Connect with us

Business

WHAT CAN WE DO TO IMPROVE SECURITY AWARENESS TRAINING?

Published

on

By Oz Alashe, CEO, CybSafe

 

Cyber security issues have been the talk of the town during the pandemic. This year in particular has witnessed a surge of ransomware attacks and data breaches. The news is frequently covering the unfortunate attacks, with a range of organisations and institutions falling victim to the attackers. Schools, hospitals, large corporations, the list goes on.

This is an increasingly worrying concern for all. The threat is not slowing down – rather, it is growing, both in scale and sophistication. CybSafe’s recent analysis of ICO data found that ransomware attacks on UK organisations doubled in the first half of 2021. For every ransom attack that is put to sleep, another soon awakens and sometimes, with just as much venom as the last.

To combat this growing threat, businesses have recognised the need to invest more time and resources into cyber security initiatives and training programmes. The finance and insurance sectors recognise the importance of this the most, with 72% of financial institutions saying cyber security is a very high priority for them. However, new research from CybSafe and the National Cybersecurity Alliance has found that 61% of cybercrime victims chose not to report their attacks, compared to 39% who did. If the majority of people are not reporting cybercrime – despite the training offered –there is a need to reassess the approach taken to raising security awareness.

Existing programmes must deliver results. If this is not addressed, then employees quickly become disaffected with these initiatives and no real change is realised, leading to business leaders becoming impatient as their time and effort are seeing little impact. To meet growing cyber threats and ensure security awareness is as effective as possible, our approach towards current initiatives should be fine-tuned. But we must make sure all initiatives go beyond just awareness. An approach towards cyber security that brings genuine behavioural change should be created. It’s paramount to creating long-lasting change.

 

Oz Alashe

Security awareness: what is it?

To improve security awareness within an organisation, we need to truly understand what it is and what it entails. Security awareness is a way for organisations to have a better understanding of human cyber risk, making employees aware of how their behaviours impact the cyber security of a business as a whole. When it is done right, it builds a culture of good security hygiene and helps to improve customer trust.

 

Where are businesses going wrong?

Many financial institutions recognise the importance of security awareness, but not all of them are witnessing tangible results from their efforts. This is predominantly due to the phrase ‘awareness’ being taken too literally. A durable security culture is constructed from legitimate behavioural change. This goes far beyond the border of just being aware of threats. Behavioural change provides employees with the tools they need to protect both themselves and their organisations.

Businesses will often use exercises and initiatives that set out to reduce cyber risk, though these are quickly forgotten after completion. The best forms of education do not solely involve telling employees what they need to do. The best forms of education require buy-in from both parties to make an impact. Security awareness initiatives have to extend beyond the standard tick-box training exercises – they must inspire change that is impactful and measurable.

 

What is an effective approach to improving security awareness?

There are methods that businesses can adopt to improve security awareness training among their employees.

Planning and personalisation are key. Businesses must be clear on who the programme will be aimed at, the exact plans for delivery, and what areas need to be covered given the specific needs of the organisation. For example, the financial service sector has been particularly susceptible to ransomware attacks for some time.  This research should not be done on the spur of the moment, only to not be revisited. Cyber threats are evolving continuously, so the methods businesses choose to ward it off should evolve just as frequently too.

This same mindset is needed regarding security awareness in general. Training is quickly forgotten if it is only delivered as a one-off event. Taking this into account, an effective way to combat forgotten training is through the use of behaviour.  Behavioural nudges and the setting of regular goals tailored to each individual is key. Organisations can then ensure employees are in the loop with the latest threats and that they are frequently learning behaviour that in time, will help them to mitigate threats regularly.

Data is the master key to unlocking insights on behaviour to create training such as tailored goals and behavioural nudges. If an organisation cannot measure the progress of its security awareness initiative, then it won’t be able to identify clear-cut change. Metrics help set what measures will have the most impact at the start of a campaign. Metrics also guarantee campaigns deliver on their promise.

 

Throw away the blame game

To ensure these measures are a success, businesses have to discard the blame game that often accompanies cyber security initiatives at its heel. People should not be seen as the weakest link. They are, the first line of defence against cyber crime, often standing eye to eye with cyber criminals.

As a result, businesses must do what they can to ensure employees are well equipped to fend off and avert these online attacks. They should also encourage a supportive culture and environment. A supportive culture, tailored goals and clear metrics are the blueprint to building a top-notch security awareness that is set to guarantee genuine behavioural change.

 

Business

Four ways traders can manage risk

Published

on

By Dáire Ferguson, CEO at AvaTrade

 

Understanding the markets in which you are trading is incredibly important to optimising profit, as well as manging risk and loss. While trading can be incredibly lucrative, it can often be difficult to judge which way the market will move – especially when executing shorter-term traders, where unknown factors can cause unexpected movements. Being aware of the risks is vital to avoid unnecessary losses and to optimise the trading experience.

Dáire Ferguson

There are several techniques that can be employed to make sure the risks associated with trading are controlled, rendering the trading experience smoother and more enjoyable. From beginners to experts, having these tactics in your arsenal will enable traders to be savvier, and more confident.

 

Understanding the risks

To really be able to manage risk, it is imperative to understand the two types of trading risks.

 

Leverage

Leverage is where traders stake only a percentage of the value of the underlying asset they wish to trade on but accept exposure to the full value of the profit and loss that comes with the asset’s price changes. This enables traders to take sizeable positions for comparatively less trading capital, thus providing an opening for big wins and substantial rewards.

However, with this comes the risk of similarly significant losses. As an example, if a trader opens a £100 trade on an asset worth £1,000, using leverage of 10:1, this means that if the assets value increase by 10 per cent, the trader’s money will be doubled. But if it drops by just 10 per cent, the trader will lose all their stake. This balance of high risk and high reward necessitates careful management. Leveraging typically applies to purchasing and trading contracts for difference (CFDs).

Volatility

Volatility is characterised by unexpected fluctuations in the prices of assets and is defined as the rate at which pricing rises or falls given a particular set of returns. Volatility applies to all assets, but the regularity and size of price changes differs hugely across different asset groups. In fact, in some markets, volatility is actually predictable. The cryptocurrency market is well known for its fluctuations, characterised by frequent and, often, significant changes in price.

There are scenarios in which volatility can be desirable for some traders as it fosters greater profit margins. However, it also sharply increases the potential for large losses. Nevertheless, there are a number of ways to spot incoming market fluctuations. These include economic volatility, geopolitical tensions, and changing policies.

 

Managing the risks

 

Choose the right broker

So, what can traders to do manage these risks? The first step is to choose the right broker. Having the right broker can go a long way to limiting the risks that come with trading, including managing counterparty risk. For example, when you purchase CFDs, you are purchasing a contract with a broker – not the asset itself. Therefore, traders must be 100 per cent certain in the knowledge that the broker they’ve chosen to operate with is capable of making good on the value of that contract.

Traders who are just starting out on their trading journey should look to open a trading account with an established name that is well regulated in a variety of jurisdictions. Higher-quality brokers will generally have a wider range of risk management tools and offer better features, which will allow traders to manage the buying and selling of assets in a better, more sophisticated manner.

 

Take out protection on riskier trades

For new traders, or those who are looking for extra support, it is worth considering taking out protection against losses for a set period of time. Certain brokers offer risk management tools that provide thorough protection against such losses. These tools generally require just a small fee, not unlike the premium on an insurance policy. These risk management tools allow users to stay in the trade, riding out any short-term drops in value and benefitting from a positive overall momentum of the position. Therefore, if the market moves in a different direction to what was originally expected, users only lose the cost of purchasing the protection and can recover their losses.

 

Set-up stop-loss orders

Another form of protection against losses is through a stop-loss order. This is an instruction that is executed automatically when certain conditions are met. Therefore, stopping losses from falling below a certain point, and setting a limit on how much an investor can lose on a trade. In the case of a stop-loss order, the position is sold at a predetermined rate – below the current market price for a long position, or above the current market price for a short position.

Stop-loss orders remove the user from the trade at a set price drop. In comparison, risk management tools allow the user to ride out any short-term drops in value, with the potential to benefit from a positive overall momentum of the position.

 

Manage the capital-to-trade ratio

One simple way traders can reduce the risk of accumulating excessive losses is to keep their capital-to-trade ratio under control. This is the amount of capital left exposed to losses in trades compared to the total amount of capital traders have available to themselves.

A sensible rule for traders to follow is to not exceed a capital-to-trade ratio of 10 per cent, and not to risk more than two per cent of the overall capital on a single trade. This doesn’t mean always taking very small positions – it means traders should hedge their risks on whatever positions they choose to take.

It is important that before traders even begin to trade, they make sure that they understand the risks they face. Once they have taken the time to do that, they can begin to contemplate these four ways to manage those risks and then start trading. This is an exciting time to be entering the world of trading, and these considerations should ensure that the trading experience is as enjoyable and profitable as possible.

 

 

 

Continue Reading

Business

Out of office, home and away, moving up, moving on; when security goes AWOL

Published

on

By

Steve Bradford, Senior Vice President EMEA, SailPoint 

 

The financial services industry has one of the highest rates of insider data breaches, costing on average $21.25 million in the past year alone. Whether it’s an employee acting with malicious intent, or through accidental data mishandling, staff have access to sensitive information and systems that make them a constant vulnerability. And this threat only escalates when staff go on the move.

With the summer holiday season upon us, thoughts will be turning to well-deserved time off, travel and downtime. However, for many, especially in the financial industry, the notion of waiting until the summer months to sample a new life was not feasible. In the period following Covid, the industry has suffered at the hands of the Great Resignation as burnt-out employees left for new roles. As a result, research from PwC suggests that financial services leaders have had to prioritise employee retention amid the swathes of staff exiting.

This exodus is not just a threat to the workforce itself. It also results in greater threats to resilience, security and compliance. Ensuring that the doors to the organisation’s data are appropriately locked behind them is vital whenever employees are on the move. When a staff member leaves a bank or financial institution, security leaders must ensure they have not inadvertently handed over the keys to the safe as a leaving present. Revoking any and all access and privileges to company data must be a priority.

 

Don’t leave the door ajar 

Disorganised, ill-managed and manually-processed access requirements and identity management protocols are an open invite for security breaches.

However, it is not just those leaving for good that pose a threat. Recently promoted your long-serving payroll manager to a longed-for role in financial oversight? That positive move could result in entitlement creep, where the permissions to data, apps, information and systems she enjoyed in payroll follow her to her new home.

Permission creepers are those staff who collect permissions and access rights as they go through their career, picking up credentials to systems and data as they go. Of course, to restrict the opportunities for hacking, insider threat or illegal or incompliant activity, permissions should only be granted when relevant and required for an individual’s job. However, too many companies allow permissions to creep by not taking a proactive approach to access. This can result in toxic permissions combinations, where employees are granted inappropriate access to the systems, making fraud and error far more likely.

Even a simple summer holiday can provide an open-door opportunity. We are all conscious about signaling to would-be home burglars that we are going away on holiday, and we will take steps to protect our property in our absence. The same principle applies to businesses with staff out of the office on vacation – potentially logging in from insecure locations or signaling to cybercriminals that their attention is elsewhere.

The results of leaving the door ajar are costly. According to the IBM Cost of a Data Breach Report 2021, the average cost of a data breach in the financial sector is $5.72 million.

Permissions creep, unrevoked access and unmanaged identity provide the perfect conditions for the insider threat to propagate. As Gaurav Deep Singh Johar, of the Information Systems Audit and Control Association explained, “While these challenges are present in any institution, insider threats pose a greater risk for banks. There is a big reputational impact, thanks in part to increasing regulatory oversight.”

 

Don’t let permissions security set sail into the sunset

Financial organisations are complex landscapes, with labyrinthine corporate structures and siloes that cast a dark shadow over access and identity visibility. However, identity security technology is moving fast. Now, automated systems powered by AI and machine learning mean that permissions can be automated and access granted on a need-to-know basis, based on individuals’ employment status, roles, and responsibilities.

An automated system will quickly track down and disable ex-employees’ accounts and automatically halt permissions creep as employees move about the organisation.

The same technology can now also be even more diligent than that, monitoring access requirements based on any change in the workforce, like people being out of the office.

The evolving variety and fluctuating workforce mean that the insider threat can only be met with automated, streamlined identity security that moves as quickly as employees themselves. Without intelligent, streamlined identity governance, banks cannot ensure they are in a state of compliance, nor ensure cybersecurity in real-time. They also miss out on opportunities to improve operational efficiency and reduce the risk of fraud and error. Automation also ensures the accuracy and completeness of data sets so critical for keeping on top of compliance and delivering critical services.

As financial workforces are on the move, home and away and to pastures new, now is the time for banks to give identity security its time in the sun. Do not let shifting sands collapse the walls around you. Wherever your employees are coming from and going to, robust security and sustained compliance start with automated identity management.

 

Continue Reading

Magazine

Trending

Business19 hours ago

Four ways traders can manage risk

By Dáire Ferguson, CEO at AvaTrade   Understanding the markets in which you are trading is incredibly important to optimising...

Top 101 day ago

Pro Tips To Consider Before You Decide To Refinance Your Vacation

Refinancing debt is when you attempt to apply for a new loan or debt instrument. The goal is to get...

Finance1 day ago

The Rise of the Modern CFO: A Leader for the Information Age

Adam Zoucha, Managing Director, FloQast EMEA   Financial management is one of the oldest professions in the world, and for...

Business1 day ago

Out of office, home and away, moving up, moving on; when security goes AWOL

Steve Bradford, Senior Vice President EMEA, SailPoint    The financial services industry has one of the highest rates of insider...

Top 101 day ago

Looking to the future: How the insurance sector can meet new customer demands

By James Harrison, Head of Insurance at Dun & Bradstreet   It’s been over two years since the pandemic began,...

Business1 day ago

How IT optimisation can reduce costs and increase efficiency for businesses

by Alan Hayward, Sales and Marketing Manager, SEH Technology   In today’s digital world, business success is centred around technology....

The data literacy gap The data literacy gap
Business1 day ago

How Strong Customer Authentication can Prevent Cart Abandonment

Sham Careem, Telecom Solutions Consultant, Infobip   In 2020-21, UK residents and businesses lost over £2.5bn to fraud and cyber-crime....

News1 day ago

OneID® is now a certified Digital Identity Service Provider (ISP) under the UK Digital Identity & Attributes Trust Framework (DIATF)

OneID® is now a certified Digital Identity Service Provider (ISP) under the UK Digital Identity & Attributes Trust Framework (DIATF)...

News1 day ago

Lack of corporate disclosures forces asset managers to cast a wide net for ESG data

Buy-side financial services firms using an average of close to ten ESG sources today   More than seven out of...

Business1 day ago

Why mid-sized businesses are the driving force behind global B2B payment innovation

By Spencer Hanlon, Head of Europe, Nium   Change is coming to global B2B payments, and it is being heavily...

Business2 days ago

Finance brands need a new approach in the Privacy-first era

By Richard Wheaton, UK MD of global data company fifty-five   Trust is a brand value that pertains to every...

Finance2 days ago

Why You Should Work on Your Financial Literacy

Ebo Aneju   A lack of financial understanding plagues our society. Most people have very little understanding of finances, which...

Business3 days ago

A new beginning for financial services B2B marketing

Michael Richards, Managing Director, alan agency   Financial services B2B marketing is dead. A bold statement with B2B ad spend...

Finance3 days ago

Boosting Blockchain Security with Graph Technology

Dan McGary is Senior Sales Executive for Mid-Market Enterprise East at graph database leader Neo4j   As blockchain-backed cryptocurrencies become...

Business3 days ago

Need a business broadband package? Here’s what you need to know

Author: Kerry Fawcett, Digital Director at Radius Payment Solutions   Does your business have a broadband supply that is speedy,...

Finance3 days ago

Double and triple extortion tactics cornering financial services organisations

By Ian Wood, Senior Director and Head of Technology, UK&I at Veritas Technologies   Ransomware continues to keep those in...

Banking3 days ago

How are Variable Recurring Payments set to revolutionise the future of banking?

Sean Devaney, Vice President of Banking and Financial Markets at CGI UK   The adoption of Variable Recurring Payments (VRP)...

Top 103 days ago

Energy Storage Represents Latest Investment Opportunity in the Clean Energy Transition

Alan Greenshields, Director of Europe, ESS Inc.  The ongoing transition to clean energy has spurred new technologies, new markets and...

Business4 days ago

Innovate UK £25 million up for grabs: July deadline approaching

By Emma Lewis, Myriad Associates   The latest instalment of Innovate UK’s SMART grant competition was launched in April and...

Business4 days ago

Is telephone Hot Desking really needed anymore?

By Simon Horton, VP of International Sales at Sangoma   The world of work has totally transformed as we all...

Trending