Connect with us


Dissecting UK cybersecurity: The categories you need to know

By Richard Yew, Senior Director, Product Management – Security at Edgio

Cybersecurity has diversified with businesses constantly trying to counter the ever-increasing number of new threats. Budgets often do not increase at the same pace and the industry remains plagued by a shortage in personnel resources.

Today, 40% of Brits working from home and shopping is more popular in the UK than in any other country. The cybersecurity risks associated has left businesses with a sprawling landscape to keep secure.

Understanding the cybersecurity solutions to choose in such a diverse market can be incredibly challenging. Areas that are non-negotiable in this post-pandemic landscape are Endpoint Security, Managed detection and response (MDR) and holistic Web Application and API Protection (WAAP).

These areas are foundational to any cybersecurity programme, and each has a role to play in keeping organisations protected.

Endpoint security

Endpoint solutions focus on defending endpoints including mobile devices, laptops, Internet of Things (IoT) devices, point-of-sale (POS) systems, or simply any device that connects to a network. Any endpoint can be an attack entry point, and with over 29 billion IoT devices forecasted to be in operation by 2030 the scope for risk will double. This means that businesses of any size can find themselves vulnerable to a cyberattack.

It can be challenging to deploy endpoint protection effectively with a diverse mix of device types, operating systems, with many companies having the additional burden of supporting bring your own device (BYOD) policies. Nevertheless, endpoint protection platforms are always evolving to detect malicious activity and prevent file-based malware attacks, while allowing security engineers to investigate and respond to incidents, wherever necessary. As endpoints are a wide entry point into an organisation from which attackers often aim to move laterally, effective endpoint protection is essential for organisations of any size.

Management detection and response (MDR)

An element of cybersecurity that combines human and technological expertise, management detection and response (MDR) is a service that typically covers monitoring, response, and cyber threat hunting. MDR reduces the strain on internal staff and the alert fatigue they often face, instead allowing experts to monitor devices, applications and networks remotely to keep these systems secure, and respond quickly when under attack.

This combination of technology and services works in tandem with in-house IT and DevSecOps teams, providing mature capabilities in observation, detection, and response, ultimately lowering risk and allowing companies to focus more on their core business. Given a global shortage of around 3.4 million cybersecurity professionals, MDR is a great way for organisations to gain round-the-clock cybersecurity support they need, without the high CapEx for new staff (which are very hard to hire and retain).

Managed Security

Much like MDR, security as a service (SECaaS) outsources cybersecurity to remote experts. However, this solution is a cloud-delivered model at its core and is hosted by cloud providers. Thanks to this, SECaaS has soared in popularity, offering lower costs than in-house investments and scaling to handle any cybersecurity demands.

As SECaaS works on a subscription basis, businesses only need to pay for the services they need, when they need them. Outsourcing security frees up resources and gives internal IT teams the time and confidence to work on other projects. Hosted in the cloud, SECaaS also allows organisations to access the latest security tools, patches, and updates immediately, with no need for onsite deployment and extended downtime. SECaaS is a great option for organisations that want to completely outsource their cybersecurity and move to the cloud.

Web Application and API Protection (WAAP)

Web applications provide critical services and experience for customers and employees alike. Besides endpoint devices mentioned earlier, they also represent an expanded threat vector for attackers to exploit.  In fact, for several years running, web applications have been the top vector across all data breaches according to Verizon’s Data Breach and Investigations (DBIR) report. For this reason, having a holistic web application and API protection (WAAP) solution with multiple layers of protection for an organisation’s networks and web infrastructure becomes critical.

WAAPs provide protection against a wide range of critical threats targeting high value websites and applications, including injection and remote code execution (RCE) attacks, malicious bots attempting account takeover (ATO), or ransomware DDoS attacks, just to name a few. An effective WAAP protects against these types of evolving threats and many more. 

There are some critical elements to a WAAP offering. First, find integrated solutions that can be managed from a single pane of glass. A configuration information, as well as analytics, all in one console reduces complexity that can lead to misconfigurations, while also making it easier for security teams investigating incidents.

Parsing logs from separate solutions and consoles is difficult. A Gartner survey conducted in 2022 found that 75% of organisations plan to consolidate security tools, with most respondents agreeing, less complexity leads to a stronger security posture.

Second, make sure to consider WAAP solutions that scale with your business, and with attacks. It’s important to consider that point solutions, while often providing innovative best-of-breed features, generally run on smaller, more centralised networks. API integration makes these tools easy enough to set up, but they add latency – detection requires an additional hop to a cloud decision engine.

Furthermore, the networks they run on are relatively small compared with edge/CDN-integrated security. This becomes important if you are targeted by a large-scale automated attack, such as DDoS. Lastly, it’s important to choose a WAAP solution with simple, predictable pricing. You never know when an attack will happen- you just know it will. Look for vendors that don’t charge you extra when you’re under attack. Reputable vendors take their customers’ security very seriously, but it feels pretty bad to get hit with an unexpected, large bill even after effectively mitigating a major attack. But there are options out there now, should you wish to lock in predictable pricing, aligned to your best interests.

Cybersecurity from the start

It cannot be ignored by any business. It can be daunting, but understanding the difference in solutions is critical for businesses.

From endpoint security and MDR to WAAP, each service provides an important set of security reassurances. Work with a reputable, trusted partner that can put your mind at ease – no matter the solutions you choose to implement.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Enhancing sustainable commitments in retail banking

Source: Finance Derivative

Mikko Kähkönen, Head of Payment Cards Portfolio at Giesecke+Devrient

Today, more consumers are keeping environmental pledges from banks at the forefront of their financial decisions, and those banks that fall behind their competitors on sustainable action are risking the loss of customers, particularly among the younger generation. This shift highlights a growing expectation from consumers for their banks to make and uphold sustainable commitments, signalling a change in consumer priorities where environmental responsibility is increasingly seen as essential, not just an optional extra. Giesecke+Devrient research shows that as many as 64% of Gen Z consumers would be happy to switch banks if their current provider didn’t meet their expectations.

However, sustainable commitments must be authentic to avoid any accusations of greenwashing. Unfortunately for the banking sector, consumer trust is being strained as greenwashing incidents have risen by 70% around the world. Banks can’t simply make claims that can’t be backed up; pledges must be supported by evidence. There’s a number of practical steps they can take to prove their credentials.

Banking on the evolution of cards

The bank card has increasingly become a physical symbol of the relationship between consumer and bank. As such, banks have taken steps to ensure that it is designed with sustainability in mind. Many are now created with recycled PVC material, commonly up to 100%, with a lower carbon footprint.

Some banks are elevating their sustainable credentials by utilising cards that are made from plastic collected in oceans and coastal regions, helping to clear up the world’s beaches. Alongside this, others are issuing cards made of polylactic acid sourced from (inedible) corn starch. This is a fully renewable biomass that could be industrially composted.

Sustainable cards can then encourage further sustainable initiatives. We’re more often seeing issuers now actively taking part in local conservation, community development and educational projects around the world to help benefit the planet. Communicating these efforts to customers can help reinforce sustainable credentials and leave tangible evidence that proactive action is taking place.

Contributing to the circular economy

Powering the sustainable credentials of issued cards is one aspect, but it’s also vital that banks encourage their customers to do the right thing with them once they expire and they need to be discarded of. We’re already seeing prominent banks making progress in this area. UK retail bank, Santander, has launched a pilot scheme in branches and ATMs that encourages customers to return their outdated credit and debit cards for recycling, for example.

The collected cards are then turned into plastic pellets to be used elsewhere, for instance to make outdoor furniture, sponsored by Santander, for local communities. As more banks opt for card recycling, consumers will be empowered to dispose of their old or expired cards in a green way and help to reduce ecological footprint.

Into the digital world

Outside of card innovations, retail banks can add to their credible green claims with digital solutions. As an example, the card issuance process has typically involved paper letters, with additional PIN letter, that are posted out to customers to activate their payment cards. Instead, an ePIN service can enable customers to instantly access their PIN via their choice of a mobile app or SMS message, reducing paper waste and waiting times.

There are also innovations taking place in terms of QR codes and augmented reality (AR) solutions to enable digital marketing offerings. This means that printed collateral doesn’t need to physically sent out in the post. The more that these types of communications are sent out digitally, the more that consumers see a tangible commitment to sustainable practices.

Banks can even take an additional step by deploying third-party partners to track the CO2 footprint involved with every purchase or payment. By opting for organisations that have a solid track record in green practices, such as supporting product certifications and information on eco-products and their claims, they can make steps to compensate for each transaction carbon footprint.

Contributing to the green story

To ensure they don’t come under any criticism regarding their environmental claims, banks and financial institutions have the opportunity to adopt sustainable practices that align with their customers’ expectations for eco-friendly commitments in both their physical and digital services. They can introduce banking cards made from recycled or entirely compostable materials, eliminating plastic waste.

Digitally, banks can minimise unnecessary paper use by employing online applications to simplify the process of delivering PINs. By innovating in these domains, they can fulfil their environmental responsibilities and establish that essential trust with consumers, contributing positively to the planet’s wellbeing.

Continue Reading


Successfully dealing with the unintended consequences of change

by Daniel Norman, Change Management Consultant at Symatrix

Most people dislike change. We are drawn to stability and established routines and feel unsettled when anything happens to disrupt the ‘status quo’. It’s bad enough when the local supermarket moves the bread section – but when the company we work for introduces a new digital system that completely changes how we work, it feels like ‘the sky is falling in’.

When change happens within businesses, there may initially be some resistance from employees: whether it be in the form of avoiding new systems, skipping training, clinging to old methods, or even quitting altogether. Change in business is a constant, however, and it is usually driven by a desire for improvement, and typically over time, becomes the new normal.

Good change management is all about smoothing this process of transition and that means engaging with people and helping them to seamlessly switch to a new model or ways of working.  Change management is not just concerned with implementing new systems or processes; it is just as much about listening intently to colleagues, customers, and stakeholders.

It’s working with people to get things right, building a deep understanding of the challenges we and our colleagues face, and shaping the vision for a future that resonates with people. Change is most successful when everyone feels they have a part to play in moving things forward. And that’s true of all change initiatives, large and small.

Finding a way forward

When it comes to managing change, it’s important to recognise that everyone will have their own journey; they’ll work through things at their own pace, and that’s more sustainable than pretending we’ll all arrive at the same point at the same time.

 It’s also important to focus on creating a supportive environment, or the right conditions for people to adapt, with as little friction as possible. The goal is to establish conditions that minimise friction and foster a collective sense of purpose. This philosophy is crucial in creating a environment conducive to individual and organisational growth.

Getting the planning process right

When planning for change, it’s essential to consider both the intended and unintended consequences. Just as technological advancements like social media have transformed communication but also introduced challenges such as misinformation and mental health concerns, organisational changes can have extensive, unforeseen impacts. A thorough exploration of current operational practices, beyond process maps or managerial assertions, is therefore, always a vital feature of any effective change management approach.

For that reason, it can often be a mistake to pull out those process maps the team updated 12 months ago or rely on the word of line managers that will tell you ‘this is how we operate’ without taking into consideration the work-arounds or simplifications that employees have developed over time.

Teams will naturally evolve, and patterns of work; ways of doing things that aren’t written down, will always be there. A good change manager must always be cognisant of that. Even small changes, like when a key person in the team changes roles, can have a big impact.

To manage change well, it’s important to talk to the people who will be most affected by it. This helps change managers to plan and effectively execute the change journey. By ignoring these key considerations, organisations risk their change strategy stalling from the outset and the opportunity for operational efficiencies may therefore never be fully realised.

Throughout the process, it is crucial to continuously monitor and measure the impact of change on all key stakeholders. One effective way of doing that is by embracing the principle of change curves: a popular model organisations can use to understand the different stages people and the organisation go through when a change occurs.

An effective strategy involves mapping stakeholders against this curve, whether as individuals or groups, during project check-ins. This approach can help project leaders gauge the current position of every team member on the curve, the impact of the project’s upcoming phase on them, or their colleagues, and additional support measures that could be implemented. Such an assessment facilitates a more tailored and effective change management strategy, ensuring stakeholders are adequately supported throughout the transition.

Not everything will run like clockwork, of course, no matter the change management approach that is put in place. Challenges, setbacks, and opportunities for improvement are inherent to any process, but proactive anticipation and planning for potential worst-case scenarios and unintended consequences significantly enhance our ability to support our colleagues and teams effectively. This strategic foresight is crucial in managing transitions smoothly and realising the intended benefits of initiatives.

A positive route ahead

Change, especially in business, are inevitable and often aimed at fostering improvement and growth. However, the journey through change is deeply personal and varies from one individual to another. By acknowledging this, creating a supportive environment, and engaging with all stakeholders, organisations can navigate the complexities of change with minimal resistance and maximum efficiency.

Effective change management, therefore, is not just about the technical implementation of new systems but about genuinely listening to and working with people to adapt and thrive in new circumstances. It’s about understanding the nuanced ways teams operate, the unofficial shortcuts and workarounds they’ve developed, and considering the broader implications of change beyond immediate operational efficiencies. Through a thoughtful approach that anticipates challenges and values stakeholder input, organisations can not only manage change but turn it into a catalyst for positive transformation and growth.

It is clear then that while people may inherently dislike change, with the right conditions, support, and leadership, the transition can become a journey of collective progress and innovation. Change, managed well, can transform the initial discomfort into an opportunity for development, making the once feared ‘sky falling in’ scenario a launchpad for reaching new heights.

Continue Reading


Embedded finance: What consulting firms need to know

By Michael Pierce, VP of Sales at Toqio

Consulting firms are the architects of change in the business world, offering insights and solutions that guide companies toward growth and success. They navigate the intricate landscape of markets and industries, providing invaluable advice to their clients. In this evolving milieu, an opportunity is arising as embedded finance enters the scene, creating a unique and prospectively vital synergy between consultants and platform providers.

Embedded finance, especially within the scope of B2B enterprises, is a hot topic right now among consultancies and the outlook seems to be quite positive.

To date, much of the initial traction in embedded finance has been in the consumer sector, with products such as no- or low-interest financing, buy-now-pay-later (BNP), and others. On the B2B side, there is an increasing amount of mobilization. In recent months we’ve seen incumbent banks either entering the banking-as-a-service (BaaS) market or enabling their services through open banking partnerships, while strategy firms are busy advising corporate entities on the potential routes they can take. Early adopters have already made embedded finance a cornerstone of their digital or financial transformation programs: MVPs and proofs of concept have been on the rise.

As we all peer forward, the market is starting to look for scalable use cases to take advantage of these massive, predicted opportunities. Companies are searching for solutions that go beyond the hype.

For consulting firms, the messaging remains positive. The fundamentals of embedded finance drive strong service revenue. Even more importantly, the business cases for their clients stack up as well. Numerous opportunities are on the table when consultants incorporate embedded finance platforms into their projects, including increased revenue, improved retention rates, access to a wider range of data for better decision-making, and many more.

Adaptability delivers excellent results

Embedded finance helps to break down barriers faced by many companies when trying to access affordable financial services. By integrating financial services directly into the supply chain, companies can enjoy many benefits, such as liquidity management, credit accessibility, risk mitigation, and many others. That’s one of the reasons why embedded finance platforms are proving to be the latest addition to the consultant’s toolkit. They offer a wide array of solutions that enable businesses to integrate financial services into their products and services. What makes embedded finance platforms especially appealing to consultants is their adaptability and scalability.

Consulting firms understand the need for versatile solutions capable of addressing various business requirements. Versatility and adaptability are key, giving consultants the flexible tools they need to deliver on time and within budget.

Embedded finance platforms are a natural extension of consulting firms’ capabilities as they offer a comprehensive range of financial solutions that integrate perfectly into existing business processes. This alignment provides consulting firms with several advantages, such as  enhanced client services, data-driven insights, streamlined processes, scalability, and versatility.

A match made in finance

The compatibility between consulting firms and embedded finance platforms is readily apparent. Consultants excel at diagnosing business issues and embedded finance platforms provide a precise prescription for financial enhancements.

There is an extensive list of benefits that consulting firms can get from platforms like this. Diversifying their business is just one of them as embedded finance platforms augment the services that consultants offer. They allow consultants to present clients with solutions for intricate business ecosystem operations, such as payment processing, receivables management, and liquidity optimization.

Partnering with an embedded finance platform can also open up new revenue streams as well as being able to scale the solutions built with more agility. Consultants can use them to address the unique needs of projects of any size, whether working with an SME or a multinational enterprise.

The relationship between consulting firms and embedded finance platforms isn’t just about expanding services, it’s about offering integrated financial solutions that improve efficiency, profitability, and competitiveness. This partnership drives results. In a world where businesses seek comprehensive solutions, embedded finance platforms empower consulting firms to address complex financial challenges effectively.

Continue Reading

Copyright © 2021 Futures Parity.