitious fintechs have disrupted the market. Yet, despite striving for innovation being table stakes across the industry, FS organisations inevitably face familiar hurdles that slow their progress, including concerns surrounding security, compliance, and the ability to act fast.

Open source is increasingly seen as a route to drive innovation and create new value. The FS sector’s utilisation of open source and the transformative role it can play is accelerating – on paper, at least. According to the recent Fintech Open Source Foundation’s (FINOS) 2021 State of Open Source in Financial Services survey, as many as 80 percent of FS leaders said that innovation, reduced time-to-market and total cost of ownership are factors for FS businesses to consume open source.

Nigel Abbott, Regional Director North EMEA -GitHub

But the reality is these positive adoption figures don’t tell the whole story. The survey also revealed that 75 percent of FS technology leaders said their businesses are either not “open source first”, or that they did not know if they were. Tellingly, less than one in ten (eight per cent) said that their business has put in place policies to encourage open source contribution.

The statistics point towards disparity between uptake of open source and the ability to use it to its full potential. But why?

For me, it comes down to some common myths about the role of open source that need demystifying:

 

Myth #1: There are limits to the innovation that open source can deliver

This could not be further from the truth. All enterprises, including FS companies, rely on open source software to build the best software for their customers, improve infrastructure, and unlock the potential of their engineering teams. Nationwide, for example, has completely redesigned its DevOps processes to respond faster to market changes and keep pace with customer expectations to remain relevant. The impact is transformative when they actively embrace it and participate fully in the open source community, creating a win-win situation for end-users. 

 

Myth #2: Data can be shared without consent 

Quite the opposite. Open source does not require FS businesses to share all their secrets and give away their competitive advantage. Instead, taking an “innersource” approach allows financial institutions to take the skills of developers who are accustomed to using open source tools and brings these inside the company firewall, providing a secure internal platform for working collaboratively on projects.

 

Myth #3: Open source is not secure

The most common misconception is that higher security risks are associated with code being openly available to anyone who uses it. But the open concept is, in fact, one of the biggest security strengths of open source. This is because of the collaborative nature of how code is built. The open source community has a shared responsibility for developing and maintaining secure code, and there is a vast global pool of developers identifying and fixing security issues. Supported by the right tools and processes, open source makes it easier for developers to code securely throughout the entire software development lifecycle, reducing the amount of time and financial investment in delivering secure products. Research from Red Hat found that security is regarded as a top benefit for enterprises using open source.

 

Myth #4: The open source community lacks finance sector contributors

This is untrue. Financial enterprises of all shapes and sizes are prominent participants in the open-source community and lead by example, sharing meaningful code contributions. Challenger banks and institutions such as Goldman Sachs contribute to open source initiatives via FINOS. By opening their code and ideas, FS companies can share lessons and support the whole community – helping them deliver better services and more value to their customers. And crucially, they are advancing a community that they can systematically tap into and benefit from.

Open source is already delivering innovation in the FS sector. But the bottom line is that there is so much extra value it can bring. Unlocking the full potential of open source to effect change does not just require buying DevOps tools. Open source requires organisation-wide understanding and support, a culture of collaboration and a progressive DevOps and governance process to thrive. Only then can it deliver its true value and accelerate innovation.

 

Continue Reading

Magazine

Trending

Banking15 hours ago

Bringing Automation to Banking

Ron Benegbi, Founder & CEO, Uplinq Financial Technologies   Automation is everywhere you look these days; from supermarkets to warehouses...

Finance15 hours ago

Why financial services is stepping into a new era

by James Mingard, Head of Retail & Finance at Maintel   When comparing industries, financial services has arguably fallen behind when...

Business1 day ago

FINANCIAL MARKETS IN 2022: INFLATION, ENERGY PRICES, AND THE CONTRASTING PERFORMANCE OF STOCKS

Bob Jenkins, Head of Research, Refinitiv Lipper   Anyone hoping for a reprieve from the chaos and uncertainty of the...

Business3 days ago

FINTECH TRENDS TO LOOK OUT FOR IN 2022 WHICH WILL CHANGE THE WAY WE DEAL WITH FINANCE!

Embedded Finance is estimated to be a $3.6 trillion market opportunity (Matt Harris, Bain Capital Ventures) Embedded Finance means it’s...

Business3 days ago

THE GREEN REVOLUTION IN INVESTING

It can’t be denied how quickly environmental sustainability has become a focus among everyday consumers, whether they’ve become noticeable through...

Business3 days ago

INVESTMENT IN INNOVATION: 2022 TRENDS AND OPPORTUNITIES

Author: Michael Kodari, Founder and CEO of Kodari Securities (KOSEC)   Moving into 2022, while COVID is still front of...

Business3 days ago

HOW TO CONSOLIDATE INVESTMENT REPORTING OPERATIONS AFTER A MERGER OR ACQUISITION

By Andrew Sehulster and Abbey Shasore   The reason why senior management make an acquisition is to compete better or...

Business4 days ago

FUNDING R&D IS STILL A PRIORITY FOR COMPANIES DESPITE THE PANDEMIC

By Emma Lewis, Myriad Associates   HMRC regularly releases statistics that look at the numbers of R&D Tax Credit claims...

Business4 days ago

Mitigating the insurance risks of climate change through geospatial data visualisation

Richard Toomey, Senior Manager, Commercial Insurance at LexisNexis Risk Solutions UK and Ireland   In the lead up to the...

Top 104 days ago

From compliance to the metaverse: Investment trends to look out for during the year ahead

By Rami Cassis, Founder and CEO of Parabellum Investments   In the investment world, the old saying, knowledge is power,...

News4 days ago

NutreeLife triples production with finance from Siemens Financial Services

Plant-based snack manufacturer NutreeLife has massively increased its production capacity with the help of a hire purchase solution from Siemens...

News5 days ago

HYDR DEVELOPS INVOICE FINANCE PLATFORM TO INTEGRATE WITH MAJOR CLOUD ACCOUNTING SOFTWARE PROVIDERS

MANCHESTER – UK – 17th January 2022 – Fintech start-up, Hydr has developed its proprietary invoice finance platform to integrate...

Business5 days ago

What should you be know about PAN data in PCI DSS?

Narendra Sahoo (PCI QSA, PCI QPA, CISSP, CISA, CRISC) is the Founder and Director of VISTA InfoSec   Introduction PAN...

Finance5 days ago

GET READY FOR A LARGER-THAN-EXPECTED INTEREST RATE SPIKE IN 2022

By Nicholas Sargen As investors assess what is in store for 2022, they should not lose sight of what has transpired...

Banking5 days ago

MYTH BUSTING THE ROLE OF OPEN SOURCE IN FINANCIAL SERVICES

Nigel Abbott, Regional Director North EMEA, GitHub   There is no denying the financial services (FS) industry is under pressure to...

Business6 days ago

How Crypto Traders Can Avoid Unexpected Expenses

Have you been dabbling in cryptocurrency in 2021? Are you still relatively new to the world of crypto and feeling...

Finance6 days ago

Looking Ahead: 2022 Fintech Predictions and Reflections

Will Marwick, CEO of IFX Payments   2021 was the year of recovery and opportunity for many, following months of...

Business6 days ago

A systematic approach to stock selection finnCap’s Slide Rule

Raymond Greaves, Head of Research at finnCap   As an engineer by background, I love data and using it to...

News6 days ago

The UK’s Crypto and Digital Assets Group will be welcomed, but it needs to reach out to the industry

by Jennifer Clarke of regtech CUBE   The advent of the Crypto and Digital Assets Group will be welcomed with...

Finance6 days ago

EMBEDDED FINANCE EXPERIENCES, THE BIG MOVE IN 2022

By Louisa Murray, Chief Operating Officer UK & Europe at Railsbank Over the past year, we have seen some fundamental...

Trending