Connect with us

Top 10

SECURITY IN THE FINANCIAL SECTOR: WHAT NEXT?

Published

on

Financial Sector

Stephan Fabel, Director of Product, Canonical

Over the last few years, there has been a growing realisation that privacy is the right of every citizen. Equally, it’s increasingly evident that you can’t enable privacy without having security in place. You only need to look at the volume of headlines reporting cyber-attacks in any given week or month to see that a number of companies have been irresponsible to date. No organisation is immune to today’s cyber threats, not least financial services companies which process and handle vast amounts of sensitive information. With this in mind, these businesses need to ensure they’re adopting the right technologies to protect themselves from this growing threat.

Encryption is one of the most notable security solutions in modern-day banking and fintech operations. Banks are well-known for using encryption for security reasons. Today, the biggest challenge lies in bringing this level of security to the wider industry. Finserv customers expect stringent levels of security coupled with easy deployment, flexibility, and agility, which often poses a challenge for IT teams. Yet there are solutions available to overcome this issue, with IBM providing one example. It is working alongside Canonical to provide its fintech customers with the technology to optimise data protection and privacy across both containers and multi-cloud infrastructures.

 

The arrival of containerisation

One such technology is the “secure service container”, developed specifically for container-based applications on IBM’s LinuxONE. It offers developers a mix of hardware and software, which enables them to derive the same quality of security that they would on Linux, and in any data centre – whether on-premise or in the cloud.

The next generations of finserv infrastructures are being built around Linux because it is easy to deploy, and gives a highly functional and easily automated stack. Industry giants such as Barclays have already built whole data centre infrastructures around Linux. Beyond providing easy access to innovations and software frameworks for IT departments, open source software also increases trust, which is essential for security compliance in the long term.

With close-sourced software, it is not possible to verify all background activities taking place, and in the case of a bug or an error, it is difficult to assess the reasons behind them, due to the fact that only the original developer has access to the backend. Whereas with open source, the community of developers is very quick to identify and fix bugs or errors.

Ultimately, containerisation can unlock new levels of security, cost savings and developer efficiency within the finserv sector. Most developers are not security experts, but are looking for cost efficiencies when deploying new systems and applications. With containers, they can move things to the cloud at the push of a button, and it will run as a virtual machine. Such capabilities offer advanced hardware security which developers have not traditionally been able to benefit from, restricting cyber criminals entry even if they have physical access to computers.

It’s no surprise then that banks and fintechs are already turning to this technology to protect themselves against increasingly common attack factors, including malware, ransomware and memory scraping.

 

Cryptography and blockchain

In the next 10-15 years, quantum computers will become sufficiently powerful to break all current cryptography keys, and it’s vital that the finance sector prepares for this development in advance. We are already seeing technology vendors populate their systems with such algorithms, moving from firmware into hardware. When quantum computers advance to the required level of power, businesses will need to decrypt all of their data, and re-encrypt it using new methods such as quantum cryptography.

Blockchain technology, alongside these new cryptography techniques, will also become one of the key security algorithms within the banking and financial industries. Ultimately, the aim is to enable the finserv organisations to operate, test and run analytics without data. The sector also benefits from the number of innovative new players within the space, all of whom will have built their IT infrastructures on non-monolithic systems, and are free of the shackles often caused by legacy systems.

 

Finance

HOW FINANCIAL ORGANIZATIONS CAN PROTECT THEIR DATA

Published

on

By

Yuval Wollman, President, CyberProof and Chief Cyber Officer, UST

 

Top executives from Wall Street’s largest banks pinpointed cybersecurity as the greatest threat to America’s financial system, at a Congressional hearing that took place in May.

The concern of financial industry leaders with cyber-attacks is neither surprising, nor new. The attraction of cybercriminals to banks and other financial institutions makes sense, given the fact that the financial sector functions as gatekeepers – not just of financial assets, but also of valuable Personally identifiable information (PII).

Threat actors are attracted to attack financial institutions to earn a profit through increasingly sophisticated attacks that range from ransomware attacks to identity theft. But while the threat continues to grow, there is much that can be done to mitigate the risks.

 

The Downsides of Digital Banking

The number of attacks on financial institutions increased sharply in the last two years due to the upheavals wrought by COVID-19, which prompted a dramatic rise in the number of online transactions.

With so much of today’s financial transactions done on both web and mobile devices, threat actors have more opportunities than ever before. Take, for example, the growing importance of Man in the Middle (MITM) Attacks, which impersonate another party online and give criminals access to personal data, passwords, and banking details.

With the widespread adoption of digital banking, consumers have become increasingly worried about cyber-attack. As a result, there’s growing demand to create better consumer protection laws that respond to the rapidly evolving technology. The U.S. Federal Trade Commission (FTC), for example, recently strengthened security safeguards for consumer financial information.

 

It’s Not “Just” About the Money

Financial organizations are at risk not just from threat actors looking for profit, but also from nation-states and hacktivists acting out of idealistic motives or as a means of achieving specific political ends.

The most famous examples of this type of attack include Russia’s 2016 attack on Ukraine’s electric grid and North Korea’s 2017 attack on Britain’s National Health Service.

Because of the extent of the damage that this type of attack could cause, NATO established cyberspace as the “fifth domain of warfare” in 2016. It developed a definition of when foreign factions are banned from attacking financial institutions, due to the fear that this type of attack could directly lead to a country’s destabilization.

 

Recognizing Risk Factors

The digital transformation of financial services helps banks and other financial institutions provide more a more convenient customer experience.

And while significant customer demand has led many banks to implement changes such as the transition from legacy to cloud-based solutions, these shifts also have the potential to create additional security risks.

For example, if we’re talking specifically about cloud migration, there’s need for additional security layers to protect organizations working with public cloud providers from the range of attacks targeting the financial sector: ransomware, account takeover, data theft and manipulation, phishing attacks, identity theft, and more.

Another example is the extensive use of third-party vendors, which has increased the risk of attack for organizations in the financial sector. Because third-party vendors enlarge the attack surface, they create more entry points to the system and make it harder to protect customer data.

 

Accelerating Detection & Response

By adopting an agile approach that supports continuous improvement, financial organizations can facilitate proactive identification of evolving threats and vulnerabilities in the wild. More specifically, by placing an emphasis on use case optimization – which starts by mapping out an organization’s threat detection gaps to a framework such as MITRE ATT&CK – enterprises can prioritize threats and invest their time and resources in mitigating risk more effectively.

For organizations transitioning to the cloud, what’s key is managing the migration process in a way that provides optimal visibility in the cloud and supports ongoing optimization at the enterprise level. Digital playbooks are a crucial tool in providing improved detection and response, creating automated or guided responses that allow faster, more effective, collaborative action.

The development and regular review of incident response plans similarly allows for efficient response in emergency situations and helps reduce the business impact of cyber-attacks.

 

Targeted Threat Intelligence

Threat intelligence that’s tailored to the financial services sector is another key component of timely detection and response. By working with expert Cyber Threat Intelligence (CTI) services, organizations can obtain up-to-date information about industry-specific threats in real time – information that is a highly valuable tool in strengthening the defense of an enterprise.

 

Cyber Hygiene

Employees make mistakes; after all, it’s only human. But these errors can lead to massive data breaches. For example, when someone clicks on a phishing email or leaves passwords for a company computer on a slip of paper that’s easily seen by the wrong person, the damage can be astronomical.

Providing regular cybersecurity training programs for employees can help minimize the risk of an accidental or careless action leading to cyber-attack. To be effective, training programs should not only explain how to spot cybersecurity risks like phishing emails but should also discuss how and where it’s safe to access company information.

Aside from employee training, there are fundamental cybersecurity-related decisions that should be implemented at the enterprise level such as Zero Trust, DevSecOps, and multi-factor authentication (MFA). From a policy perspective, for example, it’s crucial to enforce MFA for all applications. Moreover, technology-related vulnerabilities can be minimized through frequent patching and updates for systems. Audits, as well as vulnerability and penetration tests, must be conducted regularly.

 

For the Financial Sector, “Best Practices” are Key

With the growth in number and complexity of cybersecurity attacks on financial organizations and the increased risk of nation-state attacks, proactively approaching the question of cybersecurity and implementing “best practices” makes the difference in reducing the degree of risk to an enterprise.

By modernizing the SOC with a carefully navigated migration to the cloud, adopting continuous improvement of use cases and the development of digital playbooks that improve detection and response – as well as by leveraging targeted threat intelligence and maintaining strong cyber hygiene – enterprises can put themselves in a stronger position to minimize the potential business impact of a cyber-attack on their organizations.

 

Continue Reading

Top 10

IF IT’S A LOSS, YOU’RE TOO LATE – WHY THE INSURANCE INDUSTRY NEEDS TO FOCUS ON FIRST NOTIFICATION OF RISK

Published

on

By

Simon Dicks, Insurance Channel Manager EMEA, Lytx

 

Insuring commercial fleets can be an expensive business. Average repair costs have increased by up to 40% in the past 8 years and disputes about who was responsible can drive up expenditure for both fleets and insurers.

Part of the problem is that the insurance industry hasn’t had the tools to forecast costs and premiums accurately enough in this sector. Underwriting decisions are still made in the same way they always have been, by looking back at historical data from previous years. This approach simply isn’t giving insurance companies an accurate indication of potential risk – or a proper indication of the impact of driver behaviour.

Technology is helping insurers to an extent by providing information about First Notification of Loss (FNOL) – automatically sending notifications when unusual G-force readings are captured within a black box tracking device as a result of sudden braking or impact. This is good, but far better is the ability to use proactive technology to detect when an incident is at risk of occurring and when a driver is distracted.

The only way to address this is to put a highly accurate level of camera technology both inside and outside cabs, supported by sophisticated technologies such as Machine Vision (ML) and Artificial Intelligence (AI). This way, we can see not just that an incident has happened, but why it happened. What’s more, we can assess risk before an accident happens at all and prevent it happening in the first place. We call this First Notification of Risk (FNOR) – and it’s a whole step up from FNOL.

Machine Vision scans the internal and external environment of the vehicle to identify distracted driving behaviours such as mobile phone use, eating, drinking, smoking, inattentive behaviour or failure to wear a seatbelt. AI, comparing the behaviour against a vast bank of accumulated data, is then able to determine the riskiness of that situation and whether it needs to be flagged to the fleet manager, driver, or insurer via a short video clip. The big difference in this approach is that it’s proactive, not reactive. For the first time, fleets and insurers can identify adverse driving and distracted driving in real-time for the first time.

This includes the ability to alert drivers of any momentary slip-ups or distracted behaviours. Using the same technology, drivers will receive an audio or visual alert to help keep them on track and to lessen the likelihood of a moment’s distraction becoming anything more.

When insurers have access to these insights, they can also start to see patterns from the data over time. For example, a fleet manager might start to see that there’s a peak in risky driving behaviours on a Friday afternoon when lots of drivers are rushing to finish for the weekend. As a result, they may decide to spread the shifts differently so as to avoid that pattern of behaviour.

When insurers are only looking at FNOL, it’s already too late. A driver could be unthinkingly driving whilst smoking, on their phone, and nobody would never know. Whereas with FNOR, both managers and insurers are provided with insights that remove the guesswork, and underwriters have the information they need to assess risk with far greater precision.

There’s still a long way to go in making the move towards FNOR. With so many different companies selling cameras and telematics systems and producing information in hundreds of different formats, claims data will have to be standardised before the sector can really transform. However, by starting to embrace ideas like FNOR, the industry can move towards a solution that saves them time, money and lives.

To find out more, visit  www.lytx.com/FNOR

Continue Reading

Magazine

Trending

SET YOUR BUSINESS UP FOR SALES SUCCESS IN A POST-PANDEMIC WORLD SET YOUR BUSINESS UP FOR SALES SUCCESS IN A POST-PANDEMIC WORLD
Business2 days ago

SET YOUR BUSINESS UP FOR SALES SUCCESS IN A POST-PANDEMIC WORLD

Dean Fiveash, Head of FinTech Sales, IFX Without doubt the Coronavirus pandemic impacted every aspect of our lives and fundamentally...

THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT
Business2 days ago

THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT

Jennifer Sims, Senior Consultant at Xledger   The world of finance software is evolving quickly, but with many new software...

HOW RETURNS ABUSE AFFECTS RETAILERS HOW RETURNS ABUSE AFFECTS RETAILERS
Business2 days ago

HOW RETURNS ABUSE AFFECTS RETAILERS

By Aaron Begner, EMEA GM at Forter   Accompanying the significant growth in ecommerce over the past 12 months, is the...

TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER
News2 days ago

TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER TO BUILD INDUSTRY CHANGING REGULATORY TECHNOLOGY

Innovative fintech company, Tintra PLC(https://tintra.com/), has formed a joint venture with award-winning Artificial Intelligence and Machine Learning business, TMC2, via...

CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS
News2 days ago

CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS

The partnership will allow CellPoint Digital customers to incorporate Vyne into its payment ecosystem and access instant payments without a...

WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH
Business5 days ago

WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH

As online business grows exponentially, finally fulfilling the internet’s promise of a ‘global village’ in which anyone can buy and...

Business5 days ago

TAKE THE NO-CODE LEAP TO DIGITAL INNOVATION WITH A FUSION TEAM

Chris Obdam, CEO, Betty Blocks   In the last couple of years, a new sector has emerged alongside enterprise financial...

Finance5 days ago

HOW FINANCIAL ORGANIZATIONS CAN PROTECT THEIR DATA

Yuval Wollman, President, CyberProof and Chief Cyber Officer, UST   Top executives from Wall Street’s largest banks pinpointed cybersecurity as the...

Top 105 days ago

IF IT’S A LOSS, YOU’RE TOO LATE – WHY THE INSURANCE INDUSTRY NEEDS TO FOCUS ON FIRST NOTIFICATION OF RISK

Simon Dicks, Insurance Channel Manager EMEA, Lytx   Insuring commercial fleets can be an expensive business. Average repair costs have...

Business5 days ago

IDENTITY SECURITY IN THE ERA OF SOX

By Steve Bradford, Senior Vice President, EMEA, SailPoint   The Sarbanes-Oxley Act (SOX) is a federal law that mandates practices...

News5 days ago

EXPERIAN LAUNCHES VERIFICATION SERVICE TO SUPPORT FASTER, MORE ACCURATE LENDING DECISIONS

Work Report™ is the UK’s first service that automates the digital sharing of payroll information on behalf of the consumer...

News6 days ago

TENUREX AND ELUCIDATE PARTNER TO INCREASE FINANCIAL INCLUSION WORLDWIDE

TenureX and Elucidate have announced a strategic partnership with a mission to increase financial inclusion worldwide and tackle the laborious...

Banking6 days ago

WHY THE TIME IS NOW TO BANK BEYOND BORDERS

by Lili Metodieva, MD of Monneo   As our world becomes more interconnected, so too does the need for banking...

News6 days ago

PAYCAST PARTNERS WITH MARQETA AND MASTERCARD FOR NEW MARKETPLACE PAYMENT SOLUTION

Paycast will leverage Marqeta’s modern card issuing platform and the Mastercard network to empower marketplaces with payment solutions that help...

Finance1 week ago

HOW FS ORGANISATIONS CAN USE API-DRIVEN DATA AUTOMATION TO JOIN THE OPEN BANKING REVOLUTION

By Steve Barrett, Senior Vice President, International Operations at Delphix    Technology is rapidly transforming all industries across the world. However, for the...

Banking1 week ago

IT’S TIME FOR BANKS TO SIT THEIR CUSTOMERS DOWN AND TALK OPEN BANKING

Eugene Danilkis, CEO at Mambu   We are living in an experience economy, and banking is no different. Customers need...

Banking1 week ago

WILL CHALLENGER OR TRADITIONAL BANKS WIN THE SECURE CARD PAYMENTS BATTLE?

By Vince Graziani, CEO, IDEX Biometrics ASA   Challenger banks have shaken up the payment ecosystem in the last decade....

Banking1 week ago

TOP ITALIAN BANK ROLLS OUT FIRST OF ITS FULLY DIGITAL BRANCHES WITH AURIGA

Banca Carige Smart, the new intelligent branch model enabled by Auriga #NextGenBranch solutions , combines digitalisation with a human touch...

Banking1 week ago

HOW BANKS CAN PROTECT THEMSELVES AGAINST RANSOMWARE

Jay Ralph, Managed Cloud Global Sales Lead at SoftwareONE   We’ve seen a slew of high-profile ransomware attacks in 2021. From hackers...

News1 week ago

BLOCKERS TO BLOCKCHAIN ADOPTION LIFT FOR 65% OF FINANCIAL ORGANISATIONS

Four years of data from Visma | Onguard’s Fintech Barometer finds growing confidence in blockchain technology   65% of organisations...

Trending