Connect with us

Interviews

Why is your financial response plan static against dynamic risk?

Published

on

By Kev Breen, Director of Cyber Threat Research, Immersive Labs

 

When it comes to cyber security, there is a grave misconception that financial services are the most secure industry. This perception comes from the massive security budgets that financial organisations tend to have. In fact, the combined BFSI industry leads the line in cybersecurity spending, holding 18.7% of the global security market share.

However, larger budgets don’t always mean better security. This is evident from the number of losses financial organisations suffer each year from successful attacks. In the banking sector alone, the annual cost of cyber-attacks reached $18.3 million per company last year.

Effective security often boils down to strategic elements such as how well organisations are managing risks, what response plans are in place, and how well the workforce is capable of tackling dynamic threats.

We talk to Kev Breen, Director of Cyber Threat Research from Immersive Labs in order to understand the critical issues of human cyber capabilities and threat response plans in today’s financial services industry.

 

Why does the financial sector continue to be a frequent target of cyber-attacks?

The critical and sensitive nature of this industry makes financial organisations a more lucrative target for threat actors. Ultimately, it’s where the money is. Organisations like commercial banks, investment firms, accounting firms, insurance companies, and brokerage firms hold a lot of sensitive data – not just from individual users, but also from businesses and governments. These companies are a gold mine for attackers, in terms of data.

Also, targeting financial organisations allows threat actors to cause mass-scale disruption. For example, if a banking system is hit by a ransomware or Distributed Denial of Service (DdoS) attack, it will hinder its ability to effectively serve the customers until services are restored – leading to significant financial disruption. These are the key reasons why financial organisations continue to be frequently targeted despite investing heavily in cyber security.

 

What are the shortcomings of current financial response plans that are leading to this influx of successful attacks?

An effective threat response plan is critical for any organisation. When faced with sophisticated attacks like ransomware, your response plan determines how efficiently the workforce manages the security incident. However, the issue is that most financial response plans are static. They look good on paper but have little effect when the situation comes to be.

Also, organisations often don’t test these plans against real-world scenarios. They are established like a theoretical strategy, without any practical assessment or evidence to support its effectiveness in the face of a real security incident.

For example, in a traditional response plan, potential risks are identified, proposed response plans are outlined and then filed away for use when the incident occurs. However, sophisticated risks like ransomware are dynamic. They don’t always follow the same pattern or same variables. Also, they don’t always target the same files. So, if the response plan is not tried and tested against different scenarios, you can’t ensure that it will hold up when threats break.

Moreover, ransomware attackers are now applying a double extortion method. They don’t just encrypt and lock away your sensitive data but also exfiltrate it – threatening companies to pay up immediately or see it get leaked on public domains.

Another critical issue is that most companies develop their threat response plan with only the IT and security teams in mind. However, threat actors can target any department across your workforce, whether it’s the sales team, marketing team, or general admins. Threats like ransomware need a collective response. Every employee has a role to play.

If the response plan or training programs are just catering to the security teams, other employees won’t have the required knowledge or information to fulfil their responsibilities during an incident.

Therefore, in such an unpredictable threat landscape, businesses can’t rely on a static response plan. Chances are that their pre-determined plans won’t fit the variables of the attack or demand during the crisis. These implications were also evident in our latest research findings.

We found that financial organisations performed second worst in crisis simulation exercises out of 10 industries. In fact, out of the top ten worst decisions during a crisis, five came from financial services organisations. So, it’s safe to assume that most financial organisations lack the human-cyber capabilities to make adaptive and agile decisions when faced with dynamic threats like ransomware.

 

Why does it take so long for financial organisations to develop the necessary skill to defend against cyber-attacks?

Our research found that financial services organisations need an average of 97 days to develop the skills necessary to defend against critical cyber risks. National cyber security bodies recommend that businesses should not take more than 48 hours in patching vulnerabilities and implementing their response plan after the initial detection. Clearly, there is a major gap in human cyber capabilities for such organisations.

The reason for this gap comes down to the lack of cognitive agility among the workforce. Cognitive agility is the ability to adapt and shift our thought processes when faced with critical scenarios. Organisations need a workforce that can make agile and conscious decisions quickly when faced with diverse threat scenarios.

Cognitive agility inevitably increases the human-cyber capabilities of the entire workforce. Employees can consider the different aspects of an attack and make better decisions, instead of following a scripted response plan that wasn’t developed with a consideration of dynamic risks.

 

What are the proactive steps financial services organisations can take to develop cognitive agility amongst their workforce?

To build cognitive agility among the workforce, financial organisations need to prioritise a cadence of exercising. Simply launching training programs isn’t enough, they need to focus on scenario-driven simulations and test exercises. The aim is to build an entire workforce that can function as adaptable incident responders, who can think on their feet, and effectively react to the situation in from of them.

That’s why scenario-driven exercises are critical. You’re not teaching people to respond to a specific crisis, but rather helping them develop critical thinking and decision-making skills.

It’s also important to consider how you are distributing such exercises across the entire organisation. Financial companies tend to have a very diverse workforce, with multiple different departments and multiple roles. Employees of each department have different skills and knowledge levels. Some might already have a great knowledge of the security domain, while some might be very new. So, making everyone go through the same level of exercises won’t get you the desired benefits.

This is where Cyber Workforce Resilience becomes significantly useful. It’s a robust model that allows companies to benchmark their current human-cyber capabilities, measure the knowledge, skills, and judgement of the current workforce, and prioritise exercises where they’re needed. Cyber Workforce Resilience helps to map human capability within the workforce and generate data/insights to produce a real-time picture of the organisation’s cyber resilience.

Benchmarking current knowledge, mapping out human abilities, and regularly exercising capabilities based on different scenarios will help build a resilient and agile crisis response team, who are always ready to take effective decisions – regardless of how dynamic the risks are.

Interviews

Finance Derivative Talks to Tianjin Port Development Holdings Limited

Published

on

By

1. How do you look back on 2022, being one of the 10 best largest container ports in the world?
In 2021, the container throughput of Tianjin Port exceeded 20 million twenty-foot equivalent units (TEUs) and ranked eighth on the list of world largest ports in terms of total container handling capacity, and growing the fastest among the world’s top 10 ports. Tianjin Port will strive to achieve 25 million TEUs by 2025 and continue to open a new chapter in the story of prosperity of Tianjin Port’s world-class port.
The market environment in 2022 was more difficult than that in 2021. Other than the conflict between Russia and Ukraine, and financial policies tightening in Europe and the United States, China’s economic growth was slower-than-expected due to the resurgence of the COVID 19 pandemic and related strict control measures. In this challenging market environment as at Q3 2022, Tianjin Port as a whole handled accumulatively cargo throughput of 363 million tonnes, 3.3% more year-on-year, and container throughput of 16.54 million TEUs, 4.7% more year-on-year, via enhancing efficiency and various flexible measures. Tianjin Port Co., Ltd., the major controlling subsidiary of Tianjin Port Development Holdings Limited (“Tianjin Port Development” or the “Company”) still managed to achieve profit growth of 11.9% in the first three quarters of 2022.
In mid-October 2021, Tianjin Port Group (the controlling shareholder of Tianjin Port Development, which holds 53.5% stake in the company) unveiled what it says is the world’s first zero carbon emissions smart terminal in Beigang area of Tianjin Port. This smart and ‘zero-carbon’ smart terminal can serve as an example of intelligent upgrading and low-carbon development of ports all over the world. As at Oct 13 2022, this zero-carbon smart terminal in Beijiang port area had handled 1 million TEUs since it started operation in October last year.

2. How are you able to manage and improve the sustainability strategies with the stakeholders? Tell us about your visions and key factors to success.
Tianjin Port Development has been investing resources in promoting its sustainable development and its sustainability strategies emphasize five principles, namely “Environmental Commitment”, “People Focus”, “Quality First”, “Customer Oriented” and “Community Care”, which are incorporated into its daily management and operations. The Company has kept strengthening communication and cooperation with various stakeholders so as to continuously improve sustainability management.
Building a smart port is a major undertaking of the Company. We aim high and strive to build a world-class smart port and a green port, to better serve the coordinated development of the Beijing-Tianjin-Hebei region and construct the “Belt and Road” initiative.
We continue to propel port automation with advanced smart, automatic and communication technologies, aiming to improve service efficiency while reducing service costs and offering customers with better experience. The Company continues to make use of artificial intelligence algorithms and big data to develop new smart projects, implement innovative business operation and analytics systems to enhance operating intelligence and customer service efficiency. In addition, we keep hastening automatic transformation of traditional terminals, and designing our own fully-automated facilities and equipment.
The Company has dedicated much effort to implementing sustainable development concepts and paying more attention to topics such as green development, smart and safe production. All these efforts have laid a solid foundation for the Company’s success.

3. How did the market change post covid-19 and where do you see it going?
Since the outbreak of COVID-19 pandemic in 2020, ports around the world, those in overseas countries in particular, have seen containers stacked up and even halt service. The pandemic has brought to the foreground the need to develop smart ports. In recent years, Tianjin Port Development has actively used innovative technologies to build smart ports. It currently owns more than a dozen world-first technologies that have helped it improve operational efficiency. For example, a single driver can take remote control of six automated facilities simultaneously. In the future, Tianjin Port Development will continue to pursue automation and intelligent reforms plus upgrade its facilities.
Furthermore, during the pandemic, sea freight was adversely affected by land transportation restrictions in mainland China. In light of that, Tianjin Port Development enhanced the function of its feeder network and optimized the linkage between main services and feeder services within the port in Tianjin-Hebei area, built a collaborative operation platform for feeder services covering the Bohai Rim, and promoted vigorous development of “daily shift” services. An alliance was forged and the “Maritime Expressway – FAST” service brand was created, enabling coordination and link up of all processes, from delivery from factories, loading and unloading at the ports and piers, sea transportation and on-shore storage and logistics to receipt of goods by end customers, thus forming a “door-to-door” standardized transportation system. We have been able to make better use of our marine channel advantage to improve overall freight efficiency and bring more business opportunities to Tianjin Port Development. At the same time, Tianjin Port Development is also starting to actively take part in multi-operational partnership covering road, rail and sea transportation, which will become a new business model serving the “Belt and Road Market”.

4. Do you see your company expanding its offerings in future? FY2023
In the future, Tianjin Port Development will hasten transforming its transportation mode. For inbound operations, under the “Maritime Expressway Express—FAST” service brand, it will speed up expanding coverage of its ports and land logistics network in the Tianjin-Hebei region. And, for supporting outbound logistics, it will extend the sea-rail shipping channel. Moreover, it will continue to upgrade automation of its piers, so as to achieve complete digital transformation. Furthermore, it will press on with using green energy, step up “zero-carbon port” construction, implement its “dual-carbon” goals, and take to greater depth the work of building an international shipping hub in northern China.

Continue Reading

Interviews

Exclusive Interview With AsiaPay CEO -Joseph Chan

Published

on

By

  1. It’s a pleasure to have you. Tell me a bit about your journey and about heading AsiaPay.
  • As the founder and CEO of AsiaPay Group, Joseph started up the first high-quality third-party digital payment service and technology firm in 2000 in Hong Kong, spearheaded the company’s business strategies and product development together with his management team, and leads AsiaPay becoming one of the most successful world-class digital payment companies in Asia.
  • In regard to business growth and market recognition, Joseph presents his long-term vision which is to operate a successful and socially responsible company that continually provides individuals and corporate entities with the newest digital payment values, readily enhances one’s quality of life, and maximizes business opportunities, efficiency and productivity.

 

  1. On that note of innovation, what are your views, on things like blockchain, Artificial intelligence, and robotics?
  • AsiaPay works closely with our partners in the AI, metaverse, crypto, and NFT-related businesses. With the capabilities of the web3 payment, we aim to strengthen the sales scene, use virtual social space as attraction, product display, and sales as a reality, and enhance the interest and purchase intention of potential buyers, coupled with cryptocurrency-led payment.

Decentralizing blockchain can guarantee the fidelity and security of transactions and digital payments. While combining digital record authenticity in blockchain technologies and the automation of artificial intelligence can enhance data security to prevent fraud in the fintech and digital commerce industries.

Along digital transformation, there has been successful applications of robotics in F&B n hotel industries in Asia and more digital payment solution adoption follows to provide more seamless and valued payment experience to customers.

  • AsiaPay continues to work closely with partners and startups in these technology areas and also web3 area like metaverse, crypto to well capitalise on these technologies to provide more advanced payment solution to address coming business and market needs

 

  1. How do you manage the making in the area of diversity and inclusion in terms of gender and cultural background?

Joseph Chan

AsiaPay always aims to remain a balanced and fair working environment with diversity and inclusion over its 15 country operations in Asia. As we serve merchants covering wide range of industries and operating across borders with close interaction with our teams in Asia, we respect the unique background, needs, perspectives, and potential of all team members. We:

  1. Identify diversity and inclusion as key strategic priorities
  2. Recruit and hire openly across Asia
  3. Establish snd enforce cross-country mentorship
  4. Promote team work and foster relationship by overseas team training, yearly executive meeting…etc …
  5. Acknowledge holidays of all cultures and celebrate
  6. Be aware of any unconscious bias.
  7. Ensure benefits and programs are inclusive

And, we set up a variety of staff performance and long-service awards to appreciate our team member’s contributions regardless of their genders, races, religion, nationalities, and sexual orientations. Every team member is equally involved in and supported in all areas of the workplace.

Even under this highly competitive Fintech market, we have enjoyed relatively high retention over the years.

 

  1. AsiaPay continues its business expansion in Asia with 16 operation offices as of date. What are the strategies for the Indonesian market?

Indonesia is one of the key emerging markets in Asia, according to a YStats.com report points that Indonesia mostly used “online wallet” (69%) alternatively to traditional payments in 2020. “Online wallet” was commonly used as an alternative payment method after the onset of COVID-19;

BimoPay is a payment gateway platform service offered by AsiaPayto address the Indonesian digital payment needs, as Indonesia is one of the fastest-growing economies in the world. Our key strategies shall emcompass,

  • Sales strategies and programs targeting key merchant segments;
  • Bank and payment and channel partnership;
  • Digital marketing campaigns enhancing brand and service awareness;
  • Localised product and service innovation and development;

 

  1. Do you see AsiaPay expanding its offering in the future? How do you see 2023 coming?
  • With digitalization and technological innovations taking over the economic sector of the world, AsiaPay will continually bring advanced, secured, integrated, and cost-effective digital payment processing solutions and services to banks and eBusiness globally.
  • We will continually embrace change and innovate capitalizing on the technological trends and strength especially addressing the coming evolution of digital commerce, smart retail, web 3.0 payment, payment data analytics, crypto/CBDC and blockchain technologies.

Apart from our existing 16-country operations in Asia, we will continue to expand our footprint in the world to expand our payment solution and service coverage, and further sca

Continue Reading

Magazine

Trending

Business3 days ago

How FS organisations can utilise data to boost customer experience

Charles Southwood, Regional VP and GM – Northern Europe and Africa at Denodo We’ve all heard the age-old adage “the customer...

Business3 days ago

The Evolution of SoftPoS in 2023

By Brad Hyett, CEO of phos Contactless payments and digital wallets have surged in popularity in recent years. Part of...

Banking3 days ago

The Importance of Digital Trust in Banking and Finance

By Maeson Maherry, COO at Ascertia   With the rising adoption of eSignatures and the acceleration of digital transformation, trust...

Business4 days ago

Taking Financial Services to the Edge

Authored by Pascal Holt, Director of Marketing, Iceotope   Edge computing, cloud, and AI are changing the competitive landscape for...

Business4 days ago

Accounting Automation in the Future

Accounting automation is the process of streamlining repetitive tasks in financial processes. For example, some processes like invoicing are time-consuming...

Banking6 days ago

How banks can help customers during the cost of living crisis

 Lavanya Kaul Head of BFSI, UK & Ireland, LTI Mindtree   Surging energy and food prices are significantly driving up...

Finance6 days ago

Weathering the economic storm in 2023

Nikki Dawson, Head of EMEA Marketing at Highspot   New year, new business challenges. When it comes to creating and...

Business7 days ago

Three ways data can help financial organisations thrive in today’s economy

By Rinesh Patel, Global Head of Financial Services, Snowflake   Financial organisations are caught in the middle of an ever-evolving...

Finance1 week ago

What is the right strategy for the end of money?

By John Barber, VP & Head of Europe at Infosys Finacle More than five thousand years ago, humans replaced barter...

Business1 week ago

2023 – what will happen in the payment world?

Tommaso Jacopo Ulissi, Head of Group Strategy, Nexi Group 2022 was a year of transition for consumers, as BNPL (Buy...

Business1 week ago

2023 crypto trends that businesses need to know about

By Marcus de Maria, Founder and Chairman of Investment Mastery   As cryptocurrencies have started to enjoy wider global acceptance...

Business1 week ago

Defining Fraud in 2023

Scott Buchanan, Chief Marketing Officer at Forter Fraudsters are fluid — they constantly experiment with new tactics to find cracks in...

Business1 week ago

How accounting software may hold the key to keeping on top of credit control

By Paul Sparkes, Commercial Director of award-winning accounting software developer, iplicit.   One of the first rules everyone learns about...

Banking1 week ago

Coreless Banking: How banks can thrive in 2023

Hans Tesselaar, Executive Director of BIAN   In recent years, banks have faced immense disruption and struggled to transform with...

Technology1 week ago

Will cyberattacks be uninsurable in 2023? Three steps that financial organisations can follow now

By James Blake, Field CISO of EMEA, Cohesity   The growing number of cyber attacks and subsequent damage has led...

Business2 weeks ago

Why Financial Services Institutions must de-risk the customer journey in 2023

By Perry Gale, VP EMEA at Cyara   From rising interest rates, to the cost-of-living crisis and the ongoing recession,...

Business2 weeks ago

Why finance needs a technological leap in fraud prevention

Brett Beranek, VP & General Manager, Security and Biometrics at Nuance Communications   Banking fraud is always a punishing experience for...

Banking2 weeks ago

How Banks Should be Future-Proofing Themselves  

By John da Gama-Rose, Head of BFS, Global Growth Markets, Cognizant  Businesses across the world are facing a combination of...

Business2 weeks ago

The Promise of AI in Financial Services in 2023

By Kevin Levitt, Global Industry Business Development, Financial Services, NVIDIA   As we enter the new year, many are left...

Banking2 weeks ago

What to expect from banking and payments in 2023

Michael Mueller, CEO, Form3   The banking industry went through a number of significant challenges in 2022. The steep increase...

Trending