Connect with us

Business

THE FUTURE OF REGULATION IS UNFOLDING IN YOUR UNSTRUCTURED DATA

Published

on

By Simon Cole, CEO at Automated Intelligence.

 

When you picture the future of finance, what do you see?

The end of bricks and mortar banking?

A cashless society?

Cryptocurrency payments?

How about data-driven regulation?

Technological advancements don’t just impact the finance industry; they have repercussions for regulators too. The future of finance is on its way, and along with it, the future of regulation. While financial services firms have been embracing digital transformation during the pandemic, they’ve accumulated more data than ever. And this means regulators have had to develop their own data driven approach.

So, what does this mean for firms? Regulators will want to see intelligent data management strategies and tools in place to manage the influx of information. Firms now hold an increasing amount of sensitive information, much of it coming under the category of unstructured data. Without proper management, businesses run the risk of leaving their datasets open to corruption and theft.

Simon Cole

The implementation of new IT infrastructure demands systems and protocols for dealing with risks. Regulators will need to see governance and risk management frameworks that minimise risk for customers, stakeholders, and the business’s reputation.

There is some good news, though. Most firms already have all the information they need to deal with the regulatory future and meet evolving standards of compliance. All they need to do is take control of their unstructured data.

 

Understanding the push towards data-driven operations

When fintech first arrived on the scene, the industry was encouraged to behave like the tech giants in Silicon Valley: move fast, and break things. Firms were excited about the potential of this technology, and the market rushed to implement it into their infrastructure.

In 2020, financial firms shifted to cloud native architecture in response to global lockdowns. As customers demanded more digitised services, they produced an increasing amount of data. Combined with the existing backlog of unstructured data many financial services firms are yet to deal with, the need for intelligent data management solutions has never been greater.

The pandemic changed how the financial services industry uses data. And the FCA is beginning to change the way they manage data, too.  We recently held a data and compliance summit, where our FCA panellist, Steve Green, shared how the regulatory body is investing in skills for handling granular data, so that firms no longer need to aggregate.

Many organisations struggle with the justification of data collection, and as Steve highlighted, better defined taxonomy for the data they’re collecting will illuminate some of these processes for financial firms.

It’s also worth mentioning that the FCA is dealing with significantly more firms. The rise of challenger banks and various finance start-ups means there’s an increasing need for regulation. Automation has enabled regulators to divert their existing resources to more organisations with standardised reporting.

Complex systems require updated methodologies of management. It’s no wonder Suptech – supervisory technology regulators can use to monitor market risks – is on the rise, as regulatory bodies shift their operations to reflect data driven economies. While financial firms embrace regulatory tech, regulators employ supervisory tech to ensure they capture every detail.

The problem is, when you move fast and break things, sooner or later someone needs to clean up the mess. In the aftermath of a rapid switch to fully digital operations during the pandemic, we’re likely to see regulatory and security loopholes in systems that haven’t been properly vetted.

While financial firms were focused on getting operations up and running, data management probably took a back seat. As one of our panellists highlighted at our virtual data and compliance summit – there are only two types of business; those who have been breached, and those who don’t know they’ve been breached.

It’s time for financial services firms to get a handle on their data. The majority of which, is now unstructured, and tricky to collate and analyse manually. Firms embraced technology to help them move their operations online in 2020, now it’s time to embrace the technology that can help them take control of their data.

 

A new environment

As we’ve already explored, new tech creates new risks. Many firms are using cloud systems for the first time, and human error is virtually unavoidable in this situation. Businesses are learning as they go along, which is fine until regulatory compliance is overlooked, and security operations are no longer fool proofed.

Firms need to employ data management strategy and systems that keep up with the new pace. It’s not enough to implement new IT infrastructure without addressing regulatory compliance at the same time. Reported cyber-security incidents increased by 50% in the beginning of 2020, as employees spent time getting comfortable with new systems, and hackers took advantage of the unexpected digital transition.

Regulators need to see that firms have systems and protocols in place that mitigate these risks. And with remote working likely to remain popular, and digital services favoured by customers, firms need a comprehensive overview of their entire data estates to protect sensitive information.

Understanding how regulations map together is critical, too. GDPR highlights the right to be forgotten but combine this with the European anti-money laundering directive, and customer transactions must be kept for five years. Which is why firms need to bring their entire unstructured data estate into one single perspective, where they can map and address regulations.

Without an overarching data management platform monitoring regulatory compliance, new IT infrastructure could be doing more harm than good. If firms want to get the most out of their new intelligent systems, they need to understand them inside out. Implementing a smart data management platform will tell them everything they need to know about the impact new IT infrastructure has on their compliance and data protection status.

If firms want to prepare for the future of regulation, they need to start with their unstructured data present.

 

Business

A lack of training and email security solutions is contributing to a rise in email threats targeting the finance sector.

Published

on

By

Mike Fleck, Senior Director, Sales Engineering at Cyren

 

Email remains the most popular and successful attack vector in the digital landscape, the reason being because it is simply the most commonly used digital communication channel across the globe. On average, over 330 billion emails are sent every day. The sheer volume-and the fact that almost every employee within an organisation uses email- makes this channel a popular target for potential security threats. Finance organisations use email not only for internal communication but also for customer service interactions and marketing. A banking survey in 2021 showed that over 76.8% of users consider email as the primary channel for communicating with banks. That’s why financial institutions are at the frontline of email-driven security risks.

In order to attain more insight into the email threats targeting the financial sector and the potential remedies, we talked to Mike Fleck at Cyren, a leader in enterprise email security solutions.

  1. What do you see as the main reason for the continued increase in successful email threats targeting the financial sector?

Email threats have become much more dynamic over the years.  Although phishing continues to be the most common attack vector in the domain of email threats, the mix of breaches attributed to email attacks has expanded significantly in recent times. In our latest benchmark research, we surveyed 226 organisations that use Microsoft 365 for email. We found that compared to 2019, there was a 71% increase in ransomware-driven email attacks, 44% increase in phishing attacks, and 49% increase in credential compromise attacks. Phishing is no longer the only path for email threats, as attacks are now being driven by multiple sophisticated methods, which evidently leads to more successful threats.

Mike Fleck

The financial sector has always had a red mark on its back to threat actors, mainly because of the highly sensitive information and valuable assets managed by financial organisations. Email serves as the most vulnerable and easily compromised access point for threat actors, which is why the number of email breaches has massively increased over the years. Our research found that the number of email breaches across all organisations has almost doubled each year over the past three years.

Although most organisations are using email client plug-ins for reporting suspicious messages, only 22% of the organisations stated that they analyse all reported messages for malicious content, leaving a major gap in awareness and threat response. Our survey showed that inefficient threat response and a lack of urgency is the most concerning factor for security managers. Threat actors are consciously aware of these shortcomings, which is why they are able to frequently launch successful email attacks targeting the financial sector.

  1. Why is the email channel so appealing for fraudsters, and what are the techniques they use to target financial service organisations in this way?

Historically, email has always been the primary channel for business communication, and as businesses continue to attain cloud-based services, email has become a productive norm for file-sharing and communication. Email channels also integrate easily with any cloud application, facilitating businesses to pursue more productive interactions. There is also the fact that email is accessible to most personnel regardless of their technical ability.

This flexibility and continued dependency on email is also the reason why it is an appealing channel for threat actors. Because email channels are integrated with almost every organisation’s platform, breaching an email allows cybercriminals to backtrack into critical network infrastructure and compromise valuable assets. Most threat actors tend to target the user rather than the system, and email channels are used by almost every employee in a financial organisation regardless of their experience, role, technical awareness, or skills. Therefore, targeting emails allow threat actors to utilize a much wider attack surface.

Another major reason is breaching the email channel is far less complex than breaching secured network endpoints and access firewalls. With techniques like social engineering and phishing, threat actors often don’t have to use significant resources or complex methods to breach employee email accounts. Our research showed that phishing is still the most used technique by attackers; 69% of all email breaches were due to phishing attacks. Other frequent techniques were Microsoft 365 credential compromise (60%), malware (59%), and ransomware (51%).

The means of carrying out these attacks are also easily accessible and available to almost anyone. Threat actors can buy a ransomware kit for as low as $66, and phishing kits are available for as little as $20. So, even the most inexperienced attackers can use such tools to exploit the email accounts of users and gain access to the critical resources of financial organisations.

Simply put, email provides a direct and economical path to the weakest point of every organisation’s cybersecurity program – its people.

  1. How important is proactive security awareness training when it comes to defending against email attacks?

The previous consensus was that email threats thrive on the user’s lack of awareness. Cybersecurity leaders believed that the “last mile” problem of phishing attacks can be solved if employees are able to detect and avoid fraudulent emails. Frequent awareness training is important to help employees stay up to date on evolving email attacks and identify malicious content or messages more easily. Over 99% of organisations offer awareness training, but only one in seven organisations offer training monthly or more frequently.

The dynamics of the attack vectors and techniques change constantly with the emergence of new technologies and vulnerabilities. Without frequent training, employees won’t develop a conscious awareness of email threats. We found that organisations that offer email awareness training every 90 days or more frequently, are less likely to fall victims to phishing, business email compromise (BEC), and ransomware attempts.

Our research also showed a correlation between frequent training and email reporting frequency. Organisations that offer frequent training also experience a high rate of malicious or suspicious email reports – meaning that employees become more conscious and aware of the potential threats. That’s why frequent proactive awareness training is critical for protecting against email attacks. However, organisations need to appreciate that a higher volume of reported emails will result in a higher number of alerts that Security Operations Centre analysts must investigate.

  1. What are the steps you would recommend financial organisations take to implement effective inbox security solutions that bolster their cyber resiliency immediately?

Financial organisations need to act quickly when responding to a potential threat, as even a fractional security breach can cause unprecedented damage to its assets. Organisations are beginning to realise that employees fall victim to these scams because they are busy and distracted – not because they are apathetic or gullible. Also, relying on employees to spot and report suspicious messages is not a complete or efficient solution to the problem. Employees do not consistently report every threat, and what alerts they do generate have a false positive rate of at least 41%. In addition to constant awareness training, organisations must incorporate effective inbox security solutions to increase their cyber resiliency.

When implementing effective inbox security solutions, financial organisations must consider the response and reporting time.  They must choose solutions that can detect threats in real time and automate the response to those threats for quick remediation.

An effective approach for financial leaders is to invest in automated solutions that can detect and remove social engineering threats in real time. Automated inbox security solutions can continuously scan inbound and outbound email folders, including their contents such as URLs and web pages. Such solutions can detect and report anomalies, resulting in real-time detection. Automated threat response solutions can strengthen the built-in security capabilities of the email gateway, such as Microsoft 365 Defender. Combining automated solutions with the existing threat response framework can optimise the response process and significantly reduce the time and cost of threat investigation.

 

Continue Reading

Business

Automation: the future of supply chains?

Published

on

By

By Andrew Scargill, Logistics Operations EMEA at Digital River

 

Caught between the chaos of coronavirus and fallout from Brexit, international supply chains are under serious strain. Add into the mix a global labour shortage that shows no sign of abating, and the cross-border flow of goods is set to get even trickier.

As economies reopen post-pandemic, employers across all sectors are struggling to fill vacancies. The residual consequences of COVID-19 are a big part of this — the public health emergency has fundamentally altered how and where people want to work. Britain’s departure from the European Union is also a factor, with UK companies unable to freely draw on the continent’s vast workforce like before.

Such is the interconnected nature of global commerce, upsets in one market can be felt thousands of miles away. And so, lacking the staff to pick, pack, load, and deliver their products, businesses around the world are facing a festive season that’s far from jolly.

 

Keeping up with demand

As brands navigate these colossal challenges, they are also working to meet customer demand that saw unprecedented growth as the pandemic took hold and continues to rise.

Last year, as lockdowns were called and public life retreated behind closed doors, shoppers took to the internet like never before. A peripheral interest for many people prior to the pandemic, eCommerce was suddenly a necessary part of everyday life.

Shoppers have grown accustomed to rock-bottom prices and next-day delivery. This raises the obvious question: can supply chains continue to meet customer expectations amid an era of unprecedented disruption?

The answer is yes — but it’ll require some serious investment in innovative new technologies, and it could come with a cost shoppers and brands aren’t willing to pay.

 

Robots to the rescue?  

The merits of AI and machine learning are well documented: smart systems can speed up menial tasks, reduce the risk of human error, drive higher levels of productivity, and help businesses bolster their bottom lines.

There is, however, a human cost to the advance of automation, with fewer paying positions for real people. This is particularly pronounced in key supply chain sectors, such as warehousing.

Today, storage and distribution facilities are huge providers of jobs — but tomorrow, that may not be the case. So-called ‘dark warehouses’, great fulfilment centres staffed by semi-autonomous robots, are developing fast.

Whereas human workers require power-hungry lights to operate, machines can pick and pack products perfectly well in the dark, allowing this new breed of warehouse to run twenty-four hours a day, seven days a week.

 

Customers’ call

Such a continuous operation would offer clear commercial benefits. But what of the warehouse’s human workforce?

That, ultimately, is a question that companies must address with guidance from their customers. While shoppers want that last minute late-night order delivered the very next day, they are increasingly concerned about company values, including how an employer treats its staff.

If customers are truly worried about robots taking workers’ jobs, they would have to commit to paying a little more or waiting a little longer for delivery from a brand committed to human employees. That is assuming shoppers are even aware of what level of automation is involved in fulfilling their order.

Customer demands are directing how companies adopt new supply chain technologies, with those that improve service and provide a better buying experience coming out on top.

To really tap into the needs and wants of their customers, businesses must leverage data in a meaningful way. This means utilising data mining tools that can help predict buying patterns, allowing brands to finesse supply chains so that the right products are in the right place at the right time. Attention to creating more efficiencies in supply chain through data and automation could lead to more jobs in engineering, design, management and repair.

Get this right, and businesses will have their customers on board as they explore new supply chain technologies and the potential of automation.

 

Continue Reading

Magazine

Trending

News2 days ago

Wombat partners with Currencycloud to launch its new, free Instant Investment service to open up investing for a wider market.

UK-based micro-investment platform Wombat has partnered with Currencycloud, the experts in simplifying business in a multi-currency world, to launch its...

Business2 days ago

A lack of training and email security solutions is contributing to a rise in email threats targeting the finance sector.

Mike Fleck, Senior Director, Sales Engineering at Cyren   Email remains the most popular and successful attack vector in the...

Top 102 days ago

Insurance providers must be ready to tackle quote manipulation as potential fraud rises

Sam Marsh, director, product management at LexisNexis Risk Solutions Insurance As road fuel costs reach a record high[i]  and inflation...

News2 days ago

Urban Company rolls out health insurance for service professionals in partnership with ACKO Insurance

Health insurance plan to benefit 40,000+ service partners in India Service partners can avail up to 12 free-of-cost online doctor consultations in a year...

Finance2 days ago

Main Factors Accelerating API Security Risks in Financial Services

By: Yaniv Balmas, VP of research at Salt Security   The API ecosystem is exploding and nowhere has API delivery...

Business2 days ago

Automation: the future of supply chains?

By Andrew Scargill, Logistics Operations EMEA at Digital River   Caught between the chaos of coronavirus and fallout from Brexit,...

News2 days ago

Can intelligent automation ensure the survival of the insurance industry?

Eric Tyree, SVP of AI and Innovation, SS&C Blue Prism   The economic viability of the insurance industry’s current business...

Business2 days ago

Time to make your energy future more predictable

– Alistair Booth, MD, Ortus Energy   UK businesses have a real opportunity to lock-in some energy certainty as a...

Top 103 days ago

Signals: Simplifying Trading Experiences

by LegacyFX Trading signals are a way for investors to indicate that the market is moving in a specific direction....

News4 days ago

Rivery Raises $30M B Round of Venture Funding from Tiger Global

With data needs growing and data talent scarcity, there is huge demand for Rivery’s 100% SaaS solution to create an...

Banking5 days ago

Wealth Managers and the Future of Trust: Insights from CFA Institute’s 2022 Investor Trust Study

Author: Rhodri Preece, CFA, Senior Head of Research, CFA Institute   Corporate responsibility is more important than ever. Today, many...

Interviews6 days ago

Q&A with Andréa Jacquemin, founder and CEO of Beamy

Beamy is a fast-growing scale-up that focuses on pioneering a new approach to SaaS management for large companies. Founded in...

News1 week ago

How to reignite your store with streamlined operations and a distinctive customer experience

Colin Neil, MD, Adyen UK   Retailers know that prioritising customer experience is vital to success today. This, amongst the...

Business1 week ago

5 tips to ensure CSR efforts come across as genuine

By Mick Clark, Managing Director, WePack Ltd   Corporate social responsibility – or CSR – is playing an increasingly pivotal role...

Business1 week ago

How to Build Your Credit Up Safely

by Taylor McKnight, Author for Compare Credit   What Is Credit? Credit is money owed by a person that allows...

News1 week ago

PCI DSS Compliance in the Cloud – Everything you should know

Introduction PCI DSS 4.0 is the latest and updated version of PCI DSS that was introduced on March 31st, 2022....

Banking1 week ago

2022 ESG Investment Trends

Jay Mukhey, Senior Director, ESG at Finastra   Environmental, Social and Governance (ESG) themes have been front and center throughout...

Business1 week ago

PROTECT THE VALUE OF YOUR SAVINGS AND AVOID RISING INFLATION PRESSURE

Planning for the next financial year? Former Bank Manager and successful whisky investor, Roger Parfitt, tells us why cask ownership is...

Technology1 week ago

UK Organisations turn to artificial intelligence to fight sophisticated cyberattacks

New research by cybersecurity expert Mimecast finds that email attacks are becoming more frequent and sophisticated More and more companies...

Finance1 week ago

The power of diversity: The need for female role models in FinTech

By Isavella Frangou, VP of Sales and Marketing, payabl.   As our world is constantly evolving, it’s easy to believe...

Trending