Connect with us

Business

WHY INSIDER THREAT PRESENTS A BIG RISK TO FINANCIAL SERVICES ORGANISATIONS

Written by Adam Strange, HelpSystems

 

In today’s highly regulated environment, financial services organisations are trusted with far more than just money; they are also responsible for keeping customers’ highly sensitive personal and financial data secure. And privacy legislation, such as GDPR and CCPA, has come into force to ensure that they are doing this diligently. Likewise, with the all the publicity we’ve seen around data breaches, as individuals, we are far more aware of the growing value of our data and the need to protect it. So, unfortunately, are cybercriminals, which means financial organisations are prime targets for malicious cyberattack. However, this isn’t the only threat they face. In fact, not a day passes without these firms’ own employees putting data at risk.

 

Insider threat cited as having the potential to cause a lot of damage

When it comes to reducing overall breach risk, it is easy to assume that employees represent low-hanging fruit – based on the premise that it is easier to control the actions of a company’s own employees than it is to defend against external attackers. However, here at HelpSystems we have recently undertaken some research, interviewing 250 CISOs and CIOs in financial institutions about the cybersecurity challenges they face. And the reality is that insider threat – whether intentional or accidental – was cited by more than a third (35%) of survey respondents as one of the threats with the potential to cause the most damage in the next 12 months. Likewise, phishing emails were cited by 20% of survey respondents. Add these two together and you can start to get a picture of the challenge these internal employee-centric risks present for financial services firms – perhaps a far bigger one than the external threat. While external attackers are always motivated by malicious intent, the employee population is far more mixed, and motivations are a grey area where the reasons behind breaches, whether through simple human error or deliberate actions, are harder to determine. This makes understanding, and mitigating, insider risk a far more problematic exercise.

 

Misdirected emails are also a big risk

At the same time, the latest Information Commissioner Office (ICO) report has just been published and the data confirms that misdirected email remains one of the UK’s most prominent causes of security incidents. This report further demonstrates the need for all organisations to control the dissemination of their classified data as it states that misdirected email is, alarmingly, a 44% bigger risk to organisations than phishing attacks.

This is yet another area where organisations must ensure their data protection policies are robust enough to not only protect themselves but also their employees from the seemingly simplest of mistakes. Again our research showed that increased remote working practices was a cause for concern, with 36% stating that they saw it as a cybersecurity threat with the potential to cause significant damage. Therefore, what remains paramount is that organisations provide their employees with the technology tools necessary to prevent the simple human errors that have the potential to result in data loss, and as a consequence, severe financial and reputational damage.

 

Understanding what protection your data requires

Clearly, it is crucial that financial services organisations shift the dial on insider risk and reduce breach frequency, because the penalties for failing to do so are becoming increasingly draconian, and the repercussions from customers much more severe. But put simply, before you can defend, you need to know what protection your data requires and you need to know what you’ve got, where it’s stored, why you have it and who has access to it. Once you’ve got to grips with that, you can identify what is of true value to the organisation – what’s business-critical and what’s sensitive – and then how best to treat it. In order to do that you need to think about what the impact would be if a piece of information was leaked or lost. If it was made public, would it harm the business, your customers, partners or suppliers? Would it put an individual’s security or privacy at risk? Would you lose advantage if a competitor got hold of it? Is it subject to any privacy or data laws, or regulatory compliance?

While this all sounds relatively straightforward, data visibility was another problematic area and subsequent threat emphasized in our research. Data visibility and knowing what data is where and who has access to it was highlighted as having the potential to cause the most damage by 14% of our survey respondents. Combine this with internal cybersecurity fatigue, which more than a quarter (28%) cited as potentially damaging, and you can start to appreciate the importance of providing tools and awareness training to help prevent those easily avoided mistakes from happening in the first place.

 

Employees need tools, training, education and the right culture

As I mentioned, it is a complex problem without a simple answer and this is where employee education is key.  Employees play a vital role in ensuring the organisation maintains a strong data privacy posture. For this to be effective, organisations need to ensure that they provide regular security awareness training to protect sensitive information. In terms of how they go about doing this, they must invest in user training and education programmes. Users are your most important security resource, so train them to be an asset rather than a liability. Users should be a critical part of an organisation’s security posture, not excluded due to the associated risks.

Likewise, the security culture of the firm must be inclusive towards employees, making sure they are continually trained so that their approach to security becomes part of their everyday working practice and security is embedded into all their actions and the ethos of the business.

 

How data classification can help

One way to do this is through the implementation of data classification tools, which not only help organisations to protect their data by putting the appropriate security labels on it, but also help educate users to understand how to treat different types of data with different levels of classification and sensitivity. Here at HelpSystems our data classification solution enables users to classify both their emails and documents according to their sensitivity, using both visual and metadata labels. Once labelled, data can be controlled to ensure that emails, documents and files are only sent to those you want to receive them, protecting your sensitive information from accidental loss.

It is technology like this that leaders within financial services organisations should have in place to protect their employees, prevent misdirected emails, the inadvertent sharing of documents and files and ensure that the organisation is complying with data protection legislation. Remote working is likely to remain, regardless of any future regional or national lockdowns, therefore, making sure that employees have the tools to prevent mistakes and the accidental sharing of data is going to be more important now than it has ever been. The place to start is making sure that any data is appropriately labelled, so that the employee knows how it should be handled.

 

Business

CREATING A PEOPLE-CENTRIC WORKPLACE CENTERED ON FLEXIBILITY, EXPERIENCE AND WELLBEING

By Anne Marie Ginn, Head of Video Collaboration, Logitech EMEA

 

The light is appearing at the end of the long, dark tunnel that has been 2020. With vaccination schemes now underway, we can (albeit cautiously) dare to dream of a general return to relative normality. Yet in the wake of the pandemic, neither our personal lives nor our work lives will ever be quite the same.

A wholesale change to working practices, and the nature of how and where we work, is set to be one of the big lasting legacies of 2020. Cal Henderson, co-founder of Slack, recently came forward to say he thinks that the age of the office is coming to an end. In a less extreme view, AWS’ CEO Andy Jassy predicts we’ll see the rise of ‘hot offices’, where employees will mostly work remotely, only coming into the office when they need to work on specific projects. And Microsoft founder Bill Gates predicts the age of business travel is over, with only 50% of business trips set to resume.

As the office evolves it’s clear employers will have to adapt their spaces in line with new, post-pandemic wellbeing and workplace trends, and create an office centred around “super experiences” that makes it a destination in itself.

So, in what ways will working practices change, and how do we see the physical workspace evolving?

 

Re-focussing on the employee

Ultimately, the pandemic has re-focussed the discussion on how employees can best work, and how teams are spending their time. It has also given employers the opportunity to ensure they’re in a better position to help people find a good work life balance.

Yet even after Coronavirus, it’s clear we won’t be working from home forever. The UK government says work from home orders may stay in place until April 2021 and with this in mind a flexible, and hybrid, way of working is set to stay. Employees feel that way too – a recent Simply Communicate survey found only 2% want to go back to the full week in the office.

With the digital tools available and the experience gained over the past 10 months, the idea of everyone being in the office everyday seems old fashioned and unnecessary. People don’t want to travel into an office to then just be sat at their desk for eight hours. What they want is to connect with colleagues, to learn, to be inspired and to share with others.

Whilst getting your head down to work is important, social time and collaboration is equally valued, and central to general wellbeing. For many employees, their work is central to their sense of self, their meaning and purpose, and after a long period of being at home alone, they’ll be yearning for those in-person, face-to-face experiences. This should be placed at the forefront of modern office culture and design.

 

An office designed for the people working in it

Offices will become destinations unto themselves – for collaboration, innovation and strengthening team relationships – and less about desk-based or task-based work. The space should also be vibrant and different.

These offices should offer a mixture of meeting rooms and open operational space, which will promote gathering for teamwork, collaboration and companywide networking events. At the same time, smaller collaborative working areas, enabled by video, will facilitate break away group work for those both physically present and working remotely. Banks of individual cubicles will disappear, and instead we’ll see occasional, dedicated concentration pods for when employees need to get their heads down between meetings. And how about relaxation pods should employees want a quick break and recharge?

Beyond work, offices also need to become social destinations in themselves. A recent JLL study found that nearly half of employees hope their office will prioritise social spaces, such as coffee areas, lounges or outdoor terraces and gardens. Common areas play a central role in nurturing informal work relationships, which improve development opportunities and help career outlook – especially crucial for people early in their work life. These spaces allow employees to maintain the inspiration, energy and social connection that comes with belonging to a physical team and environment – something which many found a real challenge to maintain virtually during the pandemic.

Flexible schedules and shared spaces will also lead to a “rightsizing” of office space, where organisations will rethink their real estate, in what will undoubtedly save costs. Some are even predicting that we’ll see the creation of an office ‘ecosystem’, which will comprise of employees working from offices, houses, and third places such as cafes, coworking spaces, and libraries.

 

Tech and video as the glue for hybrid working

While all of the above will support flexibility, functionality and employee wellbeing, for it to all work it needs high-end peripherals, such as Logitech’s MX Series of high-performance mice and keyboards, and collaboration software to pull it together. This tech needs to help us and not take us away from people, helping our collective mental health in environments that could be potentially isolating.

This human centred approach to work collaboration requires non-intrusive, seamless video conferencing and productivity tools. Through each space in the office, from large town hall style areas, through to smaller huddle rooms, personal workspaces and even satellite offices in the suburbs, these video solutions and smart productivity technologies can help to bring together a team as one.

Fortunately, there are a wide variety of high-quality video tools available that can fit the needs of the modern worker within each individual environment. From large 4K cameras with the ability to pan, tilt and zoom to focus on an individual speaking within a large room, to wide angled huddle room cameras for smaller groups, and webcams with integrated high-quality microphones and optics to make sure remote workers are seen and heard just as clearly as if they were physically in the office.

 

The hybrid opportunity

The hybrid office presents itself with an opportunity to make work better for employees, while creating a more committed and motivated workforce. There’s also potential to save money through reduced office related overheads.

Tied together by smart technologies such as video, this hybrid office has the potential to make employees happier, more motivated and equipped to do their best work. Video will pivot from being the technology we used to survive during the pandemic to the one we use to thrive.

 

Continue Reading

Business

NAVIGATING UNCERTAINTY WITH ACCURATE MACHINE LEARNING

Richard Harmon, Managing Director, Financial Services at Cloudera 

 

2020 will undoubtedly prove to be an unforgettable year. The pandemic has been unforgiving, plunging the UK into a recession, and many industries have faced closure and untold disruption. In the Financial Services sector in particular, 86% of profit warnings in the first seven months of 2020 cited Covid-19. But Covid-19 is not the only thing on the sector’s mind – another sizable challenge looms large on the horizon: Brexit. Individually both are highly disruptive events, together they create a double shock wave with a long tail of unknowns: how long the COVID-19 pandemic will last? What the fallout from Brexit will be? How resilient is the UK economy in the longer term? A key topic for discussion is therefore, how will we adapt to these seismic events and how can technology help?

 

Predicting the unpredictable

When it comes to planning, Machine Learning (ML) models have become an integral part of how most financial institutions operate, because of its ability to improve the financial performance for both businesses, and their consumers, through data. United Overseas Bank is a key example of a business that has used ML to make it’s customers’ banking experience simpler, safer and more reliable. Through analysing the thousands of files that are uploaded to the platform everyday, the ML models have a more comprehensive view of customer and transaction data to optimize their business processes, design distinctive customer experiences, and to improve detection of financial crimes.

However, in these circumstances of heightened uncertainty, the accuracy of ML models come into question. This is because the majority of ML models that are in use today have been built using large volumes and long histories of extremely granular data. With the world being as unpredictable as it is right now, it will take some time for ML models to catch up and adjust to this year’s events. The most recent example of such complications and abnormalities, at a global scale, was the impact on risk and forecasting models during the 2008 financial crisis. Re-adjusting these models is by no means a simple task and there are a number of questions to be taken into consideration when trying to navigate this uncertainty.

 

Adjusting to the ‘new normal’

The first step is to determine whether the disruption we are facing right now can be defined as a ‘Structural Change’ or a once in a blue moon ‘Tail Risk Event’. A structural change would represent a situation where the COVID-19 pandemic has had a seismic impact on how the world as a whole, and financial institutions in particular, operates. This would result in the world settling into a ‘new normal’, one that is fundamentally different from the pre-COVID-19 world. This shift would require institutions to develop entirely new ML models that rely on sufficient data to capture this new and evolving environment. On the other hand, if the COVID-19 pandemic is perceived to be a one-off ‘tail risk’ event, then as the world recovers and businesses, financial markets and the global economy return to some sort of normality, they should operate in a similar way to the pre-COVID-19 days. The challenge for ML models in this situation is to avoid becoming influenced and biased by a rare, and hopefully, once-in-a-lifetime event.

 

Readjust and reinvest

There’s no one size fits all solution for businesses, however there are some key steps financial institutions can take to them navigate today’s current climate:

  • Modify existing models: This is where all data science teams should start. Modifying models can range from using the latest data elements while creating scenario-based projections adjusted for various levels of model bias. There are a range of alternative ML-based approaches that can be used to revamp existing models.  One of the more innovative approaches to the lack of rich relevant data is a meta-learning approach. From a deep learning perspective, meta-learning is particularly exciting and adoptable for three reasons: the ability to learn from a handful of examples, learning or adapting to novel tasks quickly, and the capability to build more generalizable systems. These are also some of the reasons why meta-learning is successful in applications that require data-efficient approaches; for example, robots are tasked with learning new skills in the real world, and are often faced with new environments.
  • Stress testing: This is a fundamental step as it helps businesses gain a clearer understanding of their vulnerabilities before it’s too late. This isn’t just the job for one team, cross collaboration from finance leaders to Chief Risk Officers is required to set up multiple, dynamic stress testing scenarios. The learnings from these tests should then be implemented and then retested, to ensure businesses are in the best position possible.
  • Industrialisation of ML: If businesses haven’t already done so, now is the perfect time to invest in a platform that supports the entire ML lifecycle, from building and validating processes, to managing and monitoring all of their models across the entire enterprise. Nowadays, enterprises are faced with increasing amounts of data on their customers, entering the organisation from a range of different sources, from the customer service team to social media platforms. For ML models to work at their best, they need to take every stream of data into account, while being able to understand what the different data is saying, and quickly. This can only be achieved with a unified enterprise data cloud platform.
  • Prescriptive Analytics: This approach is complementary to ML and uses simulations for more accurate decision-making for different scenarios, brought on by shocks or market changes. One common approach is Agent-Based Modeling (ABM), a bottom-up simulation for modelling of complex and adaptive systems. ABMs help businesses project thousands of future scenarios without having to depend upon the limitations of historical data.

 

Businesses have had to cope with a lot this year and those that have survived have faced a steep learning curve. When faced with such a crisis, they need to look inwards, towards the technology they have invested in, review whether it’s working in the new circumstances, and whether crucial tools such as ML models are being deployed in the best way possible. Financial institutions shouldn’t look at the issue as a one-off, but instead as a chance to implement longer-term strategies that enable them to prepare and tackle the next crisis head on. Businesses that invest the time now to re-evaluate their ML models are the ones that will set themselves up for success, now and into the future.

Continue Reading

Magazine

Trending

Finance3 hours ago

HOW COVID-19 HAS RESHAPED THE PAYMENTS LANDSCAPE

By Mohamed Chaudry, Group Chief Financial Officer of FoodHub   The year 2020 may well have sounded the death knell...

Business3 hours ago

CREATING A PEOPLE-CENTRIC WORKPLACE CENTERED ON FLEXIBILITY, EXPERIENCE AND WELLBEING

By Anne Marie Ginn, Head of Video Collaboration, Logitech EMEA   The light is appearing at the end of the...

News3 hours ago

UK OPEN BANKING FINTECH YAPILY ANNOUNCES EXPANSION IN VILNIUS

Yapily, a London-based fintech startup, has announced plans to set up in Vilnius, the company’s third European office. Yapily joins...

News3 hours ago

FINTECH EEDENBULL SECURES PAYMENT TECHNOLOGY DEAL WITH NATIONAL AUSTRALIA BANK

EedenBull has announced a five year agreement with National Australia Bank (NAB), which allows the bank to deploy EedenBull’s innovative...

Finance3 hours ago

2021 FINTECH PREDICTIONS

2020 has been a year like no other. The way we live, work, socialise and more has completely changed as...

News3 hours ago

MARQETA ANNOUNCES PARTNERSHIP WITH GOLDMAN SACHS ON MARCUS CHECKING OFFERING

Marqeta’s modern card issuing platform will be leveraged by Marcus by Goldman Sachs to build new digital banking offerings.    Marqeta,...

Finance2 days ago

MAKE 2021 THE YEAR YOU DRAW UP A PERSONAL BUDGET

By Neli Mbara, Certified Financial Planner at Alexander Forbes   Budgeting is the most important thing you can do to manage...

News2 days ago

FINTECH EEDENBULL SECURES PAYMENT TECHNOLOGY DEAL WITH NATIONAL AUSTRALIA BANK

EedenBull has announced a five year agreement with National Australia Bank (NAB), which allows the bank to deploy EedenBull’s innovative payment...

Finance2 days ago

GEOSPATIAL DATA VISUALISATION MAKES SENSE OF MASS OF COMMERCIAL PROPERTY INSURANCE DATA

Heikki Vesanto, Manager GIS Data Science, LexisNexis Risk Solutions UK & I   Like most areas of the general insurance...

Top 102 days ago

A GUIDE TO HMO PROPERTY INVESTMENT

Many experienced property investors are turning their attention to HMOs and achieving much higher rental yields as a result. Find...

Finance2 days ago

PROTECTING THE DIGITALLY-EXCLUDED: BIOMETRIC IDENTIFICATION ENSURES ACCESS TO PAYMENTS IN A CASHLESS WORLD

By Vince Graziani, CEO, IDEX Biometrics ASA   The events of this year have exacerbated a number of challenges for...

Interviews2 days ago

‘GLOBAL TRADE IN 2008 VS 2021: GLOBAL IMPACT, DIFFERENT CHALLENGES’

A Q&A with Nawaz Ali Head of Insights at Western Union Business Solutions who draws comparisons between the financial crisis...

Finance2 days ago

FOUR WAYS OF FINDING THE SUPPORT AND RESISTANCE LEVELS

Support and resistance levels are mainly conventional values where a large number of orders assemble to stop a prevailing trend...

Finance3 days ago

TAX-FREE SAVINGS ACCOUNTS OR RETIREMENT ANNUITIES: KNOW THE SAVINGS PRODUCTS AVAILABLE TO YOU

By Michael Kirkpatrick, head of individual consulting best practice, Alexander Forbes   The start of a year is a great time...

News3 days ago

FROM PLASTIC WASTE TO PAYMENT CARD

Giesecke+Devrient invites to join the cause of saving the oceans.   Giesecke+Devrient (G+D) and the environmental organization Parley for the...

Top 104 days ago

AML SYSTEMS FOR THE CRYPTO MARKET – HERE’S WHAT YOU MUST KNOW

In the modern world, criminal activities have taken the virtual road and fraudsters have developed highly sophisticated ways of executing...

Finance1 week ago

DISRUPTING DATA ASSUMPTIONS: WHAT FINANCE MARKETERS NEED TO CONSIDER IN 2021

Carolyn Corda, CMO at ADARA   Data-fuelled marketing has been a go-to in finance for years before it was accepted...

Business1 week ago

NAVIGATING UNCERTAINTY WITH ACCURATE MACHINE LEARNING

Richard Harmon, Managing Director, Financial Services at Cloudera    2020 will undoubtedly prove to be an unforgettable year. The pandemic...

Finance2 weeks ago

TOP TIPS ON HOW TO SECURE A BUSINESS INTERRUPTION LOAN (CBILS)

Effective cashflow management is crucial if your business finds itself in a financial crisis. But what do you do if...

News2 weeks ago

FAST GROWTH REGTECH COMPANY NAPIER CAPTURES TWO INDUSTRY HEAVYWEIGHTS TO STRENGTHEN LEADERSHIP TEAM

Greg Watson and Mariola Marzouk join as Chief Operating Officer and Head of Product   Napier, providers of next-generation anti-money...

Trending