Connect with us

Technology

THE THREAT OF CYBER SECURITY BREACHES AND WHY BUSINESSES ARE PLAYING CATCH-UP WHEN IT COMES TO PROTECTION?

Published

on

CYBER SECURITY

Graham Wedgbury, cyber insurance specialist at Lycetts

 

Cyber security is experiencing an expeditious climb up the business agenda, thanks chiefly to more stringent data protection laws and in response to the omnipresent and ever-evolving threat of attack.

Despite an increase in awareness and a general shift from reactive to proactive security measures, many businesses are still playing catch-up when it comes to protection.

The somewhat ‘invisible’ threat of cyber breaches or attack is still a relatively new concept for businesses, so traditional business risks may still take precedence and priority – resulting in a reticence to redirect resources and invest in defences.

But as technology continues to develop at an exponential rate, so too do the opportunities to exploit vulnerabilities, extort funds and expose businesses. In essence, the more we take advantage of the growing technologies to make our business run smoothly, the more vulnerable we become to over-reliance on those very systems should they fail.

According to the Mandiant M-Trends 2020 report, cyber criminals are becoming more innovative and varied in their approach, with 41% of the malware families observed in 2019 identified as new.

The report also found that the discovery time – the duration between the start of a cyber intrusion and it being identified – was 56 days.  Though an improvement, thanks largely to law changes in Europe, 12% of investigations continue to have discovery times of greater than 700 days.

The report also highlighted the need for vigilance, particularly in the case of businesses who have been previously attacked, with one third (31%) of victims experiencing another attack within 12 months.

In this digital age, businesses can ill-afford to take a fragmented, disjointed or lacklustre approach to cyber security and should remember that fulfilling legal requirements and having a holistic cyber security strategy are not one and the same.

CYBER SECURITY

Graham Wedgbury

The rise in remote working, cloud computing and BYOD, along with more sophisticated and less easily detectable methods of attack, from phishing to malware, further compounds businesses’ exposure to cyber risk and underlines the need for more robust measures to prevent a breach and a plan of action should it occur.

 

SMEs don’t ‘fly under the radar’

A common misconception when it comes to cyber security is that some businesses are too small or insignificant to suffer an attack or be a target.

Almost one quarter, (23%) of UK businesses have no governance measures, such as cyber security policies, an external cyber security provider, staff members covering information security or governance, or a business continuity plan, according to the UK government’s Cyber Security Breaches Survey.

The most common reason given is that they consider themselves too small or insignificant to warrant such measures (35%), followed by cyber security not considered being enough of a priority (21%), and not considering cyber-attacks to be a significant risk (19%).

However, being a small operation has no bearing on vulnerability.

Most companies are in the same situation, with SMEs making up 90% of businesses worldwide (World Bank).

The very fact that smaller businesses are less likely to take cyber security seriously could make them an attractive target.

It would also be remiss to dismiss cyber security on the basis that it is not relevant – be it on size or nature of the business.

Companies may see themselves as ‘offline’ but, according to a study commissioned by Deloitte, 99% of SMEs say they use at least one digital tool in their day-to-day operations.

From using a computer to operate, and having a company website, to storing data in the cloud, or using employee email addresses, there are a great number of seemingly ‘innocuous’ cyber risks that leave businesses exposed and vulnerable.

Businesses should remember that an attack can not only be costly, but can negatively impact on the business’ reputation, brand, employee morale and relationships with investors – it has the potential to cause irreparable damage.

 

Calling out for clarity

It takes more than a recognition of a problem to effect change.

One of the stumbling blocks for businesses is a lack of knowledge or direction when it comes to becoming more cyber-secure.

For others, they may not have quite grasped the severity of the impact of attacks, due to the relative infancy of cybercrime, making security an afterthought or low on their priority list.

According to the Cyber Security Breaches Survey, around three in ten businesses (32%) say they are not sure how to act on the advice they have seen or heard around cyber security, whilst just seven per cent of businesses have sought out government or public-sector information.

This perceived lack of clarity on what businesses should be doing, or uncertainty of what is relevant to individual businesses, is reflected in the low number of businesses investing in specific cyber security insurance.

Just one in ten (11%) of businesses say that they have a specific cyber security insurance policy, and a further 15% of businesses said they have previously considered but ruled out having cyber insurance.

Top reasons for not having cyber insurance include a lack of awareness of cyber insurance (23%) and considering themselves to have too low a risk to warrant it (22%).

For those who did have specific cyber policies, motivation went far beyond potential loss, with access to breach management team and forensic teams, proof of diligence and peace of mind key drivers.

Whilst basic crime policies cover fraudulent online attacks, they have limitations.  Often selected as ‘bolt-ons’ to conventional policies, they do not address the full range of exposure, leaving gaps.

Only specialist cyber policies provide the comprehensive protection needed in the events of attacks, including data breach, cyber extortion, the cost of professional assistance in mitigating loss, the costs of fines, and in some cases, ransom payments.

The cyber insurance market is becoming more dynamic, in response to evolving need and demands, with many insurers and brokers now helping customers with contingency planning, establishing an understanding of the implications of cyber breaches, evaluation of risk, and putting security measures and crisis action plans in place, should the worst happen.

Many cyber security insurance policies also provide swift legal and public relations advice post-breach, to help companies decide how and when to communicate an incident to their customers.

With active groups on the increase and methods becoming more aggressive, one thing is clear; complacency when it comes to cyber security is not an option for businesses – all organisations are vulnerable to attack, no matter how large or small, and should take steps to protect themselves.

 

Business

Green growth: The unstoppable rise of climate technology investment

Published

on

By

With the investment community focusing more and more on renewable technologies, investor interest is at an all-time high. Ian Thomas, managing director, Turquoise, reviews the current investment landscape and highlights the opportunities for investors keen to capitalise on this growing trend.

Green, or climate, finance is a label for providers of finance who are supporting investments seeking positive environmental impact. The label covers investments in green infrastructure, venture capital investment in clean technologies and renewable energy. Green finance has grown by leaps and bounds in recent years, supporting public wellbeing and social equity while reducing environmental risks and improving ecological integrity.

Worldwide, energy investment is forecast to increase by 8% in 2022 to $2.4 trillion, according to a new report by the International Energy Agency, with the expected rise coming mostly from clean energy – $1.4 trillion in total. To put this rocketing figure into some perspective, clean energy investment only rose by 2% annually in the five years following the signing of the Paris Agreement in 2015. Energy transition investment has some way to go, however – between 2022 and 2025, to get on track for global net zero, it must rise by three times the current amount to average $2,063 billion. [1]

Turquoise has been active for almost 20 years as a venture capital investor and adviser to companies in the climate technology space that are raising capital and/or selling their business to a strategic acquirer. Reviewing current industry investment news, as well as drawing on examples from the portfolio of Low Carbon Innovation Fund 2 (LCIF2), managed by Turquoise, I have commented below the latest on the renewable energy trends most piquing investor interest.

 

Solar PV

Renewable power is leading the charge when it comes to investment, with wind energy and solar PV emerging as the cheapest option for new power generation across many countries, and now accounting for more than 80% of total power sector investment. Solar power is responsible for half of new investment in renewable power, with spending divided roughly equally between utility scale projects and distributed solar PV systems.

This huge increase in solar spending, which continues in spite of supply chain issues affecting raw material delivery, has been driven by Asia, largely China (BloombergNEF, 2022). Meanwhile, Europe is re-doubling its efforts to achieve an energy transition away from Russian gas and other fossil fuels, building on investment that was already rising steadily prior to the outbreak of war in Ukraine. Germany, the UK, France and Spain all exceeded $10 billion on low-carbon spending in 2021.[2]

 

Wind

Last year was a record year for offshore wind deployment with more than 20GW commissioned, accounting for approximately $40 billion in investment. The first half of 2022 saw $32 billion invested in offshore wind, 52% more than in the same period in 2021 (BloombergNEF, 2022). Taking into account also onshore wind, in 2021 investment was spearheaded by China, followed by the US and Brazil.[3]

In the UK, suggested targets include plans to host 50GW of offshore wind capacity, as well as 10GW of green and blue hydrogen production, by 2030. Investors will naturally be encouraged by proposals to simplify the planning process across the board for renewable projects.[4] France and Germany have also increased their offshore wind targets, signalling further support for investment.

 

Decarbonising housing: the business opportunity

The need to decarbonise residential housing, made all the more urgent by current energy prices, also offers substantial scope for investment. The gas price spike is naturally increasing interest in technology such as electric heat pumps, which had already enjoyed 15% growth in 2021 albeit from a very low base.

Recently, Turquoise announced an investment by Low Carbon Innovation Fund 2 (LCIF2) in Switchd, which operates MakeMyHouseGreen, a data-driven platform that allows homeowners to source and install domestic renewable energy generation, including solar panels and battery storage with other energy saving products in the pipeline. The investment will enable Switchd to roll out the MakeMyHouseGreen platform to a much larger number of customers. The latest episode of the Talks with Turquoise podcast series saw us interview Switchd co-founder Llewellyn Kinch about the UK energy market and national transition to decarbonisation, covering the rise of residential renewable energy and energy efficiency.

 

Adapting to the low-carbon economy

Meanwhile, investors should not forget opportunities on the other side of the energy market. Renewables are undoubtedly exciting investors, but there are also opportunities for fossil fuel companies to adapt their business models to the low-carbon economy. Turquoise advised GT Energy, a portfolio company from our first fund that develops deep geothermal heat projects, on its sale to IGas Energy, a leading UK onshore oil & gas producer. Under IGas ownership, GT Energy will progress its flagship 14MW project to supply zero-carbon heat to the city of Stoke-on-Trent through a council-owned district heating network.

 

A broad investment landscape

Forecasts show that renewables will increase to 60% of power generation in Europe by 2030, and 40% in the US and China by the same date.[5] As demand rises for climate technology, the investment opportunities in green finance are far broader than they ever have been. Undoubtedly, as the energy crisis continues, investor interest will continue to soar to even greater heights.

[1] https://www.iea.org/news/record-clean-energy-spending-is-set-to-help-global-energy-investment-grow-by-8-in-2022
[2] https://ihsmarkit.com/research-analysis/global-power-and-renewables-research-highlights-july-2022.html
[3] https://dialogochino.net/en/uncategorised/56938-global-wind-energy-council-vice-chair-brazil-offshore-wind-accelerating-2/
[4] https://www.edie.net/uks-clean-energy-investment-ranking-rises-after-government-sets-95-low-carbon-electricity-target-for-2030/
[5] https://www.spglobal.com/en/research-insights/featured/energy-transition-renewables-remain-the-cornerstone-of-future-power-generation

Continue Reading

Business

A Culture of Cyber Security Throughout Financial Services Organisations

Published

on

By

Michael Cantor, CIO, Park Place Technologies

Financial Services organisations have long been a top target for cyber-attacks given both the nature of their financial transactions and the sensitivity of the data being held and processed. It is not just the digital transactions themselves that entice cyber criminals to regularly try and breach existing security protocols. Financial Services’ organisations hold full Personally Identifiable Information (PII) data sets of customers, including home addresses, social security numbers, banking details, transaction history, phone numbers, email addresses, and income information.

When breaches occur with this level of dependency information, cyber criminals can go on to easily access accounts, copy payment cards and make fraudulent purchases. Unsurprisingly, breaches are incredibly bad news and high impact in this sector as they undermine customer confidence, create large compensation cases, and regularly cause large fines for non-compliancy of data protection regulations (GDPR).

CISOs and Risk Managers

Creation of a complete culture of cyber security that spans right across financial establishments has therefore been a high priority for CISOs and Risk Managers in the finance arena, who find themselves at the forefront of the fight to engineer, foster and encourage a culture of pervasive cyber security awareness. These financial CISOs are the risk management

Michael Cantor

professionals who live and breathe with the knowledge that any lapse by any employee can leave the entire organization exposed and vulnerable, and who understand the importance and safety that adherence to a detailed cyber security plan, unique to their organization, brings. Financial establishments and financial services have, more than any other sector, seen heightened advances in digital innovations through internet banking, mobile apps, and instant payments – and all occurring within a relatively short timescale.  Such fast adoption of new technology platforms can cause a perfect storm of vulnerabilities largely through lack of familiarity, potentially increasing the finance industry’s attack vector.

Given the scope of the threat, no one CISO or group of cyber security specialists can be completely responsible for stemming attacks or changing employee behaviours. The requirement to create a pervasive culture of accountability for cyber security in finance has never been more critical with such a surge in digital innovation. Some CISOs struggle to gain immediate internal acceptance of cyber initiatives as they invariably increase extra security processes or in more extreme scenarios, can initially decrease productivity levels as users grapple with additional layers and verifications. Instead, CISOs should embark on a graduated path of security sensitivities. There are three routes in this journey that CISOs need to develop.

Understanding Roles

First, if they are to successfully increase defences, CISOs need to fully understand roles and processes in the existing regime to understand why and when job functions rely on systems that could pose and increase vulnerabilities. Secondly, as with all successful change, CISOs should spend the first months of cyber change initiatives on the ground, familiarising themselves with workflows and identifying suitable departmental ‘champions’ who can act as envoys or ambassadors. They will become practical flag bearers for ongoing change who will be on-point for communications for threat handling and remediation. These departmental cyber champions will also field questions and interactions about cyber concerns, as you would with a local Health and Safety Officer. Creating any true culture change needs to facilitate two-way communications from day one and needs to embrace everyone, so selecting the right team is essential. Recognised accredited cyber training relevant to the expected outcomes of a cyber ambassador is critical here as responsibilities move outside of IT. Not only does individualised cyber training bring empowerment and extra capabilities internally, but it leads to personal recognition that reflects positively on future career opportunities.

Once a thorough understanding and a development of a network of cyber ambassadors has occurred, CISOs need to quickly move to developing extra employee security practices and providing direction on ongoing cadences. But these new or enhanced security prevention measures invariably add to the time that it takes for employees to finish jobs. Collective attitudes towards prioritising cyber – and by extension, creating a cyber culture – can only be changed by first educating employees on the importance and rationale in changing behaviours or methods of completing a task. This education process can take many forms, starting with various impacts via a series of simple simulated attacks that provide anonymised responses back to risk professionals to highlight gaps in knowledge and provide early indicators on how easily breaches can occur and how fast new cyber processes can be adopted. Additionally, real world documented examples are often used to show how breaches have been catastrophic in similar sized organisations. Ongoing interactive education is key to building a continued culture of security. Education and learnings on the impact of the breach ramifications – from board level to new recruits – is essential, at all times building cyber security as an enabler rather than another workflow process to achieve. Successful financial companies who avoid security breaches on an ongoing basis additionally bring the importance of cyber security into annual employee reviews, keeping it top of mind and primary to employees’ performance (and renumeration). HR therefore also play a key part determining a blame-free, but responsible and empowering security culture.

Empowering Employees

Establishing a culture means by its very nature, that all are driving towards the same goal. That means gentle, but constant re-enforcement. And here’s where the third part of cyber empowerment needs a careful balance to avoid falling into negative scare tactics or blame. Financial CISOs, for their part, need to at all times, empower employees with the right tools and resources to intelligently identify, question and report suspected attacks. They also need to deploy easy to use, reliable preventative tools such as password managers and dependable email security software, while not neglecting their own role in the ongoing monitoring of asset discovery to see which assets and software are lurking in the infrastructure (or may have been recently added to the infrastructure). Endpoint security, especially in hybrid environments, is more important than ever in these environments.

Once a culture exists internally, next, CISO attention must turn towards suppliers and partners who themselves can create an entry point for breach. This can be achieved by clearly setting the organisations cyber security expectations up front and asking suppliers to prove compliance and adherence towards these standards, but within a reasonable, pre-agreed timeframe.

Creating this inherent cyber culture can only occur through ongoing education and training of employees on the ever-changing threat landscape and linking the importance and rationale to adopt best practices. To achieve an ongoing culture of acceptance, cyber security must clearly help employees get their jobs done so that being security conscious is a positive, ongoing experience for any financial services business.

Continue Reading

Magazine

Trending

Business3 days ago

How can businesses boost employee experience for finance professionals?

By Martin Schirmer, President, Enterprise Service Management, IFS Over the course of the last year, The Great Resignation has seriously...

Business4 days ago

CBDCs: the key to transform cross-border payments

Dr. Ruth Wandhöfer, Board Director at RTGS.global   If you work in finance, you’ll have been hearing a lot about...

Business4 days ago

Green growth: The unstoppable rise of climate technology investment

With the investment community focusing more and more on renewable technologies, investor interest is at an all-time high. Ian Thomas,...

Business4 days ago

Bolstering know your customer processes as regulation tightens

Nick Payne, banking services, customer advisory, SAS UK & Ireland, discusses how new technologies allow financial services companies to develop rigorous KYC...

Finance4 days ago

The penny has dropped – the finance sector needs Data Governance-as-a-Service

By Michael Queenan, Co-Founder and CEO at Nephos Technologies   In our data-driven world, the amount of data is growing...

Business4 days ago

Seven tips for financial services brands using mail

By Cameron Russell, Head of Marketing at Marketreach   Customer experience (CX) is a powerful differentiator for modern brands. If...

Top 104 days ago

Turn the data landfill into an insight goldmine

Andrew Watson, CTO, MHR Today, businesses have access to a wealth of data, with vast amounts of information created daily....

Business4 days ago

A Culture of Cyber Security Throughout Financial Services Organisations

Michael Cantor, CIO, Park Place Technologies Financial Services organisations have long been a top target for cyber-attacks given both the...

Business6 days ago

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation The strongest recommendation yet by the Financial...

Business6 days ago

On-demand pay: why payroll needs a modern approach

Byline:  Paul Bartlett, CEO, CloudPay   While the world of work has evolved drastically over the last decade, payroll has...

Business6 days ago

 ‘What should real estate investors be doing now – has the market hit rock bottom or is now the time to buy?’

Following many years of housing prices soaring and competition steadily increasing, real estate growth has finally started to slow, likely...

Business7 days ago

Expert Guide for Email Marketing to Improving Your Conversion Rates

If you talk about email marketing campaigns, it would seem like an old-fashioned advertising style. But it is still an...

Banking1 week ago

Augmented automated underwriting and the evolution of the life insurance market

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions   It’s almost inevitable. Spend your working life...

Banking1 week ago

ESG in the finance and banking industry – are you ready?

By Julian Moffett, CTO BFSI, EDB   Environmental, Social and Governance (ESG) has soared towards the top of banking, financial...

Top 102 weeks ago

An Entrepreneur’s Guide to Investing in Bitcoin

Marcus de Maria, Founder and Chairman of Investment Mastery.   Over recent years, Bitcoin has been steadily growing in popularity...

Business2 weeks ago

Overcoming macroeconomic challenges

By Mike Chambers, formerly CEO of Bacs and a consultant at Access PaySuite.   For businesses offering a subscription-based service, the...

Banking2 weeks ago

How unlocking the potential of tokenised markets can help banks keep pace with the digital economy

Giulia Secco is the Strategic Partnership & Ecosystem Manager at Fnality International.   In the aftermath of the 2008 financial...

Banking2 weeks ago

The role of Artificial intelligence in compliance at banks

Sujata Dasgupta, Global Head – Financial Crime Compliance Advisory, Tata Consultancy Services   There’s not a financial institution across the...

Technology2 weeks ago

Scaling securely in the automation-first era

By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk   Robotic process automation (RPA) has been one of the...

Business2 weeks ago

Putting technology to work on entrepreneur fund-raising

By Simon Glass, CEO, Qodeo   Human relationships are behind the most successful venture capital deals. The chemistry between an...

Trending