Connect with us

Finance

THE FUTURE OF FINANCIAL SERVICES IN THE DIGITAL AGE

Published

on

By Gurpreet Purewal, Associate Vice President Thought Leadership, iResearch Services

 

The pandemic has changed the face of financial services and banking, especially in the short-term. Financial service organisations have had no choice but to accelerate their digital service offerings to cater to the older generation of customers who found themselves unable to enter a physical store because they fell into the high-risk category of Covid-19.

However, through the many trials and tribulations of an unprecedented year, financial service providers and banks have emerged stronger with an increase in consumer sentiment, often being praised for their efficiency and understanding of many Covid related issues.

In January 2021 iResearch conducted a survey into how banks and FS firms should look forward to a post-Covid world and develop upon goodwill to create a trusting, transparent and technology-focused strategy, improving communication with customers and increasing market share. Over 1,000 consumers were polled as part of the nationwide survey.

As the vaccination programme is now well into its tens of millions, and the UK moves along the government’s lockdown exit roadmap, what will financial services of the future look like? Have the digital advances of 2020 changed how banks and FS firms communicate with customers, forever more?

 

How to get digital transformation right

To demonstrate the scale of the opportunity for firms that ‘get digital right’, there are now more people than ever accessing their services through online channels. For example, research found that more than 90% of people aged over 60 have used online banking for the first time during the Covid-19 pandemic. In comparison, 17% of people aged under 30 said they were accessing services via an app or web browser for the first time. A real life example of this is how you can now sign loan agreements and other financial documents online or through a mobile app, significantly speeding up the process and more flexibility for customers.

Gurpreet Purewal

More than half (54%) of respondents said they are less likely to attend a physical branch after the pandemic. This demonstrates a seismic shift in the way people will access banking services now and into the future.

But with lockdowns and branch closures, are these new digital customers doing so willingly, or because they have no choice? The results show us that banks must work harder to earn the trust of older customers who are less familiar with online services. The overwhelming majority (97%) of 18–24-year-olds said they trust their bank with their data, compared to only 33% of people aged over 66.

 

Capitalising on goodwill

Almost two-thirds (63%) of respondents said their bank acted in their best interests during the pandemic, but a third said they would consider switching their bank for better, more personalised communication.

Asked how financial service organisations can improve their communication with customers, ‘connecting on a personal level’ ranked highest, followed by ‘more honest and open dialogue’, a ‘demonstration of how they are helping customers’, ‘more creative campaigns’, ‘consistent messaging across channels’ and finally ‘responsiveness to major events’.

Before the Covid-19 pandemic, it may have been difficult for banks with hundreds of thousands of customers to achieve personalised communication, yet the globe has, for the last 12 months, been going through a shared experience. According to research from Motista, consumers that have made an emotional connection with a brand will be more loyal than those that did not, staying as repeat customers for on average 5.1 years versus 3.4 years. They will also recommend and refer brands to their friends and family 20% more times than those that did not make that connection.

Therefore, the need to develop tailored communications, driven by purpose and meaning, are demanded by customers and must be front of mind for communications strategies going forward.

While banks have spent huge time, money and resource in bolstering their digital estates, it is clear that communication – that often intangible yet entirely controllable factor – can be the difference between success and failure in the post-Covid world.

The results clearly demonstrate the lasting impact of Coronavirus on how people will access banking services from now on. As a consequence, financial service firms will be required to refocus on really understanding customer needs in order to engage with the different requirements of each individual customer. The good news is that banks and financial services have the tools at their disposal to create campaigns driven by genuine industry insight to win the hearts and minds of customers.

Many of the effects of the past year continue to be felt and as we emerge from the rubble of 2020, a continuation of support is essential. Retail banking may have been changed by the pandemic in its functionality but perhaps the banking and financial service sector’s real differentiator can be seen in its customer interaction. Meaningful, empathetic communication and leveraging digital to better understand customer’s needs, has never been so important.

 

Business

A lack of training and email security solutions is contributing to a rise in email threats targeting the finance sector.

Published

on

By

Mike Fleck, Senior Director, Sales Engineering at Cyren

 

Email remains the most popular and successful attack vector in the digital landscape, the reason being because it is simply the most commonly used digital communication channel across the globe. On average, over 330 billion emails are sent every day. The sheer volume-and the fact that almost every employee within an organisation uses email- makes this channel a popular target for potential security threats. Finance organisations use email not only for internal communication but also for customer service interactions and marketing. A banking survey in 2021 showed that over 76.8% of users consider email as the primary channel for communicating with banks. That’s why financial institutions are at the frontline of email-driven security risks.

In order to attain more insight into the email threats targeting the financial sector and the potential remedies, we talked to Mike Fleck at Cyren, a leader in enterprise email security solutions.

  1. What do you see as the main reason for the continued increase in successful email threats targeting the financial sector?

Email threats have become much more dynamic over the years.  Although phishing continues to be the most common attack vector in the domain of email threats, the mix of breaches attributed to email attacks has expanded significantly in recent times. In our latest benchmark research, we surveyed 226 organisations that use Microsoft 365 for email. We found that compared to 2019, there was a 71% increase in ransomware-driven email attacks, 44% increase in phishing attacks, and 49% increase in credential compromise attacks. Phishing is no longer the only path for email threats, as attacks are now being driven by multiple sophisticated methods, which evidently leads to more successful threats.

Mike Fleck

The financial sector has always had a red mark on its back to threat actors, mainly because of the highly sensitive information and valuable assets managed by financial organisations. Email serves as the most vulnerable and easily compromised access point for threat actors, which is why the number of email breaches has massively increased over the years. Our research found that the number of email breaches across all organisations has almost doubled each year over the past three years.

Although most organisations are using email client plug-ins for reporting suspicious messages, only 22% of the organisations stated that they analyse all reported messages for malicious content, leaving a major gap in awareness and threat response. Our survey showed that inefficient threat response and a lack of urgency is the most concerning factor for security managers. Threat actors are consciously aware of these shortcomings, which is why they are able to frequently launch successful email attacks targeting the financial sector.

  1. Why is the email channel so appealing for fraudsters, and what are the techniques they use to target financial service organisations in this way?

Historically, email has always been the primary channel for business communication, and as businesses continue to attain cloud-based services, email has become a productive norm for file-sharing and communication. Email channels also integrate easily with any cloud application, facilitating businesses to pursue more productive interactions. There is also the fact that email is accessible to most personnel regardless of their technical ability.

This flexibility and continued dependency on email is also the reason why it is an appealing channel for threat actors. Because email channels are integrated with almost every organisation’s platform, breaching an email allows cybercriminals to backtrack into critical network infrastructure and compromise valuable assets. Most threat actors tend to target the user rather than the system, and email channels are used by almost every employee in a financial organisation regardless of their experience, role, technical awareness, or skills. Therefore, targeting emails allow threat actors to utilize a much wider attack surface.

Another major reason is breaching the email channel is far less complex than breaching secured network endpoints and access firewalls. With techniques like social engineering and phishing, threat actors often don’t have to use significant resources or complex methods to breach employee email accounts. Our research showed that phishing is still the most used technique by attackers; 69% of all email breaches were due to phishing attacks. Other frequent techniques were Microsoft 365 credential compromise (60%), malware (59%), and ransomware (51%).

The means of carrying out these attacks are also easily accessible and available to almost anyone. Threat actors can buy a ransomware kit for as low as $66, and phishing kits are available for as little as $20. So, even the most inexperienced attackers can use such tools to exploit the email accounts of users and gain access to the critical resources of financial organisations.

Simply put, email provides a direct and economical path to the weakest point of every organisation’s cybersecurity program – its people.

  1. How important is proactive security awareness training when it comes to defending against email attacks?

The previous consensus was that email threats thrive on the user’s lack of awareness. Cybersecurity leaders believed that the “last mile” problem of phishing attacks can be solved if employees are able to detect and avoid fraudulent emails. Frequent awareness training is important to help employees stay up to date on evolving email attacks and identify malicious content or messages more easily. Over 99% of organisations offer awareness training, but only one in seven organisations offer training monthly or more frequently.

The dynamics of the attack vectors and techniques change constantly with the emergence of new technologies and vulnerabilities. Without frequent training, employees won’t develop a conscious awareness of email threats. We found that organisations that offer email awareness training every 90 days or more frequently, are less likely to fall victims to phishing, business email compromise (BEC), and ransomware attempts.

Our research also showed a correlation between frequent training and email reporting frequency. Organisations that offer frequent training also experience a high rate of malicious or suspicious email reports – meaning that employees become more conscious and aware of the potential threats. That’s why frequent proactive awareness training is critical for protecting against email attacks. However, organisations need to appreciate that a higher volume of reported emails will result in a higher number of alerts that Security Operations Centre analysts must investigate.

  1. What are the steps you would recommend financial organisations take to implement effective inbox security solutions that bolster their cyber resiliency immediately?

Financial organisations need to act quickly when responding to a potential threat, as even a fractional security breach can cause unprecedented damage to its assets. Organisations are beginning to realise that employees fall victim to these scams because they are busy and distracted – not because they are apathetic or gullible. Also, relying on employees to spot and report suspicious messages is not a complete or efficient solution to the problem. Employees do not consistently report every threat, and what alerts they do generate have a false positive rate of at least 41%. In addition to constant awareness training, organisations must incorporate effective inbox security solutions to increase their cyber resiliency.

When implementing effective inbox security solutions, financial organisations must consider the response and reporting time.  They must choose solutions that can detect threats in real time and automate the response to those threats for quick remediation.

An effective approach for financial leaders is to invest in automated solutions that can detect and remove social engineering threats in real time. Automated inbox security solutions can continuously scan inbound and outbound email folders, including their contents such as URLs and web pages. Such solutions can detect and report anomalies, resulting in real-time detection. Automated threat response solutions can strengthen the built-in security capabilities of the email gateway, such as Microsoft 365 Defender. Combining automated solutions with the existing threat response framework can optimise the response process and significantly reduce the time and cost of threat investigation.

 

Continue Reading

Finance

Main Factors Accelerating API Security Risks in Financial Services

Published

on

By

By: Yaniv Balmas, VP of research at Salt Security

 

The API ecosystem is exploding and nowhere has API delivery accelerated as much or as fast as in financial services. Leveraging APIs, financial services organisations can innovate and quickly bring to market unique customer experiences and services. While more than three-fourths of software developers say API development is or will be a top business priority, the figure is even higher in financial services – topping all other industries at more than 80%.

Because successful attacks are so lucrative against financial institutions, they have always been a top target. The growth of the API economy has made the financial sector an even bigger target, which is why minimising API security risks has become the top priority.

Four factors are driving the urgent need for better API security in financial services:

  • API usage in financial services is increasing
  • API attacks threaten digital transformation initiatives
  • API security incidents hurt customer trust
  • Traditional security solutions don’t protect APIs

API Usage Will Increase Even More

In financial services, the high-growth trajectory of APIs will continue to rise. With each use case and new service, the number of APIs in a typical financial services company grows ever higher.

APIs provide the required data connection to support today’s mobile financial applications and peer-to-peer payment systems. APIs are at the center of open banking. APIs enable financial services companies to standardise how they connect and exchange data, allowing consumer financial information to be instantly shared across organizations and third-party service providers. With different partners and technology suppliers, API connections are being continuously added to the financial ecosystem.

For financial services, that means even more APIs and a continuously growing attack surface that must be adequately protected.

API Attacks Threaten Key Business Initiatives

Open banking gives consumers more choices and convenience to address their financial needs. It also increases competition across the financial services industry and generates new revenue avenues. In addition, open banking provides more traditional financial institutions the opportunity to compete with faster-moving fintech companies.

Moreover, in financial services, Covid has hastened the adoption of digital transformation, including mobile and remote banking. In a pandemic-mandated stay at home world, consumers made their needs clear. They want integrated services and the ability to connect their financial lives when and where they desire. This requires banks and other finance companies to roll out new capabilities or risk becoming obsolete and losing customers and revenue.

Digitalisation has become a critical business initiative and is increasingly important in financial services. However, without the ability to protect the data being used within these services, financial organisations lose that opportunity entirely. Financial data breaches can cost the business in lost revenue from new opportunities and cause irreparable harm to an organisation’s brand.

Just a single API attack has the potential to wipe out all the gains made from an organisation’s digital transformation.

API Security Incidents Damage Consumer Trust

In financial services, the costs of lost trust can be high. Salt Labs, the research arm of Salt Security, provides ongoing API vulnerability research. In its latest report, Salt Labs uncovered a server-side request forgery (SSRF) flaw on a large fintech platform that provides a wide range of digital banking services to hundreds of banks and millions of customers.

The vulnerability had the potential to compromise every user account and transaction data served by its customer banks. Imagine the leaking of customers’ banking details and financial transactions and users’ personal data or, worse, unauthorised funds transfers into the attackers’ bank accounts.

None of these nightmares came to be, because Salt Labs found the problem before a bad actor did, and all issues have been remediated. But this type of exploit, had it occurred, would have likely caused irreparable reputational damage – not to mention financial losses, theft, and fraud.

The nature of financial services applications is to exchange sensitive financial and customer data, making APIs a high-stakes asset requiring protection.

Traditional Solutions Don’t Deliver Adequate API Protection

Most financial services companies have sophisticated runtime security stacks with multiple layers of security tools, such as bot mitigation, WAFs, and API gateways. These traditional tools provide foundational security capabilities and protection for traditional applications; however, they lack the context needed to identify and stop attacks that target the unique logic of each API.

Attacker activity looks like normal API traffic to traditional tools, such as WAFs, API gateways and other proxy-based solutions. The architecture limits them to inspecting transactions one at a time, in isolation, and beyond rate-limiting. They also depend on signatures to detect well-known attack patterns. If the transaction does not match a known attack signature, the WAF will send it through. Since each API is unique with unique vulnerabilities, signatures cannot help prevent API attacks.

API security requires big data to capture all API traffic and artificial intelligence (AI) and machine learning (ML) to continuously analyse the large volumes of API traffic. Without continuous analysis of API traffic, you cannot understand normal behaviour for each unique API and gain the context required to pinpoint attackers.

In addition, while open banking defines standards around how APIs should be structured to enable predictable integrations and communications, open banking provides no standard to meet the majority of API security requirements. Moreover, basic controls, such as authentication, authorisation, and encryption, fall short of meeting API security challenges.

API Security at the Forefront for Financial Services

APIs have become essential for financial services to meet changing consumer expectations and innovate to remain competitive. At the same time, APIs are now the most frequent attack vector. In the past 12 months, 95% of organisations experienced an API security incident, and API attack traffic grew 681% – more than twice as fast as overall API usage traffic.

Therefore, financial services organisations must put API security at the forefront to protect this growing attack surface. To do so requires dedicated API security tooling for the entire API lifecycle that provides continuous attack surface visibility, early attack prevention, and automated insights for continuous API improvement.

Continue Reading

Magazine

Trending

News2 days ago

Wombat partners with Currencycloud to launch its new, free Instant Investment service to open up investing for a wider market.

UK-based micro-investment platform Wombat has partnered with Currencycloud, the experts in simplifying business in a multi-currency world, to launch its...

Business2 days ago

A lack of training and email security solutions is contributing to a rise in email threats targeting the finance sector.

Mike Fleck, Senior Director, Sales Engineering at Cyren   Email remains the most popular and successful attack vector in the...

Top 102 days ago

Insurance providers must be ready to tackle quote manipulation as potential fraud rises

Sam Marsh, director, product management at LexisNexis Risk Solutions Insurance As road fuel costs reach a record high[i]  and inflation...

News2 days ago

Urban Company rolls out health insurance for service professionals in partnership with ACKO Insurance

Health insurance plan to benefit 40,000+ service partners in India Service partners can avail up to 12 free-of-cost online doctor consultations in a year...

Finance2 days ago

Main Factors Accelerating API Security Risks in Financial Services

By: Yaniv Balmas, VP of research at Salt Security   The API ecosystem is exploding and nowhere has API delivery...

Business2 days ago

Automation: the future of supply chains?

By Andrew Scargill, Logistics Operations EMEA at Digital River   Caught between the chaos of coronavirus and fallout from Brexit,...

News2 days ago

Can intelligent automation ensure the survival of the insurance industry?

Eric Tyree, SVP of AI and Innovation, SS&C Blue Prism   The economic viability of the insurance industry’s current business...

Business2 days ago

Time to make your energy future more predictable

– Alistair Booth, MD, Ortus Energy   UK businesses have a real opportunity to lock-in some energy certainty as a...

Top 102 days ago

Signals: Simplifying Trading Experiences

by LegacyFX Trading signals are a way for investors to indicate that the market is moving in a specific direction....

News4 days ago

Rivery Raises $30M B Round of Venture Funding from Tiger Global

With data needs growing and data talent scarcity, there is huge demand for Rivery’s 100% SaaS solution to create an...

Banking5 days ago

Wealth Managers and the Future of Trust: Insights from CFA Institute’s 2022 Investor Trust Study

Author: Rhodri Preece, CFA, Senior Head of Research, CFA Institute   Corporate responsibility is more important than ever. Today, many...

Interviews6 days ago

Q&A with Andréa Jacquemin, founder and CEO of Beamy

Beamy is a fast-growing scale-up that focuses on pioneering a new approach to SaaS management for large companies. Founded in...

News1 week ago

How to reignite your store with streamlined operations and a distinctive customer experience

Colin Neil, MD, Adyen UK   Retailers know that prioritising customer experience is vital to success today. This, amongst the...

Business1 week ago

5 tips to ensure CSR efforts come across as genuine

By Mick Clark, Managing Director, WePack Ltd   Corporate social responsibility – or CSR – is playing an increasingly pivotal role...

Business1 week ago

How to Build Your Credit Up Safely

by Taylor McKnight, Author for Compare Credit   What Is Credit? Credit is money owed by a person that allows...

News1 week ago

PCI DSS Compliance in the Cloud – Everything you should know

Introduction PCI DSS 4.0 is the latest and updated version of PCI DSS that was introduced on March 31st, 2022....

Banking1 week ago

2022 ESG Investment Trends

Jay Mukhey, Senior Director, ESG at Finastra   Environmental, Social and Governance (ESG) themes have been front and center throughout...

Business1 week ago

PROTECT THE VALUE OF YOUR SAVINGS AND AVOID RISING INFLATION PRESSURE

Planning for the next financial year? Former Bank Manager and successful whisky investor, Roger Parfitt, tells us why cask ownership is...

Technology1 week ago

UK Organisations turn to artificial intelligence to fight sophisticated cyberattacks

New research by cybersecurity expert Mimecast finds that email attacks are becoming more frequent and sophisticated More and more companies...

Finance1 week ago

The power of diversity: The need for female role models in FinTech

By Isavella Frangou, VP of Sales and Marketing, payabl.   As our world is constantly evolving, it’s easy to believe...

Trending