Connect with us

Interviews

Q&A with Andréa Jacquemin, founder and CEO of Beamy

Published

on

Beamy is a fast-growing scale-up that focuses on pioneering a new approach to SaaS management for large companies. Founded in 2017, it has recently launched in the UK and in April it completed a €8 million Series A funding round.

 

Beamy recently held a successful Series A funding round to support international expansion and product development. Why is now the time to strike? 

“We are convinced that SaaS issues are major issues for large companies, whether French or international. With this fundraising from major investors including Agaé Ventures and ISAI, both of whom are recognised for offering cutting edge expertise in the tech sector, we are setting out to conquer the international market.”

 

How quickly is SaaS adoption growing in enterprises? 

“The adoption of SaaS platforms grew by 125 percent from 2020 to 2021. A reason for the influx of SaaS adoption is that the agile and hybrid nature of SaaS matches the hybrid style of work, which many companies adopted during the pandemic. Beyond the pandemic, the future forecasting of the industry is predicting huge growth, with the market value to reach $168.6 billon in 2024.

“While digital transformation was accelerated by the pandemic, it has taken on a life of its own. There is now a catalogue of SaaS applications available to employees, with different uses and price points. In companies with more than 1,000 employees, there are on average several hundred different SaaS solutions in use, representing several million dollars in annual costs.”

 

How is the growth of SaaS shifting workplace technology strategies? 

“The explosion of SaaS within companies has introduced a real organisational change: a true decentralisation of technology ownership and empowerment of business units, who choose and implement their solution themselves. This IT decentralisation has become inevitable and is forcing large organisations and CIOs to rethink their model to structure SaaS growth in a secure environment.

“The objective is not to block access to technology, but rather to enable the freedom of technology choice within a framework that offers more transparency and autonomy.”

 

Have you seen a link between the trends of IT decentralisation and increased hybrid working?

“It is well established that the COVID-19 pandemic forced companies to rethink their workplace operations and accelerate their digital transformation. As a result, the number of tools on the market to serve the world of remote or hybrid working have also increased.”

“Hybrid working gives employees more autonomy, allowing them to choose their preferred SaaS applications for completing tasks. There is clear evidence that today’s workforce is demanding more control over how they accomplish tasks. Having access to a wide range of tools creates a decentralised model for IT systems, in which technology needs are self-defined by employees. The democratisation of this process, while advantageous for team productivity and innovation, can also pose several risks to the infrastructure of businesses.”

“While employees are bound in hybrid work settings, CIOs have little control over how these applications are onboarded and managed. In general, when we meet a CIO of a large company, they estimate that their organisation uses 30 to 40 SaaS tools. However, when we begin working together, our technology detects several hundred active SaaS solutions, often revealing more than 75% of shadow IT.”

 

Has the Great Resignation increased the risks presented by shadow IT? 

“When an employee leaves, if the business does not know where data is being stored then any level of data loss is possible. SaaS applications have become easier to buy online through affordable subscriptions. Whether they know it or not, most companies are being digitalised from the bottom up. But this has also led to an explosion in cyber and compliance risks.”

“A high employee turnover, or using lots of freelance workers, can make the problem worse because each new employee will add in their own favourite apps for work. When an employee leaves, their old logins can be left unprotected and invisible to the IT team. That makes them the ideal target for hackers.”

 

What can organisations do to minimise these risks?  

“Now that almost all jobs are digital, it’s vital that HR and IT work together on the onboarding and offboarding processes, not simply rely on technology. This needs to include close collaboration and a proper framework to check for potential governance or compliance issues. It also means old logins can be deleted, meaning fewer ‘back doors’ for hackers to exploit. This makes it easier to identify what apps have sensitive data in them, that need to be removed. Having a central platform to track the apps being used can help with this, but ultimately it needs to be underpinned by a strong company culture of collaboration and compliance awareness.”

 

What specific technologies does Beamy use in its platform to tackle these challenges?

“Beamy has developed powerful scoring algorithms capable of detecting all of the SaaS applications actually implemented in the company. Beamy then is able to follow the evolution of each application over time, provide employees with a catalogue of all applications implemented in the company, define an autonomy matrix according to the potential risks of future applications, and navigate an app store of more than 50,000 applications on the market.”

“This enterprise App Center enables business departments to choose their own technology by feeding them the right information for selection, security and implementation over the long term.”

“Beamy thus guarantees a global approach to SaaS governance necessary to support large companies in the long term to structure their IT decentralisation and establish synergy between all stakeholders: CEOs, CIOs, IT leaders, and business teams.”

 

What is your top piece of advice for CIOs facing shadow IT challenges? 

“The top-down vision of IT is over. We are witnessing a true decentralisation of technological ownership and empowerment of business units, which are selecting and implementing their own solution. This is a story of balance – if we put too many constraints on employees’ ability to choose their applications and implement lengthy processes, they will still use the applications but won’t go through the proper channels with IT in the implementation.”

“Without a solid structure of decentralisation, the risks will be considerably increased and the budgets won’t be optimised. In any situation, you have to find the proper balance in terms of autonomy that works for your workforce, but keeping the status quo on this subject is the worst solution.”

 

Thanks for your time, Andréa. 

Interviews

Matt Cox, Managing Director and General Manager, EMEA, FICO, answers questions on fraud from Finance Derivative

Published

on

By

What are the biggest fraud concerns for FICO’s customers?

Scams are definitely high on the list. There is a continued surge in Authorised Push Payment (APP) scams, advanced social engineering, and pandemic-related fraud.

The level of sophistication present in scams seems to grow at a daily rate and that is always one of our biggest concerns – staying ahead of the criminals. A coordinated approach to managing the authentication of customers will be a strong starting point for any organization, so that they can adapt and adjust as the market changes. To address current fraud concerns, banks need to take this into consideration. There are specific machine learning models designed to detect scam-related activity, and banks should explore those.

How have scams changed since the pandemic started?

Investment and crypto scams saw a big spike and there was a swift rise in vaccine-related scams with an emergence of a black market for the sale of fake vaccine passports. There is certainly a good level of public awareness of scams, but according to our consumer fraud survey, only 6% of customers said they were most concerned about being tricked into sending payments to a fraudster — as compared with 26% who were most concerned with having their stolen identity used to open an account, which is much less likely. This relaxed attitude in combination with increasingly realistic and creative social engineering and impersonation schemes, is part of the reason why fraudsters continue to succeed in scamming customers.

Authorised push payment fraud is one of the biggest concerns in the digital payments industry. According to UK Finance, APP fraud has, for the first time, surpassed card fraud with £355 million in losses attributed to APP fraud in the first half of 2021.

What is the challenge for banks right now in dealing with APP scams?

APP scams present a unique challenge as they involve tricking the victim into sending money to the fraudster. Despite measures like Confirmation of Payee (CoP) being put in place to stop these fraudulent transactions, the victim will have the final say and can override warnings put in their way. A layered approach is needed to prevent it, multiple tiers of armor are always most effective.

Some improvements in payment technology are actually making it easier for criminals to commit APP fraud. As more consumers and businesses adopt simple ways to send money in real time the pool of potential victims increases, a trend accelerated by the COVID crisis pushing more people to use online banking. Real-time payments also lower the risk for fraudsters, as money is transferred instantly, fraudsters can move payments through multiple accounts in a process of layering to launder the proceeds of the fraud and make tracing them more difficult.

Criminals are devious and clever, and victims cannot simply be written off as gullible exceptions. As real-time payment schemes can be used to transfer large sums of money, there is a need to employ layered fraud protection across all products and channels used to manage real-time payments.

Maintaining good customer experience by not impacting too many genuine transactions is a growing concern. As banks get better at detecting scams, there is still a very high false positive rate with many genuine customers needing to be disrupted in order to find a single fraud. This is where advanced analytics and particularly a consortium approach are critical aids.

What has your research told you about how different generations think about fraud and scams and the actions they take to avoid them?

We frequently survey consumers across the world to get a sense of their attitudes towards fraud and the security measures implemented to catch it. The results are always interesting and often flag the differences in how age groups approach financial security.

For example, in our most recent survey of 1,000 UK consumers, 55% said they would switch banks if theirs was reported to be involved in a money laundering scandal. The younger age groups would be most eager to swap their financial service provider after a money laundering scandal: 64% of 18 to 24 year-olds would switch, as would 68% of 25 to 34 year-olds.

Those in the Millennials generation – aged 25-34 – appear to be the least impressed with banks’ current approaches to fraud. When asked about account takeover, 19% thought banks were not fair with customers in terms of how they resolved this. And when considering cases of customers being tricked into sending money to fraudsters, 21% of them thought measures were not fair.

How much of an issue is social engineering?

Social engineering is a vital component of a fraudster’s playbook. It is not a new approach for them but is one that can cause devasting results. Fraudsters buy compromised data (credentials, ID documents, personally identifiable information or payment details) and ultimately, they use it to manipulate victims and commit fraud. Sometimes, fraudsters don’t have all of the pieces of the puzzle together, so they often further manipulate systems and customers in order to get the full suite of assets they need to steal.

The complexity of scams and social engineering means that financial institutions have to take a layered approach to prevention and detection. For example, checking device characteristics is useful, but when combined with Confirmation of Payee, transactions analytics, customer profiling and instant messaging services for verification, this is where the layers play extremely well together. When and how fraud prevention solutions are deployed must be balanced with other factors such as customer experience and operational costs. Being dynamic and flexible is key to both creating the necessary balance and evolving at least as fast as the fraudsters can.

Identity authentication isn’t as strong in a scam event as it is in other fraud types. Nearly all fraud events start with a data compromise and with scams it’s no exception. Identifying compromised and vulnerable customers is still very inconsistent across banks, so there is a big opportunity to be more proactive in stopping the scam before it is initiated.

Many banks have incorporated consumer protection into their marketing plans but I would like to see more do it across the industry.

What are the latest scams you are seeing emerging?

Before Open Banking, criminals applied for low-risk accounts using a fake identity in order to start building up their credit file. Over time, they would move into commerce and then onto higher-value targets, hitting them hard.

We believe this approach is finding its way into the Open Banking ecosystem as a faster route to higher-value credit. Having secured low-risk bank accounts and passed the Know Your Customer requirements, criminals are attempting to access new services through Open Banking third-party providers, who offer loan approvals and various other financial and investment services.

We’ve also seen a steady rise in fake videos and audio with targeted content that manipulates and gains access to personal and finance data. As the technology becomes more sophisticated, it’s becoming the new favorite tool in financial crime. For instance, bank manager in the United Arab Emirates fell victim to a threat actor’s scam, when hackers used AI voice cloning to trick the bank manager into transferring $35 million.

We believe this will become a big challenge for banks in Europe and across the globe as they find themselves increasingly targeted in this way. As those deep fake technologies develop, we will see more innovation and use of a wider variety of biometric technology thrown into the mix.

Continue Reading

Interviews

Why is your financial response plan static against dynamic risk?

Published

on

By

By Kev Breen, Director of Cyber Threat Research, Immersive Labs

 

When it comes to cyber security, there is a grave misconception that financial services are the most secure industry. This perception comes from the massive security budgets that financial organisations tend to have. In fact, the combined BFSI industry leads the line in cybersecurity spending, holding 18.7% of the global security market share.

However, larger budgets don’t always mean better security. This is evident from the number of losses financial organisations suffer each year from successful attacks. In the banking sector alone, the annual cost of cyber-attacks reached $18.3 million per company last year.

Effective security often boils down to strategic elements such as how well organisations are managing risks, what response plans are in place, and how well the workforce is capable of tackling dynamic threats.

We talk to Kev Breen, Director of Cyber Threat Research from Immersive Labs in order to understand the critical issues of human cyber capabilities and threat response plans in today’s financial services industry.

 

Why does the financial sector continue to be a frequent target of cyber-attacks?

The critical and sensitive nature of this industry makes financial organisations a more lucrative target for threat actors. Ultimately, it’s where the money is. Organisations like commercial banks, investment firms, accounting firms, insurance companies, and brokerage firms hold a lot of sensitive data – not just from individual users, but also from businesses and governments. These companies are a gold mine for attackers, in terms of data.

Also, targeting financial organisations allows threat actors to cause mass-scale disruption. For example, if a banking system is hit by a ransomware or Distributed Denial of Service (DdoS) attack, it will hinder its ability to effectively serve the customers until services are restored – leading to significant financial disruption. These are the key reasons why financial organisations continue to be frequently targeted despite investing heavily in cyber security.

 

What are the shortcomings of current financial response plans that are leading to this influx of successful attacks?

An effective threat response plan is critical for any organisation. When faced with sophisticated attacks like ransomware, your response plan determines how efficiently the workforce manages the security incident. However, the issue is that most financial response plans are static. They look good on paper but have little effect when the situation comes to be.

Also, organisations often don’t test these plans against real-world scenarios. They are established like a theoretical strategy, without any practical assessment or evidence to support its effectiveness in the face of a real security incident.

For example, in a traditional response plan, potential risks are identified, proposed response plans are outlined and then filed away for use when the incident occurs. However, sophisticated risks like ransomware are dynamic. They don’t always follow the same pattern or same variables. Also, they don’t always target the same files. So, if the response plan is not tried and tested against different scenarios, you can’t ensure that it will hold up when threats break.

Moreover, ransomware attackers are now applying a double extortion method. They don’t just encrypt and lock away your sensitive data but also exfiltrate it – threatening companies to pay up immediately or see it get leaked on public domains.

Another critical issue is that most companies develop their threat response plan with only the IT and security teams in mind. However, threat actors can target any department across your workforce, whether it’s the sales team, marketing team, or general admins. Threats like ransomware need a collective response. Every employee has a role to play.

If the response plan or training programs are just catering to the security teams, other employees won’t have the required knowledge or information to fulfil their responsibilities during an incident.

Therefore, in such an unpredictable threat landscape, businesses can’t rely on a static response plan. Chances are that their pre-determined plans won’t fit the variables of the attack or demand during the crisis. These implications were also evident in our latest research findings.

We found that financial organisations performed second worst in crisis simulation exercises out of 10 industries. In fact, out of the top ten worst decisions during a crisis, five came from financial services organisations. So, it’s safe to assume that most financial organisations lack the human-cyber capabilities to make adaptive and agile decisions when faced with dynamic threats like ransomware.

 

Why does it take so long for financial organisations to develop the necessary skill to defend against cyber-attacks?

Our research found that financial services organisations need an average of 97 days to develop the skills necessary to defend against critical cyber risks. National cyber security bodies recommend that businesses should not take more than 48 hours in patching vulnerabilities and implementing their response plan after the initial detection. Clearly, there is a major gap in human cyber capabilities for such organisations.

The reason for this gap comes down to the lack of cognitive agility among the workforce. Cognitive agility is the ability to adapt and shift our thought processes when faced with critical scenarios. Organisations need a workforce that can make agile and conscious decisions quickly when faced with diverse threat scenarios.

Cognitive agility inevitably increases the human-cyber capabilities of the entire workforce. Employees can consider the different aspects of an attack and make better decisions, instead of following a scripted response plan that wasn’t developed with a consideration of dynamic risks.

 

What are the proactive steps financial services organisations can take to develop cognitive agility amongst their workforce?

To build cognitive agility among the workforce, financial organisations need to prioritise a cadence of exercising. Simply launching training programs isn’t enough, they need to focus on scenario-driven simulations and test exercises. The aim is to build an entire workforce that can function as adaptable incident responders, who can think on their feet, and effectively react to the situation in from of them.

That’s why scenario-driven exercises are critical. You’re not teaching people to respond to a specific crisis, but rather helping them develop critical thinking and decision-making skills.

It’s also important to consider how you are distributing such exercises across the entire organisation. Financial companies tend to have a very diverse workforce, with multiple different departments and multiple roles. Employees of each department have different skills and knowledge levels. Some might already have a great knowledge of the security domain, while some might be very new. So, making everyone go through the same level of exercises won’t get you the desired benefits.

This is where Cyber Workforce Resilience becomes significantly useful. It’s a robust model that allows companies to benchmark their current human-cyber capabilities, measure the knowledge, skills, and judgement of the current workforce, and prioritise exercises where they’re needed. Cyber Workforce Resilience helps to map human capability within the workforce and generate data/insights to produce a real-time picture of the organisation’s cyber resilience.

Benchmarking current knowledge, mapping out human abilities, and regularly exercising capabilities based on different scenarios will help build a resilient and agile crisis response team, who are always ready to take effective decisions – regardless of how dynamic the risks are.

Continue Reading

Magazine

Trending

Business9 hours ago

Solving the Future of Decarbonisation in Real-Time

Jamil  Ahmed, Distinguished Engineer at Solace   The energy sector has faced many disruptions and challenges in recent years, from...

Banking15 hours ago

Resilient technology is the most important factor for successful online banking services

By James McCarthy, Director of Solutions Engineering, NS1   More than 90 percent of people in the UK use online...

Technology16 hours ago

Why anti-spoofing fingerprint technology is essential for the continued growth of digital payments

Anthony Eaton, CTO, IDEX Biometrics   The digital payments revolution is being driven by consumer demand for ever increasing convenience....

Finance16 hours ago

Why Financial Services must ‘Change its Change’ to deliver results

By Hervé Mazenod, Managing Director, Financial Services Sector at Webhelp  You can almost hear the collective sigh of relief from financial...

News16 hours ago

Real-time payments are here to stay and with good reason 

Real-time Payment (RtP) models are here to stay for the foreseeable future alongside traditional payment schemes. But as businesses increasingly...

Business16 hours ago

Criminal Minds: Account Opening Fraud Tactics put to the Test

By Raj Dasgupta, Director, Global Advisory, BioCatch   The last two years have created a perfect storm for account opening...

Business4 days ago

Know Your Business (KYB): Exceeding KYC

Victor Fredung, CEO at Shufti Pro   Money laundering costs the UK more than £100 billion pounds a year, according...

Finance1 week ago

Mini-Budget 2022:

Tax giveaway is a boost for business, but will it drive growth or fuel inflation?   Chancellor Kwasi Kwarteng has...

Finance1 week ago

A zero trust environment is critical for financial services

Boris Bialek, Managing Director of Industry Solutions at MongoDB Not long ago security professionals were still focused on protecting their...

Banking1 week ago

Digital Banking – a hedge against uncertainty?

Ankit Shah, Head of Digital Banking, Apex Group   The story of the 2020’s thus far is one of crisis....

News2 weeks ago

Union Bank of India goes live with RuPay Credit Card on UPI with Kiya.ai as a technology partner

Nitesh Ranjan, ED Union Bank of India with Rajesh Mirjankar, Managing Director & CEO, Kiya.ai at the launch   Kiya.ai,...

Finance2 weeks ago

Anyone Can Become an R&D Tax Expert with the Right Foundations

Ian Cashin is a Customer Success Manager at Fintech company and R&D tax software provider WhisperClaims   For accounting firms,...

Business2 weeks ago

Addressing the ongoing global pilot shortage issue

By Bhanu Choudhrie, Founder of Alpha Aviation   The Covid-19 pandemic brought the aviation industry to a halt, causing vast...

Business2 weeks ago

How exporters can mitigate risks and operate smoothly in stormy, post-Brexit waters

By Morgan Terigi is Co-Founder and CEO of Incomlend   The past few years have presented a series of hurdles...

Business2 weeks ago

From employees to customers, workforce management can benefit the entire banking ecosystem

Michael Cupps, SVP of Marketing of ActiveOps explores the significant impact workforce management can have on the employees and customers...

Business2 weeks ago

Redefining the human touch with digital transformation

Simon Kearsley, CEO of bluQube   It may not be a new phrase, but digital transformation is still inducing anxiety...

Finance2 weeks ago

CFOs – the forgotten ally in the fight against ransomware

Justin Vaughan-Brown, VP Market Insight at Deep Instinct   Ransomware attacks have nearly doubled in the past couple of years....

Technology2 weeks ago

7 cost benefits of cloud accounting software

By Paul Sparkes, Commercial Director of iplicit, an award-winning accounting software developer   Is your accounting software having a laugh...

Business2 weeks ago

How does Identity Access & Privileged Access Management help in PCI DSS Compliance?

Narendra Sahoo is a director of VISTA InfoSec. Introduction The Payment Card Industry Data Security Standard also commonly referred to...

Finance2 weeks ago

Listed private debt deserves a closer look from investors

By Michel Degosciu, Managing Partner, LPX AG Over the past few years, the private debt asset class is attracting serious...

Trending