Connect with us

Banking

MODERN BANK HEISTS: FINANCIAL INSTITUTIONS ARE BEING HELD HOSTAGE

Published

on

By Tom Kellermann, Head of Cybersecurity Strategy, VMware Security Business Unit, @TAKellermann

 

The modern bank heist has escalated to a hostage situation over the past year. The new goal of attackers is now to hijack a financial institution’s digital infrastructure and to leverage that infrastructure against a bank’s constituents. As the world shifted to an anywhere workforce amid the pandemic, we witnessed attacker strategy evolve, becoming much more destructive and sophisticated than ever before.

In the fourth annual Modern Bank Heists report, we interviewed 126 CISOs, representing some of the world’s largest financial institutions, regarding their experiences with cybercrime campaigns. Given the nature of its business, the financial sector has established robust security postures and fraud prevention practices. However, they are facing an onslaught of sophisticated cybercrime conspiracies. Attacks against financial institutions more than tripled last year. This stark reality can be attributed to the organized nature of cybercrime cartels and the dramatic increase in sophisticated cyberattacks. The goal of this year’s report was to understand how offense should inform the financial sector’s defense.

 

Here’s an overview of some key findings:

  • From heist to hostage: 38%* of financial institutions experienced an increase in island hopping, escalating a heist to a hostage situation. Cybercrime cartels understand the interdependencies of the sector and recognize that they can hijack the digital transformation of the financial institution to attack their customers. They use brand trust (often times trust that’s been built up over hundreds of years) against the bank’s constituents by commandeering its assets. *Note: This excludes SolarWinds.
  • Increased geopolitical tension and counter IR triggering destructive attacks: There’s been a 118% increase in destructive attacks as we see geopolitical tension play out in cyberspace. Russia, China and the U.S. underground posed the greatest concern to financial institutions. It is also worth noting that cybercriminals in the financial sector will typically only leverage destructive attacks as an escalation to burn the evidence as part of a counter incident response.
  • The digitization of insider trading: 51% of financial institutions experienced attacks targeting market strategies. This allows for the digitization of insider trading and ability to front-run the market, which aligns with the strategies of economic espionage.
  • Cybercriminals launch Chronos attacks: 41% of financial institutions observed the manipulation of time stamps. This is occurring within a sector that’s incredibly dependent on time given the nature of its business. Because there’s no way to insulate the integrity of time once deployed in a time stamp fashion, this Chronos attack is quite pernicious.

As the threat landscape evolves, so will the tactics, techniques and procedures of cybercrime cartels, as seen in the above findings.

These groups have become national assets for the nation-states who offer them protection and power. In tandem with this, we’ve seen traditional crime groups digitize over the past year as the pandemic hampered them from conducting business as usual. This has popularized the industry of services provided by the dark web, increased collaboration between cybercrime groups, and ensured cyber cartels are now more powerful than their traditional organized crime counterparts.

 

So, how should the financial industry respond? To start, here are a few strategies for security teams:

  • Conduct weekly threat hunting and normalize it as a best practice to fuel threat intelligence. We were happy to hear from the CISOs we spoke with that 48% already conduct weekly threat hunts.
  • Integrate your network detection and response with your end-point protection platforms.
  • Apply “Just in time” administration.
  • Deploy workload security.

The game has changed, and so must the financial sector’s security strategy. Safety and soundness will only be maintained by empowering the CISO. 2021 should be the year that CISOs report directly to the CEO and be given greater authority and resources.

Bob Parisi, Head of Cyber Solutions – North America, Munich Re, echoed the importance of up leveling the role of the CISO as cyberattacks surge: “The report’s findings around an increased level of destructive attacks and island hopping makes it clear that financial institutions remain in the crosshairs. VMware’s recommendation that CISOs should be elevated to C-level aligns with the fact that cyber risk is an operational risk that needs to be managed across a spectrum of technology, process and people, including the use of financial instruments like cyber insurance.”

It’s no longer a matter of if, but when “the next SolarWinds” will occur. As a result, cybersecurity must be viewed as a functionality of business versus an expense. Trust and confidence in the safety and soundness in the financial sector will depend on it.

To learn more, download the full report.

 

Banking

Augmented automated underwriting and the evolution of the life insurance market

Published

on

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions

 

It’s almost inevitable. Spend your working life identifying, analysing, quantifying and ascribing monetary value to risk, and you’re likely to have a fairly strong aversion to it. Or more accurately, an aversion to undertaking new endeavours with inadequately understood consequences. The insurance industry is, on any number of levels, the very definition of risk-averse.

And yet, for all the commentary suggesting otherwise, insurance still has an appetite for innovation. If the insurtech sector is any indication, then an interest in and requirement for new solutions is being recognised and slowly addressed.

Declan O’Neill

It may not employ the language of disruption that runs through the wider fintech market, it may be short a few unicorns and unable to boast some of the record-breaking funding rounds, but a quiet tech evolution has been building in insurance nonetheless. Hence the advent of automated underwriting facilitated by more advanced algorithms and data analysis.

Where insurtech does overlap with its more vocal fintech counterparts is in the greater use of artificial intelligence (AI) and machine learning to solve age-old problems around data analysis and interpretation.

It’s about five years or so since AI first became a topic of conversation in insurance. Since then, despite the intensity of the debate, it has often felt like a reality that is always just over the horizon – a destination that kept moving even as more and more efforts were directed towards it.

But recent research suggests that the journeys made so far have not been in vain. We are at a point where embracement of AI is about to step up a gear. The global value of insurance premiums underwritten by AI have reached an estimated $1.3 billion this year, as stated by Juniper Research; but they are expected to top $20 billion in the next five years. As a destination, it is closer and more attainable than ever before.

However, AI is not an island. Its promise of $2.3 billion in global cost savings to be achieved through greater efficiencies and automation of resource-intensive tasks will not be achieved in isolation.

AI remains part of a more complex ecosystem of data gathering and analysis. It can apply new technologies to get the best out of the already established and still-emerging data sources that feature in underwriting offices around the world. It emphatically does not require these existing investments to be ripped out, replaced or downgraded.

It is more helpful therefore to see AI as the differentiating factor in the latest generation of insurance IT: augmented automated underwriting, or AAU for short.

AAU gives underwriters the ability to spot patterns and connections that are, frankly, either invisible to the human eye or which take normal, human-assisted processes unfeasible amounts of time and resource to identify.

Whereas earlier generations of automation were able to pick up the low-hanging fruit of insurance markets – the individuals whose driving history fit into clearly delineated boxes, for example – AAU can take into account all of the rich complexity of the human experience. It can spot the nuances and individualities that populate the life market, for example, and translate those into accurate policies.

That’s good news for both underwriters and their customers. AAU can significantly reduce the need for separate medicals, repeated questions, lengthy decision-making processes, and drastically increase the speed at which a potential insurer can get a quote and cover – while continually improving the way risk is calculated and managed.

It can make sure the decision-making process remains in the hands of underwriters rather than IT departments, enabling them to set and update the rules and parameters as befits their preferred business model. It consequently makes advanced, complex and precise decision-making available to a broader range of underwriting businesses – which is good for those businesses, good for customers and ultimately good for the entire industry.

AAU – augmented automated underwriting – is an example of the realisation of AI’s promise. As such, it’s set to become one of the key talking points and disruptive technologies of the insurance industry. And this time, AAU is both a journey and destination that all progressive insurance organisations need to be considering for their future operations.

 

 

Continue Reading

Banking

ESG in the finance and banking industry – are you ready?

Published

on

By Julian Moffett, CTO BFSI, EDB

 

Environmental, Social and Governance (ESG) has soared towards the top of banking, financial services, and insurance (BFSI) and other boardroom interests. Organisations everywhere know they need to take ESG and greenhouse gas emissions (GHGs) seriously not only because it is the right thing to do for the future of the planet or because it can help attract and retain talent, but also, because failing to do so may pose a risk to the economic value of their businesses and encourage probes by governments, watchdogs and non-execs. However, complying with complex reporting and going the extra mile to actually deliver on the goals of the rules is a challenge in many ways, not the least of which is in achieving the required excellence in data management to underpin strong reporting on ESG.

 

What is ESG? 

Julian Moffett

ESG is an umbrella term that covers a broad gamut of activities. Gartner defines ESG as “…a collection of corporate performance evaluation criteria that assess the robustness of a company’s governance mechanisms and its ability to effectively manage its environmental and social impacts.”

The CFA Institute describes the environmental element as focusing on “the conservation of the natural world” and includes measuring “climate change and carbon emissions,” “air and water pollution” and “biodiversity” among many other measures. Social considers “people and relationships” looking at areas including “customer satisfaction,” and “gender and diversity.” Governance covers “standards for running a company” and analyses factors such as “board composition,” “audit committee structure” and “audit committee structure.”

 

Status of the current regulatory environment

There are many bodies proposing rules to formalise ESG monitoring and seeking to ensure corporate compliance. Some example groups, frameworks and bodies:

  • The Task Force on Climate-related Financial Disclosures (TCFD)
  • Streamlined Energy and Carbon Reporting (SECR)
  • The International Regulatory Strategy Group (ISRG)
  • The Sustainability Finance Disclosure Regulation (SFDR)
  • The International Sustainability Standards Board (ISSB)
  • The Sustainability Accounting Standards Board (SASB)
  • Sustainable Development Goals (SDGs), the Global Reporting Initiative (GRI) support efforts such as the US SEC’s Climate and ESG Task Force.

Financial services organisations are very aware that the current regulatory landscape is far from mature (and will continue changing) both in terms of alignment between bodies and also with regard to when the new rules will come into effect. At the of time of writing:

  • The requirement for Scope 2 disclosures (see below for description) for the Sustainable Finance Disclosure Regulation (SFDR) will likely come into effect in 2023
  • A proposed Corporate Sustainability Reporting Directive (CSRD) should be agreed by the European Parliament this year for implementation in 2024 to report on performance in 2023.
  • Meanwhile, the SEC has just released its proposed rules for climate-related disclosures, which,if passed in legislation, may come into effect as early as year end 2022.

 

Reporting Obligations 

Reporting can cover a wide range of areas covering energy consumption, GHG emissions, water consumption and waste management to health and safety, labour rights, diversity and inclusion to ethical conduct, and even areas such as appropriate executive compensation.

While the regulatory reporting obligations are not yet finalised, the expectation is that compliance may prove to be an onerous task. For example, organisations are under pressure to monitor carbon emissions but even so-called Scope 1 emissions (those that come from owned or controlled emissions) can be hard to track. Factor in Scope 2 (indirect emissions such as purchased power) as well as Scope 3 emissions from up and down value chains, and the reporting task at hand is difficult indeed.

To measure, monitor and manage in addition to staying on the right side of rules, organisations need to have excellent data management fundamentals, strong reporting tools and a new class of applications, which also have the agility to adapt to rapidly changing regulatory demands. Data will be used both to support decarbonisation measures but also to identify where there are disclosure gaps. It was telling that when the SEC issued a press release on its Enforcement Task Force, it specifically referred to data:

“The task force will also coordinate the effective use of Division resources, including through the use of sophisticated data analysis to mine and assess information across registrants, to identify potential violations.”

Having reliable data comply with emerging rules isn’t the only essential requirement for organisations. Institutions need such data to understand where they are in their journey to sustainability, so that they can set sensible targets and track progress against them. Organisations will have to cover the data trifecta of availability, management and transparency. Many organisations may be stuck in the early stages of managing ESG, overly relying on manual processes, spreadsheets and email. But their target should be to get to real-time data insights that are easily visualised, understood and shared. As a foundation, BFSIs need to capture, manage and securely share data reflecting consumption and safety to emissions, financials and data from surveys measuring results against ESG targets. Data emanating from ERP and other back-office systems, performance data from third-party associates, media and social network coverage, spatial/geolocation systems and beyond should also be factored in.

 

Actually reducing GHGs

Organisations are using a wide variety of ways to reduce emissions and improve their footprints from using renewable energy sources to making secondary use of energy; for example, in the case of one university, this is done through capturing data centre heat in hydroponics. For IT, making broader use of multitenancy in cloud computing and hosting services is a popular way to reduce emissions. Not only do these large data centres offer an economy of scale, they also tend to be state of the art in their use of renewables and highly efficient hardware and other infrastructure. Gartner, in an article titled The Data Centre Is Almost Dead, says it expects 80 percent of enterprises will close in-house datacenters by 2025. For me, the jury is out on this one but an interesting one to monitor going forward.

 

Conclusion

We are at the start of a very significant inflection point in regulatory and consumer expectations around ESG. BFSIs should be under no illusion that momentum is building rapidly in terms of having to address strict reporting requirements and implement strategies to reduce GHGs.

However, we also see this as a time of positive change. As the leading provider of Postgres, EDB is excited to help organisations further their ESG goals as the journey unfolds. We are closely monitoring the implications of ESG regulations as they will give rise to a new class of applications and drive adoption of green data centres. We see OSS, including Postgres, as playing a key role in this shift as often the movement to private and public cloud helps accelerate application modernisation and enables displacement of outdated incumbent technology (including database) platforms. As the leading provider of Postgres, EDB is excited to help organisations further their ESG goals as the journey unfolds.

 

Continue Reading

Magazine

Trending

Business10 hours ago

CBDCs: the key to transform cross-border payments

Dr. Ruth Wandhöfer, Board Director at RTGS.global   If you work in finance, you’ll have been hearing a lot about...

Business10 hours ago

Green growth: The unstoppable rise of climate technology investment

With the investment community focusing more and more on renewable technologies, investor interest is at an all-time high. Ian Thomas,...

Business10 hours ago

Bolstering know your customer processes as regulation tightens

Nick Payne, banking services, customer advisory, SAS UK & Ireland, discusses how new technologies allow financial services companies to develop rigorous KYC...

Finance10 hours ago

The penny has dropped – the finance sector needs Data Governance-as-a-Service

By Michael Queenan, Co-Founder and CEO at Nephos Technologies   In our data-driven world, the amount of data is growing...

Business11 hours ago

Seven tips for financial services brands using mail

By Cameron Russell, Head of Marketing at Marketreach   Customer experience (CX) is a powerful differentiator for modern brands. If...

Top 1011 hours ago

Turn the data landfill into an insight goldmine

Andrew Watson, CTO, MHR Today, businesses have access to a wealth of data, with vast amounts of information created daily....

Business11 hours ago

A Culture of Cyber Security Throughout Financial Services Organisations

Michael Cantor, CIO, Park Place Technologies Financial Services organisations have long been a top target for cyber-attacks given both the...

Business3 days ago

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation The strongest recommendation yet by the Financial...

Business3 days ago

On-demand pay: why payroll needs a modern approach

Byline:  Paul Bartlett, CEO, CloudPay   While the world of work has evolved drastically over the last decade, payroll has...

Business3 days ago

 ‘What should real estate investors be doing now – has the market hit rock bottom or is now the time to buy?’

Following many years of housing prices soaring and competition steadily increasing, real estate growth has finally started to slow, likely...

Business4 days ago

Expert Guide for Email Marketing to Improving Your Conversion Rates

If you talk about email marketing campaigns, it would seem like an old-fashioned advertising style. But it is still an...

Banking6 days ago

Augmented automated underwriting and the evolution of the life insurance market

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions   It’s almost inevitable. Spend your working life...

Banking1 week ago

ESG in the finance and banking industry – are you ready?

By Julian Moffett, CTO BFSI, EDB   Environmental, Social and Governance (ESG) has soared towards the top of banking, financial...

Top 101 week ago

An Entrepreneur’s Guide to Investing in Bitcoin

Marcus de Maria, Founder and Chairman of Investment Mastery.   Over recent years, Bitcoin has been steadily growing in popularity...

Business1 week ago

Overcoming macroeconomic challenges

By Mike Chambers, formerly CEO of Bacs and a consultant at Access PaySuite.   For businesses offering a subscription-based service, the...

Banking1 week ago

How unlocking the potential of tokenised markets can help banks keep pace with the digital economy

Giulia Secco is the Strategic Partnership & Ecosystem Manager at Fnality International.   In the aftermath of the 2008 financial...

Banking1 week ago

The role of Artificial intelligence in compliance at banks

Sujata Dasgupta, Global Head – Financial Crime Compliance Advisory, Tata Consultancy Services   There’s not a financial institution across the...

Technology1 week ago

Scaling securely in the automation-first era

By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk   Robotic process automation (RPA) has been one of the...

Business2 weeks ago

Putting technology to work on entrepreneur fund-raising

By Simon Glass, CEO, Qodeo   Human relationships are behind the most successful venture capital deals. The chemistry between an...

Finance2 weeks ago

Why leveraging strong identity verification is the key to remaining competitive for financial services

By Philipp Pointner, Chief of Digital Identity at Jumio   With the recent revelation that Facebook is allowing sales of...

Trending