Connect with us

Technology

WHAT CAN WE EXPECT? 2020 CYBER PREDICTIONS

By Ryan Trost, Co-founder and CTO, ThreatQuotient

 

As the 2020 budget meetings come and go – teams are forced to assess their current defenses by analyzing their historical attacks in order to anticipate/predict future attack trends.  A difficult but worthwhile exercise for security leadership as they attempt to assess the adversaries’ trajectory and work to remain several moves ahead.  More often than not, adversaries stay true to their methods but only make slight variations to their attacks – why change what historically works?!  Which leads me to be first 2020 premonition.

 

A sharper concentration of cloud attacks.  Companies continue to flock to cloud deployments, both private and public, to regain budget and unburden their IT departments.  Teams have slightly more control and oversight over private cloud deployments but the public multi-tenant cloud deployments are target rich for an attacker.  No need for the adversary to enumerate their prey when they can infiltrate the ‘entire herd’.  By studying how a single cloud technology operates from infrastructure to defenses, adversaries become more efficient and significantly decrease their attack costs.

 

Ryan Trost

Most adversaries are driven by financial gains and a significant operating metric for them revolves around their operational costs.  Very similar to our defensive budgets, adversaries must weigh their operating costs against their potential profits.  Therefore, their motivation to gain access to cloud environments provide an exponential financial gain.

 

I am not saying “all” cloud deployments are doomed but security teams must absolutely have a voice at the table when deciding ‘which’ cloud environment.  Security teams must evaluate and scrutinize cloud security practices to ensure due diligence is being performed by the vendor – for instance, ensuring the cloud vendor is undergoing routine penetration tests and not only resolving any weaknesses identified but how quickly is their security team identifying the penetration test.

 

Staggering Surge of Botnet Armies. Botnet armies are nothing new, however, as endpoint devices in households become “connected” and schools provide each individual student with personal computing devices it opens the doors for widespread takeover.  I can appreciate the benefits of every single student having a tablet (or equivalent) for schooling.  However, I struggle to find the legitimacy of why my refrigerator needs an Internet connection, or for that matter, a video conferencing feature. As with any botnet army the individual devices don’t hold any real threat value but when controlled in the masses they provide a formidable attack mechanism for cyber criminals.  Whether used for computation resources (think brute forcing passwords) or used to launch denial of service attacks against a target the volume of botnet armies will surely increase exponentially.

 

An Operational Technology line will fall victim to a ransomware threat. Operational Technology networks are the primary lifesource for oil, gas and energy companies, as well as, massive manufacturing industries such as automotive.  These environments typically rely heavily on older infrastructure and technology and are infrequently updated to the latest security levels.  Oftentimes, OT networks are overlooked because they don’t have the traditional weak points most organizations are defending for two primary reasons: 1) they generally are not connected to the Internet and 2) do not have the high number of end users who are susceptible to crafty email spear phish attacks or ‘click-happy’ websurfing.  But as manufacturers live and die by product branding the importance for a company to comply with criminal demands warrants a lofty ransom threat.  I predict 2020 will see at least one high-value OT network get infiltrated and held for ransom.

 

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

HOW CHARITIES CAN MEET TOMORROW’S DIGITAL CHALLENGES?

By Steve Georgiou, Business Consultant at Xpedition 

 

Charities are under constant scrutiny for how they handle their finances. Budgets are often squeezed and as a result, it can be hard to justify spending on mediums such as new technology, which aren’t always seen as “necessities.”

And yet, there’s a new generation of workers waiting in the wings who have grown up using technology in all aspects of life.  There are also 57% of charity employees who believe the sectors’ development is being hindered by lack of embracing new technology. For those that are willing, a digital strategy has never been more important for a charity’s future outlook.

 

The Next Generation

Many organisations are not prioritising the technological expectations of today’s younger generation. -. Everything outside of the workplace for the upcoming generation is already technology-driven, including the skills they’re learning right now. It’s already disrupting industries and career plans, and by the time this generation steps into employment, the way we live and work will have become even more advanced.

Competition in the Third Sector has always been on the up. Donation methods have changed, securing funds has never been more competitive, reporting is now a lot more stringent, and the next generation of employees have defined efficient methods of ensuring the organisation they are employed by is not left behind.

For charities that are using legacy financial systems that are often old, outdated and costly to maintain, if they do not take the steps now to digitally transform, they’ll fall further behind. Good governance dictates Charities should be investing in modern technology to support the organisation in both its medium- and long-term digital strategy. Ultimately, Charities want to engage stakeholders and employees, simplify processes, streamline efficiency and guide change – but they cannot do this without investing in modern technology to enable change in this fast-moving digital world we live in.

 

A Digital Future 

In times gone by, financial systems were predominantly used to support the back-office finance function. This has all changed. With advances in technology, such as the latest all-in-one financial management solutions, there are now tangible benefits that add value to the whole organisation.

These tools can strengthen decision making, reduce administration time and provide real-time, accurate reporting, all of which are valuable assets for tomorrow’s demands.

There is a real case to be made for a fully digital third sector using financial technology one which thrives and gives not-for-profits huge benefits:

 

Data Management and Analysis

The contemporary digital landscape is all about big and beautiful data. Job roles are evolving to cater for the data boom, organisations are now hiring increasing numbers of Data Analysts and Business Analysts. And one of the most significant benefits that the third sector can expect to see by taking on digital methods is greater data transparency.

The world’s most valuable resource is no longer oil, but data. Data is being transformed into a core asset, one which is being used to tackle charity-wide challenges. Daily admin duties such as data analysis and entry are being taken over more and more by financial management solutions.  This not only removes the need for online time-heavy tedious tasks, but also reduces the number of different sources people have to use to find and analyse data.

Whether it is finance, fundraising, HR or anything else, the efforts of the organisation should be in the analysis of the data to make better informed decisions in the best interests of the charity.

 

Use Cloud to Reduce TCO 

The resistance to change and the associated investment have been barriers to digital transformation for charities. Every organisation wants to achieve greater efficiency and free-up further funding for their frontline

Activities, such as maintaining hardware and the disruption of upgrading are all a thing of the past.

From maintenance to mobility, cloud computing can help you to significantly reduce the Total Cost of Ownership (TCO). With the cloud, there is no need for onsite hardware or expensive upgrades – you are simply sent a URL for storage. This offers you the flexibility to scale your data storage capacity depending on your needs at the time, avoiding the need for expensive hardware. This on-demand, “pay as you grow” approach avoids hedging your bets on unnecessary data storage. The cloud also has greater mobility, allowing for remote workers to access communications from anywhere, with no further technology needed. Backup and restore can be initiated from any location, using multiple devices, and does not need maintenance – reducing the need for a dedicated IT person.

 

Consider Digital, before your Charity becomes marginalised.

With a new generation of workers waiting in the wings, and financial management technology that has the power to provide value for all aspects of the organisation, a digital strategy has never been more important for a charity’s financial efforts. They will not settle for a business that is stuck a decade behind due to not embracing change.

Continue Reading

Technology

COUNTING THE COST OF SILENT CYBER

– Akber Datoo, Founding Partner, D2 Legal Technology

 

Damaged reputation. Financial loss. Punitive capital adequacy provision. Silent cyber is one of the biggest issues facing the insurance industry. Yet despite the Prudential Regulatory Authority’s (PRA) demands for robust action plans, few firms have put in place the document digitisation required to truly understand the level of risk. Further, it is somewhat ironic that an industry that is predicated on pricing risk, is failing to assess and understand this risk that exists today in its back catalogue. From determining the current silent cyber position to identifying policy wording changes and analysing the legacy book, Akber Datoo, Founding Partner, D2 Legal Technology, highlights the need to digitise policy documents.

 

Non Affirmative Loss

“Silent Cyber” is the term given to cyber related losses that may/or may not fall under a traditional property and liability policies that were not designed for that purpose.

The concerns of silent cyber have recently come to the fore and the shock waves created by the Mondelez / Zurich Insurance case have reverberated around the market. Whilst publicity may have temporarily abated over the past few months, very few insurance companies have begun to truly address the risk posed by silent cyber. In an industry predicated on strong reputation, the decision by Zurich to reject a claim from a client whose business had been devastated by the NotPetya cyber-attack in 2017 made headlines around the world – not least for citing exclusion for ‘hostile or warlike action in time of peace or war’ by a ’government or sovereign power’.

Yet as the cost of such attacks are being counted, the impact of silent cyber on the industry as a whole is becoming painfully apparent. PCS Global Cyber has recently attributed 90% of the insurance industry’s losses relating to the NotPetya cyber-attack to non-affirmative (silent) cyber, and the rest to affirmative losses.

Certainly, the PRA believes the UK insurance industry can do more to ensure the effective management of affirmative and non-affirmative cyber risk exposures. It has ordered firms to develop an action plan, with clear milestones and dates by which action will be taken.

 

Divergent Attitudes

Despite the cost to the industry, there remains a concerning lack of consistency in terms of risk awareness and planning as well as risk appetite and understanding. The PRA’s own survey in 2018 revealed significant divergence in firms’ views of the potential exposure to silent cyber. Within Marine, Aviation and Transport (MAT), Property and Miscellaneous lines, exposure was rated at anywhere between zero and the full limits.

With PCS Global Cyber believing the cost to the industry of NotPetya associated claims has now exceeded $3 billion, there is ever greater focus on insurance companies’ cyber stress tests. Fears that gross losses could run into the multiples of annual cyber premiums are very real. However, to date such exercises are based on minimal fact: firms lack robust or reliable claims data relating to silent cyber. As a result, models are immature and there is little faith in the resultant capital adequacy calculations. Just how much capital should the regulator demand firms to set aside against possible exposures when the silent cyber risk is so poorly understood?

In addition to the model and assessment demanded by the PRA, firms need to look closely at existing policy documentation to gain better insight into risk. What is the current position? Does wording need to be amended to address silent cyber risk? How can the legacy book be analysed and key data and wording from the contracts extracted to assess the potential silent cyber exposure going forward?

 

Document Digitisation

In many ways, the insurance industry is better placed than many for the challenges ahead. Document digitisation has been on the agenda for some time and the industry has already created clause libraries to make it easier for firms to gain access to vetted policy wordings and regularly used clauses. However, the low take-up of these libraries is disappointing. Not only do firms have a somewhat confusing choice – between the Lloyd’s Wording Repository, the IUA (International Underwriting Association) Clauses Document Library and the Xchanging Model Wordings Library, but the checklist structure is not providing the required solution.

Insurance companies and brokers need to better understand how to use these clause libraries within current business models, preferably in tandem with a document generation tool to improve data management. The goal is to create data driven contracts, where documents are drafted based on known outlooks. But to get to that point, firms need to actively embrace document digitisation to gain a better handle over the current risk position and create a foundation for rapidly changing wording to avoid any ambiguity regarding silent cyber. Moreover, we need the link wordings in clause libraries to classified business outcomes, and then derive business intelligence from policy portfolios.

 

Conclusion

No firm wants to risk the reputational damage associated with refusing a high profile claim – nor endure the huge losses associated with attacks such as NotPetya. With the rise in cyber attacks, this is an issue that has to be addressed immediately: firms need to act now and embrace the opportunity of digitisation strategies within policy documentation to mitigate the potentially devastating silent cyber risk.

 

Continue Reading

Magazine

Partner Events

Trending

Finance23 hours ago

HOW ENTERPRISE INFORMATION MANAGEMENT, CLOUD AND ANALYTICS WILL IMPACT FINANCIAL SERVICES IN 2020

Richard Mill, director at Business Systems (UK) Ltd   Business Systems’ Will Davenport on which drivers of change will most...

News23 hours ago

CAPITAL MARKETS PARTICIPANTS HAVE HIT A WALL WITH COMPLIANCE, NEW INTERNATIONAL STUDY FINDS

The research suggests that many broker-dealers and other trading entities have come to a fork in the road, where they...

Banking4 days ago

BANKS UNDER ATTACK: HOW FINANCIAL INSTITUTIONS CAN PROTECT DIGITAL GROWTH

By Victor Acin, Threat Intelligence Analyst, Blueliv   Financial services firms are increasingly being told to embrace disruption in order...

Banking4 days ago

THE ROLE OF NEW TECHNOLOGY IN DEVELOPMENT OF MYANMAR’S BANKING INDUSTRY

U Htoo Htet Tay Za, Managing Director, AGD Bank   Myanmar’s economy is one of the fastest growing in Asia...

Business4 days ago

WHY 2020 IS THE RIGHT TIME FOR FS MODERNISATION

Chris McLaughlin is chief product and marketing officer at Nuxeo   Few would argue against the notion that the UK...

Top Stories4 days ago

WHAT DOES 2020 LOOK LIKE FOR P2P LENDING?

By Roberts Lasovskis, Investment Platform Lead, TWINO   It’s a new year; time for resolutions and forward planning, positivity and...

Business5 days ago

WHY MAKING MONEY ON YOUR MOBILE IS EASIER THAN YOU MIGHT THINK

Aaron Brooks, Co-Founder of  Vamp   For Millennials and Generation Z, becoming a social media influencer is an increasingly desired...

Interviews5 days ago

DIFFERENTIATION – THE KEY TO THRIVING IN A SATURATED MARKET

Graham Glass, CEO of Cypher Learning   What has enabled Cypher to continue to grow in an increasingly saturated market?...

Finance5 days ago

WILL BLOCKCHAIN REVOLUTIONIZE FINANCE?

By Ken Timsit, ConsenSys   Over the last 10 years, researchers, software developers, start-ups, and large companies have been conducting...

Banking5 days ago

FIVE FINANCIAL SERVICES TRENDS FOR 2020: BIGTECHS SWOOP IN, BANKS GO ON THE OFFENSIVE AND CRYPTOCURRENCY STALLS

Rahul Singh, president of financial services at HCL Technologies   We’ve just finished a very exciting decade in financial services, with new...

Wealth Management5 days ago

COMBATING INSURANCE FRAUD WITH MACHINE LEARNING

By Georgios Kapetanvasileiou, Analytical Consultant at SAS   Most insurance companies depend on human expertise and business rules-based software to...

Business5 days ago

DELIVERING SUCCESSFUL IT SYSTEMS THROUGH THE POWER OF PARTNERSHIPS

By Mike Smith, Executive Director, Virgin Media Business (Direct)   Is there anything more frustrating than finding out your bank account...

News5 days ago

BATTLEFACE RECEIVES INVESTMENT FROM FINTECH VENTURES FUND

battleface Inc., a rapidly growing tech-enabled insurance startup focused on providing travel insurance products for unconventional travellers worldwide, announced today...

News5 days ago

VANQUIS BANK PARTNERS WITH HOOYUTO DIGITALISE KYC PROCESSES

HooYu KYC digital journey deployed during the customer lifecycle on a risk-based approach   Leading customer onboarding and KYC technology...

Banking5 days ago

WHY NEOBANKS ARE ON THE RISE IN THE UK

New research by SmallBusinessPrices.co.uk analyses how neobanks are on the rise and why they’re so popular amongst consumers compared to...

Finance7 days ago

RECOLLECTING 2019 CRYPTOCURRENCY TRENDS & LOOKING FORWARD TO 2020

Marie Tatibouet is the CMO at Gate.io   It has been a bold and progressive year for the digital asset...

Banking1 week ago

WILL HONG KONG REMAIN THE JURISDICTION OF CHOICE FOR OFFSHORE BANKING?

Hong Kong has traditionally been seen as a tax haven and the financial hub of Asia, if not the world....

Technology1 week ago

HOW CHARITIES CAN MEET TOMORROW’S DIGITAL CHALLENGES?

By Steve Georgiou, Business Consultant at Xpedition    Charities are under constant scrutiny for how they handle their finances. Budgets...

Business1 week ago

RECALL YOUR REPUTATION: HOW TO HANDLE PRODUCT RECALLS

By Alex Balcombe, Partner at Harris Balcombe   John Lewis, Tesco, and Hotpoint have all been in the news in...

Business1 week ago

THE WORLD’S MOST ENTREPRENEURIAL COUNTRIES PERFECT TO START A BUSINESS IN

Latona’s has analysed The Global Entrepreneur Monitor data to reveal the world’s most entrepreneurial nation. Analysing each country by a...

Trending