Connect with us

Finance

THE FINANCIAL IMPLICATIONS OF CYBER CRIME

Barry O’Connell, General Manager EMEA at Trustwave

The modern-day robbery is no longer about criminals storming a bank wearing ski masks, brandishing firearms and filling bags with stolen cash. Instead, criminals now rely on more clandestine yet equally effective methods of stealing from financial institutions.

Figures from Trustwave’s 2019 Global Security Report (GSR) reveal that during 2018, the financial industry was the second most targeted by cybercriminals accounting for 11 percent of security incidents investigated by Trustwave; just seven percent lower than the retail sector which came in at number one. Supporting this finding, data from the Financial Conduct Authority (FCA) revealed under a Freedom of Information request by law firm RPC shows that reports of cyberattacks against institutions dramatically increased by a factor of five between 2017 and 2018.

Why the finance sector is heavily targeted

Cybercriminals follow the quickest and easiest route to money, so it is no secret financial institutions make prime targets. While the financial industry in general has leading-edge security deterrents and technologies in place, the potential windfall is undoubtedly worth the time and efforts.

Financial institutions also rely heavily on data for day-to-day operations – verifying users, processing transactions, making investments and so on. This data residing inside databases is considered as another form of currency that can be sold and traded on the dark market. And once successfully inside, the sheer volume of data traversing across the financial networks creates noise providing good cover for threat actors to partake in other illicit activities such as installing keyloggers or implanting malware with little chance of immediate detection. It is quite common for cybercriminals to stay hidden for several months or even years before discovery.

Favoured attack methods

Our GSR research shows that the most common method for gaining an initial foothold into organisations is through social engineering accounting for an astounding 46 percent of breach incidents. This is followed by weak passwords (14 percent) and exploiting applications’ vulnerabilities (13 percent).

The financial sector was the only environment compromised exclusively through corporate or internal networks as opposed to other vectors like website or third-party partners. This is not surprising as locking down access from the outside is typically a primary concern and usually well executed.

Social engineering comes in many forms, but email phishing is highly favoured because it can be leveraged in a variety of ways. This includes attached malware, or a malicious link embedded within the body of a document. Criminals also try to steal a user’s credentials through deception – for instance, masquerading as a member of IT requesting a username and password to resolve some fictitious problem.

Application vulnerabilities are being leveraged more frequently as potential doorways into institutions. Worryingly, 100 percent of applications tested for the GSR had at least one vulnerability. Most were considered lower risk however nine percent were considered high or critical risk, a significant amount to exploit. We only need to look back at EtnernalBlue, a vulnerability in Microsoft Windows that led to the devastating WannaCry ransomware outbreak of 2017 locking up thousands of machines and systems across the globe.

Best practices

If our research demonstrates anything, it is the necessity for an organisation to assess where its most valuable data is kept and its risk tolerance in order to plan security measures accordingly.

One of the first actions that should be taken is ensuring all operating systems and applications are running the latest versions, as out of date software is likely to contain exploitable vulnerabilities. Software risk assessment should happen in parallel with reviewing password strength, user authentication and expiration policies. Although we frequently read about ingenious hacks in the headlines, most breaches can be prevented by regular patching and strong password management.

Security education to spot phishing emails and other social engineering attempts is also crucial. The most advanced security technologies won’t prevent compromise if employees are blindly clicking on links in suspect emails. The chief executive down through the entire organisation should partake in regular training on how to spot social engineering and new techniques criminals are employing.  

If attackers do successfully penetrate an organisation, it is imperative they are detected and contained as quickly as possible. An incident response plan that is understood, practiced and frequently reviewed by key stakeholders will go a long way if such an event occurs. Much like natural disaster drills, understanding roles and what is expected during a real situation will limit impact significantly.   

Those who house hard currency or data of any value will always be a target for cybercriminals. As the threat landscape continues to evolve, financial institutions need to continually explore ways to improve their cybersecurity posture. Organisations that place equal focus on technology, people and processes, and the governance structures that tie those investments to key business risks, will have the best chance of keeping one step ahead.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

A CATALYST FOR CUSTOMER SATISFACTION AND GROWTH IN THE FINANCIAL SERVICES SECTOR

Peter Walker, EMEA CTO, Blue Prism

 

The financial services sector has undergone a period of rapid innovation over the past decade, with the rise of fintechs and digital banking solutions, which are much more agile than traditional banking options. On top of this, the sector is now also experiencing unprecedented effects due to the Covid-19 pandemic. Institutions must transform their core operations to address these industry disruptions, not only to meet the needs of today’s increasingly interconnected society, but also to help weather the impact of the virus.

In order to maintain a competitive advantage within the industry, satisfy the changing demands of their customers and meet intensifying regulations, Robotic Process Automation (RPA) technology can offer a way forward by providing a platform that runs Digital Workers – intelligent software robots that complete activities in the same way as humans, by mimicking and learning business processes like people do.

With the unprecedented surge in demand of business operations, work isn’t being delivered at its full potential, and at the pace required. People are increasingly unable to support businesses’ needs of extracting and formatting data into a number of different systems, as well as performing a number of tasks which are better suited to technology. This work can lead to stressful environments and errors in a highly regulated process.

 

Addressing the changes in the financial services landscape

Digital banking apps like Monzo and Starling have in the past few years transformed the way people handle their personal finances, and the banking solutions now available to customers means that they have become accustomed to seamless service.

Speed is everything in financial services, and against a backdrop of economic and political uncertainty, traditional banking institutions need to consider changing the way they operate. They must heed the example of digital natives and become more agile, so that they can quickly adapt to unforeseen circumstances in the market.

As the demand for the sector’s services increases in response to the government’s mandated initiatives, such as the Coronavirus Business Interruption Loan Scheme (CIBLS), companies will have to pivot their operations to keep pace with the changing landscape. We always hear about how sectors can digitally transform, and RPA-based Digital Workers can help companies to begin their digital transformation journey and accelerate that innovation.

Implementing Digital Workers

In this challenging climate, where traditional business models have changed overnight, organisations need to fulfil the demands of enterprise operations at the pace required to remain competitive. Increasingly, people won’t be able to support this demand on their own, and technology will plug the gap that humans cannot fill.

A lot of customer-facing activity in financial services is process-heavy by nature. It involves dealing with large amounts of sensitive information and adhering to strict processes, which creates a lot of admin. Strategically deploying Digital Workers and intelligent automation can help businesses to streamline a number of these admin tasks, such as processing loans and mortgage repayments. Automating this process frees up employees’ time so they can improve other areas of the business that automation alone can’t deal with.

Covid-19 has renewed the pressure on financial services organisations – not just simply by increasing the sheer volume of customer service calls, but also by introducing new operational stresses through remote working. Implementing automation technologies in a strategic way can help financial institutions get in better shape to cope, not just during this time of uncertainty, but in the long run. In a recent survey looking at how organisations around the globe are using Digital Workers to stay resilient, positive and competitive in this new economic reality, 95% of business decision makers in financial services revealed that they already have plans in place to extend their use of automation across their business.

 

Support during Covid-19

In response to the pandemic, Blue Prism has set up the Covid-19 Response Programme, donating Digital Workers and services to assist across a number of sectors, including on the front lines of the health emergency, transportation and financial services. These deployments illustrate how RPA can help – as by using Digital Workers, business will be able to maintain business continuity and provide the necessary services to citizens during this difficult time.

During the Covid-19 pandemic, Leeds Building Society has turned to Blue Prism’s RPA technology to rapidly increase its deployment of Digital Workers, helping it to cope with the high demand for mortgage holidays. Mortgage payment holiday requests now exceed 2,000 a day and this is all now being handled by the RPA solution, reducing calls to the contact centre by 75% and providing answers to most of these requests within 21 seconds. This allows front-line colleagues to focus on delivering better customer experiences, and back-office processing teams to work on other priorities for the business. Most importantly, at a time of profound uncertainty when many people are under financial pressure, it helps to quickly resolve their issues.

For a long time, the financial services sector has been slow to adopt new technologies which could speed up internal processes, primarily due to the need to comply with regulatory requirements. Yet automation can help these organisations to adjust to rapid regulatory changes. For example, by helping them to audit their data and processes. Without automation technology, businesses might have to recruit and train temporary staff or hire support from a business process outsourcing provider, which could come at a significant cost.

 

The future of automation in the sector

Financial services perform a vital role in our economy. But the pandemic also provides an impetus for organisations in the sector to transform their operations, and automation has huge potential when it comes to this transformation. By 2024, Gartner predicts that automation technologies will replace almost 69% of the managers’ workloads. The Covid-19 crisis could be a catalyst to hasten the migration of routine and rote business processes and help the sector to keep pace with the changing economic environment, as well as rising consumer demands.

 

Continue Reading

Finance

2020: THE YEAR OPERATIONAL RESILIENCE AND CYBER-RISK TAKE CENTRE STAGE IN FINANCIAL SERVICES

Miles Tappin, VP of EMEA for ThreatConnect, explores how financial providers can build a cyber security strategy that enables operational resilience

 

Financial institutions are operating in a new digital landscape. New disruptive technologies – from Artificial intelligence (AI) to crypto-currencies and big data – have driven change and innovation. In retail banking, new fintech providers have seized the opportunity to offer personalised services and challenge existing providers. For example, Klarna, has successfully disrupted the payments sector and is now established as Europe’s biggest fintech firm. It has quickly emerged as an alternative to credit cards since bursting onto scene, allowing consumers to shop now and pay later with retailers, such as H&M, Ikea and Zara.

To compete with the rising number of fintech providers and fulfil growing consumer expectations, traditional financial institutions are developing robust digital ecosystems that can deliver omnichannel service models. However, it’s becoming clear that the pace of technological change is a double-edged sword. It enables innovation and change but it is also one of the most destructive forces in the financial services ecosystem today.

 

Financial services emerge as a hotbed for cybercriminals

2020 has emerged as a defining year for cybersecurity in the financial services industry. It started with an unprecedented attack against Travelex where hackers successfully took some of the currency providers offline for nearly a month. Then came Coronavirus which sparked a new wave of malware and phishing threats. Research from VMware Carbon Black Cloud revealed that threats against financial institutions have surged by 238% since the start of the pandemic.

The renewed interest from cyber criminals comes at a time when regulators are paying close attention to the resilience of the sector. After a string of IT failures and breaches, financial organisations in the UK have been given a mandate from regulators to improve operational resilience. This means ensuring business models can withstand disruptive events from hackers or adversaries and quickly recover to protect the stability of financial systems.

In December 2019, the UK’s financial regulators published a series of consultation papers outlining their proposed approach to achieving greater operational resilience. The proposals suggested that financial institutions will be required to map out the systems and processes that support business services in order to identify any potential vulnerabilities that would pose a risk to the stability of the UK financial system or the firm’s standing.

 

A mandate for change

Where cybersecurity used to be a classic back-office concern, it’s now a central part of digital strategies and a key pillar of both reputation and customer retention – financial legislation leaves no room for failure. All financial institutions need to ensure they have full visibility of their systems and can detect any potential threats.

The challenge for financial institutions is making the security tools they have purchased separately work together in tandem. Security teams buy a firewall, an email filter, threat intelligence feeds, antivirus software or enhanced endpoint protection, and whatever else they need individually. Each of them does a good job but they don’t talk to each other and valuable time is lost tending to individual systems that become a burden to run. At the same time, running multiple security systems is expensive. The more systems you have, the more highly skilled staff you need to manage them, and they’re few and far between.

 

Improving intelligence sharing across borders and communities

To reduce complexity and simplify decision making, financial organisations need to unify processes and technology to harness the security intelligence that comes from across their own security programmes and external sources to drive down risk. However, no financial institution can tackle the problem alone. Experienced threat actors using advanced techniques are constantly targeting the financial sector. The industry needs to come together as a whole to foster a sense of collaboration and data sharing.

In the same way that financial institutions have introduced open banking to deliver a fairer service to customers, the same needs to apply to security – all parts of the financial ecosystem need to unite and share information to learn from one another and succeed in the fight against adversaries that operate across borders.

By sharing alerts on cyber hazards and risk across financial institutions and with law enforcement, government agencies and other relevant authorities, it’s possible to build industry specific insights into cyber security threats and quickly pivot to gain more information on those specific threats and threat actors. By working together, a picture can be painted on threats coming from all manner of malicious activity, from malware to ransomware, to phishing and software vulnerabilities.

 

Breaking down barriers

Having the right intelligence is not enough to ensure that intelligence is turned into action. Breaking down information and process silos across security teams allows financial organisation to analyse and act on the most pertinent information. Everyone has access to the risk and threats that matter most, and orchestration and automation of response helps overwhelmed security teams prioritise response plans and improve efficiencies in their security programme.

Integrating internal security tools and technologies, while also connecting to external sources of intelligence, creates a single source of intelligence that feeds operations and enables organisations to direct action against the threats that matter most. The outcomes of those actions further feed intelligence, providing the ability to further refine the efficacy of the entire security lifecycle.

This approach provides a continuous feedback loop for the people, processes and technologies that make up the security programme. It allows financial institutions to keep up with threat actors that have consistently adapted their methods to profit at the expense of the financial industry. Something that won’t stop anytime soon.

 

Continue Reading

Magazine

Partner Events

Trending

Technology1 min ago

ARTIFICIAL INTELLIGENCE AND WORKFORCE: PROSPECTS AND PREDICTIONS

Back in the day, Artificial Intelligence (AI) was just a pipe dream that people could only see in The Back...

Business4 hours ago

HOW TO FIX A PROBLEM LIKE WIRECARD IN 60 HOURS

By Shachar Bialick, Founder and CEO Curve   On Friday 26 June, the Financial Conduct Authority suspended its permission for Wirecard...

News6 hours ago

THE INVESTMENT IMPLICATIONS OF CLIMATE RISK – AN INVESTMENT MAN-AGER’S VIEW

In the final release of its three part series on climate risk, leading independent fixed income manager, Cameron Hume, looks at how attitudes to climate risk...

News6 hours ago

AURIGA, PROVIDER OF NEXT-GEN BANKING TECHNOLOGY, OPENS ITS FIRST OFFICES IN SPAIN AND MEXICO

Specialising in omnichannel banking and cybersecurity, the Italian company continues its international expansion with two new offices in Madrid and...

Interviews6 hours ago

HOW NEW TECH START-UP IS SHAKING UP THE IT CONTRACT MARKET

Neil How, CEO and Co-founder, ten80   1. What is ten80? ten80 enables cost savings on SAP/software projects by an...

Traditional Banks Traditional Banks
News7 hours ago

HOW CAN LENDERS LEVERAGE OPEN BANKING DATA TO TACKLE COVID-19 PANDEMIC CHALLENGES

Will Hurst, Head of Commercial Development at Monevo, looks at how lenders are trying to leverage Open Banking data and...

Business7 hours ago

A CATALYST FOR CUSTOMER SATISFACTION AND GROWTH IN THE FINANCIAL SERVICES SECTOR

Peter Walker, EMEA CTO, Blue Prism   The financial services sector has undergone a period of rapid innovation over the...

Top 105 days ago

WHY INDONESIA IS THE WORLD’S NEXT DIGITAL PAYMENTS BATTLEGROUND

Kelvin Phua, Global Head of Payment Networks at PPRO   The COVID-19 outbreak has seen the e-commerce sector surge. Despite...

Business5 days ago

HELPING SMES ACCESS FINANCE IN EXTRAORDINARY TIMES

Tim Vine, Head of Credit Intelligence at Dun & Bradstreet   The closed doors of businesses have become a sadly...

Business5 days ago

DO MESSAGING APPS PUT THE FINANCIAL SERVICES INDUSTRY AT RISK?

Ashley Friedlein, founder and CEO, Guild   Accelerated by the coronavirus pandemic, the use of messaging apps for professional communications...

Business6 days ago

HOW PREVENTING AND MITIGATING FRAUD CAN IMPACT YOUR CUSTOMER RELATIONS

Matt Mascherin, Solutions Engineer, Enterprise Sales Americas, Syniverse   Texting has become a staple of modern life and is so...

Finance6 days ago

2020: THE YEAR OPERATIONAL RESILIENCE AND CYBER-RISK TAKE CENTRE STAGE IN FINANCIAL SERVICES

Miles Tappin, VP of EMEA for ThreatConnect, explores how financial providers can build a cyber security strategy that enables operational...

Wealth Management6 days ago

HOW RESILIENT IS YOUR ORGANISATION’S SECURITY?

Kimon Nicolaides, Digital Services Group Head at MASS   Organisational security can be thought of like peeling the layers of...

News7 days ago

INTERNATIONAL BANKING NETWORK EXPANDS AS IT WELCOMES STANDARD CHARTERED BANK

IBOS Association (IBOS), an international banking network, is delighted to announce its newest member to the group, Standard Chartered Bank....

Wealth Management7 days ago

HOW TO CATCH UP ON YOUR RETIREMENT SAVINGS

By Gerard Visser, Certified Financial Planner at Alexander Forbes For many South Africans who were already finding it difficult to save...

Technology1 week ago

ARTIFICIAL INTELLIGENCE AND FUTURE OF TECHNOLOGY

Ashish Jain, CEO, Future FX   Artificial Intelligence refers to machine intelligence that is programmed to think like humans and...

Finance1 week ago

GROWTH OF FINANCIAL MARKETS AND TECHNOLOGY

Ashish Jain,CEO, Future FX   The economic development of any nation completely depends on its financial structure both in long...

Banking1 week ago

NO SAFE HARBOUR FOR DIGITAL BANKING

by Konstantin Bodragin, Business Analyst and Digital Marketing Officer at Bruc Bond   At the beginning of 2020, the future...

Business1 week ago

CAN TECHNICAL INNOVATION HELP FINANCIAL SERVICES FIGHT BACK AGAINST FINANCIAL CRIME?

By Charlie Roberts, Head of Business Development, UK, Ireland & EU at IDnow   It’s no secret that the financial...

News1 week ago

ARE MIDDLE EAST ENTERPRISES PREPARED FOR THE FUTURE?

Deloitte releases 2020 tech trends report   Deloitte’s 11th annual report on technology trends captures the intersection of digital technologies, human...

Trending