Connect with us

Technology

THE “MOBIUS STRIP” OF CYBER SECURITY

Published

on

By Miles Tappin, Vice President, EMEA at ThreatConnect

 

Over the last few years, cyber criminals have become more agile and possess a higher quality of skill than ever before. However, these skills come at a cost to industries worldwide. According to the Allianz Risk Barometer 2020, companies now see cybercrime as the biggest threat to their business, taking the top spot for the first time and ranking above threats such as climate change, natural disasters and market developments.

With digital threats remaining front of mind for the C-suite, more needs to be done to ensure businesses are protected from the powerful effects that cyber crime can have on the bottom line, corporate reputation or day-to-day operations.

 

The rise of the “business savvy” hacker 

Awareness of digital threats is rapidly accelerating among businesses, but many aren’t prepared to tackle the mounting threats they now face.

According to David Ferbrache, Global Head of Cyber-Futures at KPMG and Chair of the National Cyber Resilience Board for Scotland, organised crime has become a lot less “crude” than it used to be. In essence, criminals are now becoming “business savvy” and are even undertaking reconnaissance missions to work out exactly who the best target is and how much they can extort.

Gone are the days of “hackers” being people who lurked in darkened rooms, anonymously terrorising the internet. They now want to be known as players in an evolving landscape who are taking advantage of your organisations’ pitfalls and planning far in advance to inflict the most amount of damage possible for maximum impact.

The main worry for the C-suite is that cyber criminals are getting smarter. They’re continuously learning from previous attacks, sharing insights and using this to exploit new vulnerabilities using emerging forms of technology. This continuous feedback loop is enabling them to act quicker.

For example, if a hack highlights a potential weakness, they will then target it in their next assault before organisations have a chance to respond. It becomes an ongoing cycle for the attackers. If the weakness isn’t fixed in time, then there is no doubt that it will continue to happen. Much to the dismay of organisations.

 

Threat intelligence informing operations

It’s long been argued that threat intelligence should inform operations when it comes to cyber security. This allows organisations to quickly identify threats and false flags, so security teams do not waste their time chasing down non-malicious communications. It should be noted that intelligence does not exist for its own sake. Intelligence, in particular threat intelligence, specifically exists to inform decisions for security operations, tactics and strategy. However, this relationship is not a one-way street.

Intelligence and operations should be cyclical and symbiotic. Intelligence informs decisions for operations resulting in actions being taken based on those decisions. Those actions, including clean-ups, further investigations, or other mitigations will create data and information in the form of artefacts. This includes lists of targeted or affected assets, identified malware, network-based indicators of compromise and newly observed attack patterns.

In turn, these artifacts can be refined into intelligence that can inform decisions for future operations. While some organisations do not have a formally defined intelligence function on their team, the concept of using what you know about the threat-space to inform your operations exists in all organisations. Regardless of whether an explicitly named threat intelligence analyst employee is on the payroll, the relationship between intelligence and operations is fundamental and present in all security teams.

 

Enter the “mobius strip”

With security risks and attacks set to increase year-on-year and the average annual cost to organisations ballooning, companies need to explore how they can make greater use of threat intelligence to respond to the new barrage of threats.

Threat intelligence may be the catalyst for taking an action or starting a process and informing how the process and decision making is done throughout. As threat intelligence drives your orchestrated actions, the result of those actions can be used to create or enhance existing threat intelligence. A feedback loop is created — essentially threat intelligence drives orchestration and orchestration enhances threat intelligence.

Increasingly, cyber security programmes are operating like a “mobius strip”, a continuous loop where intelligence informs operations and insights from these operations are fed back and form new intelligence. The “mobius strip” will prevent hackers in the long-term. By sharing important data between intelligence and operations it denies hackers the upper hand. Providing context to indicators during incident management is crucial to understanding what you might be dealing with and where it’s been seen before. At the same time, adding new intel generated from an incident or case back to your threat repository takes information that’s very relevant to your organisation and makes it available for future analysis.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

OPTIMISING DIGITAL EXPERIENCE IN AN INTERNET-RELIANT FINANCIAL SECTOR

Published

on

By

Tony Finn, EMEAR Lead, ThousandEyes

 

It would be unfair to say that the events of the last year have started a wave of digital change in the financial services (FS) sector. Speak to any leader within the industry and, although digital transformation looks different to each organisation, it was already high on the business agenda. That said, the pandemic has undoubtedly fast-tracked many FS firms to a complete digital overhaul. In fact, according to data, business adoption of digital services was propelled forward five years in a matter of weeks. For all FS organisations who have made the transition to remote sales and services, it has evoked a re-evaluation of everything from people and property, to technology.

Underpinning it all is the core focus on how to deliver an always on digital experience. Whether you’re a payment provider or stock brokerage, ‘business as usual’ is now dependent on this, without delay or failure.

That said, keeping customers happy and employees productive is increasingly difficult, with remote business adding another layer of complexity to an already intricate puzzle. Providing a good digital experience now relies on an intricate web of Internet, cloud and SaaS services – with many infrastructures lying outside of an organisation’s view and subsequently their control. With remote business here to stay, many are realising the need for increased control over both customers’ online experience and employees’ ability to access now business-critical SaaS applications.

 

Conservative to cutting-edge

According to EY’s UK Banking Cloud Adoption Index, before the pandemic hit, the majority of UK banks (80%) had moved less than 10% of their infrastructure to the cloud. As a highly regulated sector, financial services have traditionally been conservative about diving headfirst into new technologies.

Enter COVID-19. National lockdowns meant that a new approach to technology, particularly in IT, was necessary. With offices and branches closed, never before had FS organisations had to face almost all of their customer base and workforce accessing services and products online – and perhaps most importantly, outside of their IT perimeter.

Over a year has passed and a by-product of the pandemic is that many FS organisations are rethinking their entire business operations. At the end of last year, Capital One became the first major bank to exit all of its data centres, completely overhauling its IT environment in favour of AWS’ public cloud services.

But it’s not just technology choices that have irrevocably changed. Changes are also being made to both organisations’ real estate footprint and remote working policies, with banks already making work-from-home options permanent. As a result of the latter, we’ll see hybrid work strategies emerge with different category employee personas, including field, fixed, and flexi  workers – those who return to the office, those who continue to work remotely and then a combination of both.

 

An IT blindness dilemma

Navigating new employee preferences and consumer expectations for digital banking requires a  complex service delivery ecosystem, hinging on a multitude of external components including public and hybrid cloud, SaaS applications and the Internet. Finding the source of any performance and availability issues amidst a maze of internal and external dependencies is almost an impossible task. However, gaining visibility of what’s occurring within these networks is critical for businesses to achieve that all important user experience.

The challenge is that traditional monitoring tools can’t identify the problem quickly or provide insights into what’s going on outside an organisation’s four digital walls. You certainly can’t fix what you can’t see so, more often than not, IT teams are left scrambling to troubleshoot the issue. What’s more, customers and employees don’t see or appreciate this internal battle so a lack of sight into the root cause often leads to blaming of the product, rather than the network. Not only can a potential outage cause immediate problems in the form of lost employee productivity but it can result in more harmful damage to a FS organisation’s reputation, and ultimately its bottom line.

 

Getting digital experience right in the “next normal”

So, what’s the solution for FS businesses? To optimise digital experience, it’s all about understanding the health of global Internet networks, employee and customer applications, and everything in between. Financial services navigating the digital era post COVID, will need new solutions that provide the reach, visibility, and insight they need to get a holistic view of their entire digital service delivery ecosystem.

End-to-end visibility ensures that issues – happening both in and out of a business’ control – can be quickly pinpointed and mitigated. Sometimes this can take place even before customers are aware or are impacted. This level of visibility empowers IT teams to avoid any finger-pointing and quickly decipher root cause and have purposeful discussions with relevant parties such as service providers. What’s more, there are also advantages to this approach from a network planning perspective – something which many FS organisations will need to include in their IT strategies. Visualisation and scoring of performance across applications, groups of users and locations allows a better understanding of how critical employee services are performing from a benchmark perspective.

The pandemic has undoubtedly turned the financial services sector on its head. With restrictions in the UK slowly easing and optimism around the vaccine rollout, we will see employees return to offices and customers visit branches again this year. That said, some aspects of remote business are here to stay forever and we’re already seeing the impact of this on organisations’ priorities in relation to property, technology and people. Ultimately, success in this new digital-led future will depend on a business’ ability to provide a first-rate digital experience.

 

Continue Reading

Finance

CAN THE CLOUD REVOLUTIONISE FINANCE?

Published

on

By

By Walter Heck, CTO, HeleCloud 

 

The scale of the Cloud revolution that businesses have gone through over the last few years can’t be overstated. Across almost every industry, businesses that have migrated to the Cloud have seen increased revenues, higher productivity and were more prepared to face the challenges of the pandemic than those relying on legacy infrastructure.

However, one industry that has been slow to realise the potential of the Cloud has been finance. PwC found that 81% of banking CEOs were ‘concerned’ about adopting digital tools too quickly however,  even though 91% of hedge fund executives who adopted Cloud solutions stated that their chosen cloud solutions performed ‘better than expected’. Those sitting on the fence when it comes to the cloud can afford to do so no longer. The speed, security and efficiency offered by the cloud is already changing the face of finance, as it has so many industries before it.

 

How Cloud can help Finance?

Compliance continues to be an area that financial institutions of all shapes and sizes are spending an increasing amount of time and money on. The majority (71%) of large firms are cutting the size of their compliance departments while GDPR, Brexit and increased global economic sanctions make even simple tasks regulatory headaches. Compliance is also costing the finance sector more every year. Since the financial crash, Deloitte estimates Deloitte that compliance costs have increased by as much as 60% for retail and consumer banks.

Migrating to the Cloud can solve many of these compliance issues for financial service institutions. For instance, by leveraging modern technologies on the Cloud, such as Artificial Intelligence (AI) and Machine Learning (ML), organisations can ensure financial activities remain compliant with local regulations, no matter where the data is stored. AI can also process this data far quicker and more effectively than humans, ensuring compliance matters are solved quickly and with little room for error.

With companies downsizing their expensive compliance departments, while at the same time regulation increase, the role of Cloud-based automation in compliance is set to become even more important to the financial sector.

Financial institutions that utilise Cloud-based automation allow themselves the peace of mind that they are less likely to be faced with sanctions from regulators for unforeseen or unknown infractions when carrying out day to day activities. With the cost of non-compliance running into the billions every year, neutralising this threat has the potential to save significant amounts of money for the financial institutions who make the move to the Cloud.

 

Security

Data security is vital to the survival of financial institutions. With strict rules in place, and punishments for breaches from regulators and governments increasingly common. As the number of cyber-attacks continues to increase, and costly ransomware continues to put companies out of business, it is imperative that financial institutions take the necessary steps to secure their data.

Traditional on-premises storage and data management solutions of the type utilised by many financial institutions are frequent victims of various types of cyber-attack. Gartner research has shown that up to 60% fewer attacks occur on Cloud structures when compared to on-premises alternatives.

There are many reasons for this but one of the simplest is remote access. An IBM study highlighted that 95% of security failures at companies are due to human error. This can be anything from employees using unapproved third-party applications to being the victim of ‘spill over’ malware for an attack on a different company that bleeds onto another’s on-premises infrastructure. With data being stored and managed remotely, the Cloud offers fewer direct contact points between employees and valuable company data.

However, not all Cloud solutions are created equal and when going alone companies can often find themselves under-utilising the security benefits of the Cloud and leaving themselves vulnerable to threats. Selecting the right Cloud service provider is vital. Storing sensitive data on a Cloud service enabled and managed by an experienced, trustworthy partner, ensures that client and customer data remains safe and accessible without the litany of security issues that come with on-premises infrastructure.

 

Partnering with a Cloud enabler

The Cloud is already revolutionising finance in the way it has so many other industries. Big players such as JP Morgan and Goldman Sachs have started migrating core applications to the Cloud and setting up Cloud hubs in major American cities. Almost half (43%) of financial services decision makers have stated their intent to increase their reliance on the Cloud over the coming year as more and more finance professionals see the benefits that larger competitors are reaping from Cloud migration.

In periods of great change and uncertainty, it can be tempting to bury your head in the sand and stick to the way things are already being done. However, those who ignore the Cloud revolution leave themselves vulnerable in a rapidly changing and unforgiving business climate. An experienced Cloud services partner can help guide a business on its Cloud journey and ensure they receive all the security and productivity benefits the Cloud offers. With more and more major players moving processes and workflows onto the Cloud, it is up to each finance decision maker to change now, or be overtaken by their forward looking and savvy competitors.

 

Continue Reading

Magazine

Trending

Top 1022 hours ago

DOGECOIN MADNESS

by Nathalie Janson, Associate Professor at NEOMA Business School   After the unstoppable increase of Bitcoin (BTC) since January –...

Business22 hours ago

TOP TIPS FOR BOOSTING YOUR CASH FLOW AND BUSINESS IN 2021

Ian Gass, CEO at Agitate   Many small businesses are still dealing with the disruption caused by the pandemic. Improving financial...

Wealth Management22 hours ago

WHY COMPLICATED INCOME STRUCTURES SHOULDN’T PREVENT HIGH NET WORTH INDIVIDUALS FROM INVESTING IN PROPERTY

Mike Coates, Founder and CEO of Commercial Expert   An investor’s preference is usually to split their investment across different...

News23 hours ago

ENTRUST INTRODUCES ADAPTIVE ISSUANCE™ PRODUCTION ANALYTICS SOLUTION TO OPTIMIZE CARD ISSUANCE OPERATIONS

The new solution provides intelligent, data-driven insights to card issuers with Central Issuance systems for improved and timely management decisions...

Technology3 days ago

OPTIMISING DIGITAL EXPERIENCE IN AN INTERNET-RELIANT FINANCIAL SECTOR

Tony Finn, EMEAR Lead, ThousandEyes   It would be unfair to say that the events of the last year have...

Finance3 days ago

CAN THE CLOUD REVOLUTIONISE FINANCE?

By Walter Heck, CTO, HeleCloud    The scale of the Cloud revolution that businesses have gone through over the last few...

Business3 days ago

BRIDGING THE DIGITAL EMPLOYEE EXPERIENCE GAP

Matthew Sturman, senior technical consultant, AppLearn   While the financial sector was arguably some way along the digital transformation curve...

Business3 days ago

6 TIPS FOR KEEPING DATA SECURE WHEN WORKING FROM HOME

Tim Bandos, CISO at Digital Guardian   The importance of data in the financial sector has grown exponentially in recent...

Top 103 days ago

SOFTPOS: EVERYTHING KEY PLAYERS NEED TO KNOW ABOUT DEVICES

By François Drouard, SLM Terminal & Mobile and Emmanuel Desdoigts, Project Manager at Fime   SoftPOS solutions harness untapped potential...

Wealth Management3 days ago

WHAT DOES RETIREMENT MEAN TO YOU?

By Gary Fisher, Head: Member Education Services and Individual Consulting at Alexander Forbes   No matter your age or current...

Business3 days ago

HOW AN OUTDATED PROCUREMENT PROCESS WILL IMPACT CUSTOMER RETENTION

Never before has the business world been held to ransom by an invisible and yet totally disruptive force. We are,...

Technology3 days ago

DIGITAL TRANSFORMATION FOR FINANCE: LEADING WITH SAAS AND COLLABORATION TOOLS

Gary Duggan, VP Technology Solutions EMEA at Riverbed Technology   Throughout the pandemic, software as a service (SaaS) and collaboration...

Finance3 days ago

PREPARING YOUR HEDGE FUND FOR THE MODERN CYBERCRIMINAL

By: Simon Eyre, Head of Europe, Drawbridge   The familiar adage that “every organization is a target” when it comes...

Business3 days ago

UK READY TO SPEED UP THE DIGITAL TRANSFORMATION REVOLUTION

More than half of businesses set to accelerate projects due to pandemic British business is set for a digital revolution...

Finance3 days ago

ADAPTING YOUR ATTITUDE TOWARDS MONEY AS YOU AGE

By Buhle Langa, financial well-being consultant at Alexander Forbes   Much of financial wellbeing begins with the choices that we make...

News3 days ago

DELOITTE: 61% OF EXECUTIVES, DOUBLE PRE-COVID 19 LEVELS, FOCUSED ON TRANSFORMING WORK

Amid unprecedented workforce disruption from the COVID-19 pandemic, organizations are enacting radically new ways of working and operating – and the...

News3 days ago

FINCAD ANNOUNCES COMPREHENSIVE BOND DATA AND ANALYTICS SERVICE

Combines Market-Leading Derivatives Analytics Services with Data and Insight on Fixed Income Securities In One Simple Solution FINCAD, a pioneer...

News3 days ago

ALVEO ANNOUNCES NEW ESG DATA MANAGEMENT CAPABILITY TO HELP MEET SFDR REQUIREMENTS

Alveo, a leading financial data management solutions provider, announces new environmental, social and governance (ESG) data management functionality. The new functionality...

Business3 days ago

THE FUTURE OF REGULATION IS UNFOLDING IN YOUR UNSTRUCTURED DATA

By Simon Cole, CEO at Automated Intelligence.   When you picture the future of finance, what do you see? The...

News4 days ago

AGILE LEADERSHIP: HOW TO CLOSE THE ‘KNOWING-DOING’ GAP

Almost all organisations are looking for faster, smarter ways to deliver their mission critical programmes and/or recovering programmes that have...

Trending