Connect with us

Business

WHILE HOLIDAY HACKS LURK, THE INSIDER THREAT MUSTN’T BE IGNORED

Published

on

Ben Bulpett, EMEA Identity Platform Director, SailPoint

 

The holiday shopping season is in full swing. Online sales are forecast to hit over £32 billion from mid-November to the end of December 2021. However, it’s not all glad tidings; more online shopping equals more sharing of online credentials and greater cyber risk. And this risk is prolific – hackers stole £754 million in the first six months of this year alone.

Where money flows, criminals follow. Methods used by cybercriminals to infiltrate and exploit the swell of online retail are becoming increasingly more sophisticated. For example, almost one-third of UK respondents to a recent survey said they had received emails and messages impersonating retailers over the past year. According to Which?, ‘smishing’ (SMS phishing) increased by 700% in the first six months of 2021.

With most credit card transactions at some point going across the banking network, and with the potential financial impact of customer fraud, banks need to be more alert than ever to who is accessing their systems and data. This isn’t limited to just outsider threats, despite these often dominating the headlines. Concerningly, the banking industry retains the dubious reputation of having the highest rates of insider data breaches across any sector. Not always criminal in nature, even accidental breaches can end in misery for customers and providers alike. Running through so many of these breaches are issues with identity access and security.

While external threats and attacks launched on unsuspecting customers will continue to evolve, banks and financial institutions must ensure their lines of defense remain water-tight. Using AI and machine learning, businesses can put in place appropriate identity security measures to detect unusual behaviour and take immediate action to stop a breach occurring.

 

Ben Bulpett

Making a list, checking it twice; who has what and why?

Managing internal threat, the risk posed by employees themselves, is not often top of the holiday list, with much focus on what criminals are doing to dupe holiday shoppers. When shopping online, banks need to ensure that both the device and the shopper’s identity are verified. However, with the genuine risk of internal data leaks, banks also need to ensure that the employees tasked with handling data and those who have access to it are appropriately screened and audited.

This starts with ensuring that data is only accessible to those who need to use it. Users with incorrect access privileges are one of the most significant areas of identity fraud. This also includes ex-employees who remain able to access systems due to poor identity and access management practices. Where malicious insiders are provided with access to the data they exploit, such seemingly ‘legitimate’ activity is much harder to detect than that of the brute-force hack.

There are also legacy issues that can lead to innocent leaks, where financial institutions still in the digital transformation process retain pockets of poor practice. Complex organisational structures mean many are still in a hybrid state where spreadsheets and other manual processes continue to sit alongside more sophisticated processes. This provides ample opportunity for unprotected documents that contain sensitive or PII data to be shared incorrectly or misdirected.

Without a complete view of all data access across an organisation, there is no way to uncover such hidden risk. This has been made harder during the pandemic where remote working, furlough, and unprecedented hiring have rapidly changed the employee mix and provided additional access points. With the government continuing to issue Covid-prevention measures in reaction to new variants, this landscape is ever changing, but systems and processes are not adapting at the same rate.

 

Top of the wish list

Even in the face of such challenges, preventative steps can be taken to mitigate insider threats. For example, IT teams can use automated access and geolocation alerts to spot abnormal behaviours. Made possible through AI and ML-driven security measures, this can be the basis of an agile identity security foundation that learns and adapt as business needs change.

Gaining a full view of customer data is hard when so much of this data is unstructured. We are not dealing with simple transactional data anymore. Indeed, some challenger banks, in particular, are increasingly using biometric authentication such as voice, fingerprint, or video (notwithstanding the recent wave of concern around deep fake technologies) within multi-factor authentication, giving rise to the need to protect extremely sensitive personal data, beyond the financial.

Identity security is a cybersecurity tactic that delivers a holistic view of data access in an organisation, with a pure view of all identities, their permissions, and actions. This provides greater visibility over each application, data repository, cloud service, and internal platform, reducing the risk of password duplication, permissions creep, and over-provisioning.

While much attention is on the risk posed by external holiday hacks and scams, the ongoing risk posed by the insider threat cannot be ignored. Identity security must be top of the wish list for banks seeking to shore up defenses against potential breaches or hacks. Any criminal activity that results in customers losing funds or having sensitive data comprised is clearly of the utmost concern to banks, both given regulatory fines incurred as well as major reputational damage. However, where that criminality results from poor internal controls and identity security, it is almost unforgivable.

During this holiday season, financial institutions, of course, must be alert and responsive to new scams and sophisticated external attacks. The risk is that this facilitates a blind spot, where they fail to see the threat sitting at their own table.

 

Business

Using OKRs to transfrom business in a new working environment

Published

on

By

Managing the challenges of rapid business growth while also adapting to a hybrid world of working forced by the global pandemic will be among the topics raised at this year’s international OKR Forum 2022.

National business coach Peter Kerr will highlight how the business management framework tool of OKRs can help overcome the challenges faced by hypergrowth companies, while also helping create a strong team culture to establish resilience to adapt to new ways of working.

Peter Kerr, MD of the rapidly expanding UK-based specialist coaching consultancy AuxinOKR, will be a key contributor to the OKR Forum event, being held virtually on February 3. He will be talking to Lavanya Gopinath, director of operations at Chargebee, about the challenges of rolling out OKRs across a global tech business with a geographically dispersed workforce.

The OKR Forum is the fourth event of its kind featuring a mixture of keynote speakers, expert workshops, and case studies of OKR implementation. Delegates can learn from international brands such as LinkedIn, Colgate-Palmolive, and Renault on how to engage teams for better outcomes with the agile goal and performance management framework, known as OKRs.

AuxinOKR, which has clients around the UK and overseas – including SAP, ASOS, Which?, Bitstamp, Chargebee and South African bank absa – has a proven record of helping ambitious companies and organisations establish an OKR strategy that enables them to achieve their goals.

Chargebee is a leading international subscription billing platform on a fast-track trajectory powering some of the fastest-growing SaaS and subscription-based businesses in the world. The company, valued at $1.4b in April 2021 has more than 3,000 customers across the US, Europe and rest of the world. Digital transformation has accelerated the opportunities for Chargebee, and the company saw OKRs as a tool to drive cultural change across the business.

Peter Kerr says: “Chargebee is a fabulous company with a great product. Digital transformation across more companies has created huge opportunities for Chargebee but they recognised they needed to change themselves to become a stronger, more agile, and resilient business.

“Chargebee saw OKRs as a way to create a focus and clarity across the entire business, spread across several countries. OKRs have helped establish a new culture, one where everyone is clear about the company vision and key goals and their roles in helping achieve growth and success.

“And, of course, this was made even more challenging by being implemented during a pandemic. OKRs helped Chargebee accelerate the push for collaboration, transparency and understanding during this difficult period.”

This year’s OKR Forum online event will feature world-class OKR experts such as Ben Lamorte, Felipe Castro, Francesca Nardocci, Melanie Wessels and many more, along with leading international companies.

Continue Reading

Business

The evolution of the CFO: 91% still carry out repetitive and manual tasks despite the new demands of their role

Published

on

By

‘The future CFO’ research conducted by Xledger, the cloud finance software provider, finds that there is a lack of support in helping CFOs to evolve with the new demands of their role. Some of the top frustrations that CFOs cited in their current roles include having to carry out repetitive and manual tasks (33%) the reliance on hard copies of documents or legacy spreadsheets (27%) and bottlenecks in the flow of information (26%).

Other key frustrations were being unable to spend time on strategic tasks (23%), being able to work efficiently when away from the office (23%), the number of silos making it difficult to work collaboratively with colleagues (20%) and a struggle to demonstrate compliance to regulators (19%).

Repetitive and manual tasks seem to be indicative of the finance role, with an enormous 91% stating that they need to carry out at least one of the above repetitive tasks as part of their job and this could be impacting their ability to carry out other aspects of their role. The research found that the more senior you are, the more likely you are to be carrying out repetitive tasks, with senior figures averaging 25 hours per week, compared to 15 hours for other finance decision makers.

Mark Pullen, CEO at Xledger comments, “The fact that the UK’s top strategic decision makers are spending up to 25 hours a week on low value-added tasks is astounding. The results of this research may highlight not only the stresses of the CFO themselves, but of their whole team. The frustrations and seniority differences are vital in informing the current dynamics, behaviours and commitments of the CFO role. If they are to evolve effectively, it’s evident that more support is needed to harness their strategic value. Business growth rarely comes as a by-product of doing more with the same level of resource – unless you factor in technology.”

When digging further into the study, there are some notable trends in terms of seniority and sector. For example, 38% of larger companies (5000+ employees) vs 28% of smaller companies (less than 50 employees) are frustrated by repetitive, manual tasks. This is likely a result of larger organisation’s needing more rigid processes in place than smaller, potentially more agile organisations.

Notably, the inability to work efficiently when away from the office was felt more by senior finance directors and CFOs (33%) than other finance decision makers (16%). This could be put down to a need to collaborate effectively with colleagues in more senior roles. 30% of senior financial directors and CFOs also stated that they’re frustrated about the number of silos and inability to work collaboratively compared to just 14% of other finance decision makers.

Xledger is a leading  true-cloud finance technology for mid-market organisations. With a suite of automation features including OCR, automated purchase invoice and expense handing, reoccurring and professional services billing and in-system payment processes our value, is giving back time to CFO’s and their finance departments, allowing them to spend more time of higher value-added activities.

The Future of the CFO study was conducted among 529 CFOs and financial decision makers in the UK during August and September 2021 by Sapio research.

 

Continue Reading

Magazine

Trending

News5 hours ago

Russia and Turkey still keep door open to crypto adoption

Bitcoin dropped around 5% yesterday after the much-anticipated FOMC meeting, where Jerome Powell was more hawkish than expected. Although there...

Business5 hours ago

Using OKRs to transfrom business in a new working environment

Managing the challenges of rapid business growth while also adapting to a hybrid world of working forced by the global...

Business5 hours ago

The evolution of the CFO: 91% still carry out repetitive and manual tasks despite the new demands of their role

‘The future CFO’ research conducted by Xledger, the cloud finance software provider, finds that there is a lack of support...

Finance5 hours ago

Why indirect tax continues to cause headaches for the finance, IT, and tax teams

By Roger Lindelauf, Director, SAP Centre of Excellence, Vertex Inc   Businesses across Europe continue to navigate a complex tax...

Top 106 hours ago

Why the rise of millennials spells change for insurance companies

By Stephan Kaiser, CEO at KoverNow   Most of us, regardless of our age, use our phones to inform shopping...

Banking6 hours ago

Cryptoassets and the European Central Bank’s new “PISA” Framework

Alpay Soytürk, Chief Regulatory Officer Spectrum Markets   The European Central Bank has published a new oversight framework for electronic...

Business6 hours ago

Are we there yet? The journey of consumer spending habits is not over

Dr. Alexandra Dobra-Kiel, Head of Behavioural Research and Insight, Behave   One of the upheavals in our lives over the...

Business2 days ago

What Every Small Business Should Do

The majority of the difficulties associated with establishing a business stem from failing to accomplish the small things correctly. The...

Business2 days ago

5 Ways That Businesses Can Get the Most Out of Their Digital Marketing

Everyone knows that the world of marketing has been changing for the last two or three decades. The days of...

News2 days ago

Transact365 launches seamless cross border payments in India

Transact365 enables merchants to transact locally in India Merchants can partner directly with Transact365 without needing to source local partners...

Banking2 days ago

Cloud technology in banking: Why adoption is on the rise

Alpesh Tailor, Executive Director at digital transformation specialist GFT   The banking sector has never shied away from innovation, whether...

Technology2 days ago

A Smarter World: What role will electronics play in 2022

There has been a sharp increase in technology and devices designed to make our lives simpler, faster and more productive...

Business2 days ago

Top 4 Electronics Development from 2021

Phil Simmonds, Chief Executive Officer of EC Electronics.   As we embark on a new year of business, it is a good time to...

Top 102 days ago

Investing in workforce intelligence now, leads to an optimised tomorrow

Michael Cupps (Senior VP, Marketing, ActiveOps) discusses four critical ways in which a new world of workforce data improves organisational...

CRACKING THE CRYPTO CODE CRACKING THE CRYPTO CODE
Business2 days ago

The Evolution and Challenges of Crypto Regulation

Cryptocurrency regulations are evolving quickly around the globe with authorities responding to developing risks professed by criminals exploiting the latest payment...

News2 days ago

Europe’s first blockchain neobank, BENKER, opens for pre-registration

BENKER(http://www.benker.io/) is to become the first officially licensed blockchain neobank launched in Europe following approval by the Bank of Lithuania under the Electronic Money Institution...

Technology5 days ago

AI-Powered Fraud Prevention for Digital Transactions

By Martin Rehak, CEO of Resistant AI Fraud is on the rise, thanks to the rapid escalation of digital channels...

Top 105 days ago

The future of retail trading

Joe Jowett, CEO of StrikeX   The 2020s look set to be the decade of the retail trader. As the...

Business5 days ago

Dissecting the expansion of online checkouts

Daniel Kornitzer, Chief Business Development Officer   Card payments have long existed as the preferred payment method for online consumers....

Business5 days ago

How bug bounty programs can help financial institutions be more secure

Rodolphe Harand, Managing Director at YesWeHack   Financial services have been one of the most heavily targeted industries by cybercriminals...

Trending