Connect with us

Business

Financial Sector Under Threat: How Leaders can Prepare for Advanced Cyber Threats in 2022

Source: Finance Derivative

Bernard Montel, EMEA Technical Director and Cybersecurity Strategist,Tenable   

Data is essential in today’s world. Because of this, businesses of all types and sizes are facing one of the most serious continuity and reputational threats of our time: cyberattacks. Cybercriminals capitalise on data, and the more private and/or personal, the more interest cyber criminals will show. This makes financial services a prime target for attackers given the type of information utilised. Cyberattacks go beyond data as, if the attack implicates the digital infrastructure the bank relies upon to function, it can cause system outages which has a direct impact to the entire economy.

According to research by Tenable at least 40,417,167,937 records were exposed worldwide in 2021, but that’s just an indication of the true number. According to the researchers, just 13% of breach disclosures analysed included information on the number of records exposed, meaning this figure will be significantly higher. As the world of work continues to transform, and hybrid working becomes crucial for business growth, leaders must begin to think seriously about security.

Bernard

The Threat of Ransomware

Ransomware has had a monumental impact on organisations in 2021, responsible for approximately 38% of all breaches analysed for the Threat Landscape Retrospective report, and up to 45% in EMEA. With the rise of ransomware globally, every organisation has been feeling the pressure; but only a few have felt the pain as much as financial institutions and financial service providers.

The most popular way attackers infect organisations is through spam and phishing emails. Others, however, may contain a link to a webpage controlled by the attackers. The goal is to get the target to open the attachment and trick the victim into enabling macros or clicking the link. This can deliver a malicious downloader, leading to the final payload, which is ransomware. Due to the nature of financial institutions as places where individuals and institutions place their money and trust, the severity and potential consequences of a successful ransomware attack can be widespread and long lasting.

Basic security principles can go a long way in blocking the attack path ransomware takes. In the majority of instances, it is a known vulnerability that allows the malware to infiltrate the infrastructure and encrypt systems. Another attack path is the exploitation of misconfigurations in Active Directory. Threat actors will use these to elevate privileges to dig deeper into the network.

The New Normal

During the pandemic, millions of financial services employees, from traders to bankers, transitioned to working remotely. A recent study conducted by Forrester revealed that 78 percent of businesses have reported that some of their staff are still working from home. Stepping into the New Year, businesses must be aware that the digitalisation of financial services and remote working are here to stay. In fact, financial institutions have the highest chance of maintaining remote and hybrid work models, since three-quarters of their employees’ time can be used productively out of the office.

In their shift to remote working, organisations have been migrating their operations to cloud, often without enough thought given to the security implications of this shift. As businesses continue to implement remote working policies, they are simultaneously adopting cloud infrastructure and bringing in more third-party service providers. Business leaders supporting a remote workforce must be conscious of how these changes influence their security posture.

Successfully Connecting Cybersecurity and Financial Institutions

The World Economic Forum’s Global Risk Report 2022 has ranked cybersecurity as the number one risk in Great Britain and Ireland, meaning cyber risk will remain dominant amongst the areas of emergent threats in the New Year.

Attacks in the financial services industry are not a new concept and, in recent years, banks and institutions have become much more sophisticated and regulated. However, it is essential to secure external vendors and potential points of weakness, particularly through implementing audited industry best practises.

Security teams need to adopt solutions that provide appropriate visibility, security and control across the cloud and converged infrastructure. Identify the critical systems organisations rely on to function, identify any vulnerabilities that affect these systems, then take steps to either patch or remediate the risk. Also address excessive permissions in Active Directory that allow attackers to elevate privileges to further infiltrate the infrastructure.

As businesses start to truly understand their expanded attack surface, ensuring that they hold the same level of control and governance over the cloud as they would do for on-premises security is essential. In the post-COVID world, which is increasingly interconnected and digitalised, failing to do the basics means the business is vulnerable and disruption imminent whoever is attacking.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Driving business success in today’s data-driven world through data governance

Source: Finance derivative

Andrew Abraham, Global Managing Director, Data Quality, Experian

It’s a well-known fact that we are living through a period of digital transformation, where new technology is revolutionising how we live, learn, and work. However, what this has also led to is a significant increase in data. This data holds immense value, yet many businesses across all sectors struggle to manage it effectively. They often face challenges such as fragmented data silos or lack the expertise and resources to leverage their datasets to the fullest.

As a result, data governance has become an essential topic for executives and industry leaders. In a data-driven world, its importance cannot be overstated. Combine that with governments and regulatory bodies rightly stepping up oversight of the digital world to protect citizens’ private and personal data. This has resulted in businesses also having to comply e with several statutes more accurately and frequently.

We recently conducted some research to gauge businesses’ attitudes toward data governance in today’s economy. The findings are not surprising: 83% of those surveyed acknowledged that data governance should no longer be an afterthought and could give them a strategic advantage. This is especially true for gaining a competitive edge, improving service delivery, and ensuring robust compliance and security measures.

However, the research also showed that businesses face inherent obstacles, including difficulties in integration and scalability and poor data quality, when it comes to managing data effectively and responsibly throughout its lifecycle.

So, what are the three fundamental steps to ensure effective data governance?

Regularly reviewing Data Governance approaches and policies

Understanding your whole data estate, having clarity about who owns the data, and implementing rules to govern its use means being able to assess whether you can operate efficiently and identify where to drive operational improvements. To do that effectively, you need the right data governance framework. Implementing a robust data governance framework will allow businesses to ensure their data is fit for purpose, improves accuracy, and mitigates the detrimental impact of data silos.

The research also found that data governance approaches are typically reviewed annually (46%), with another 47% reviewing it more frequently. Whilst the specific timeframe differs for each business, they should review policies more frequently than annually. Interestingly, 6% of companies surveyed in our research have it under continual review.

Assembling the right team

A strong team is crucial for effective cross-departmental data governance.  

The research identified that almost three-quarters of organisations, particularly in the healthcare industry, are managing data governance in-house. Nearly half of the businesses surveyed had already established dedicated data governance teams to oversee daily operations and mitigate potential security risks.

This strategic investment highlights the proactive approach to enhancing data practices to achieve a competitive edge and improve their financial performance. The emphasis on organisational focus highlights the pivotal role of dedicated teams in upholding data integrity and compliance standards.

Choose data governance investments wisely

With AI changing how businesses are run and being seen as a critical differentiator, nearly three-quarters of our research said data governance is the cornerstone to better AI. Why? Effective data governance is essential for optimising AI capabilities, improving data quality, automated access control, metadata management, data security, and integration.

In addition, almost every business surveyed said it will invest in its data governance approaches in the next two years. This includes investing in high-quality technologies and tools and improving data literacy and skills internally.  

Regarding automation, the research showed that under half currently use automated tools or technologies for data governance; 48% are exploring options, and 15% said they have no plans.

This shows us a clear appetite for data governance investment, particularly in automated tools and new technologies. These investments also reflect a proactive stance in adapting to technological changes and ensuring robust data management practices that support innovation and sustainable growth.

Looking ahead

Ultimately, the research showed that 86% of businesses recognised the growing importance of data governance over the next five years. This indicates that effective data governance will only increase its importance in navigating digital transformation and regulatory demands.

This means businesses must address challenges like integrating governance into operations, improving data quality, ensuring scalability, and keeping pace with evolving technology to mitigate risks such as compliance failures, security breaches, and data integrity issues.

Embracing automation will also streamline data governance processes, allowing organisations to enhance compliance, strengthen security measures, and boost operational efficiency. By investing strategically in these areas, businesses can gain a competitive advantage, thrive in a data-driven landscape, and effectively manage emerging risks.

Continue Reading

Auto

The Benefits of EV Salary Sacrifice: A Guide for Employers and Employees

As the UK government continues to push for greener initiatives, electric cars have become increasingly popular. The main attraction for both employers and employees is the EV salary sacrifice scheme.

By participating in an EV salary sacrifice scheme, both employers and employees can enjoy cost savings and contribute to environmental sustainability along the way! This article will delve into the specifics of how these schemes operate, the financial advantages they offer, and the broader positive impacts on sustainability.

We will provide a comprehensive overview of the mechanics behind EV salary sacrifice schemes and discuss the various ways in which they benefit both employees and employers, ultimately supporting the transition to a greener future in the UK.

What is an EV Salary Sacrifice Scheme?

An EV salary sacrifice scheme is a flexible financial arrangement that permits employees to lease an EV through their employer. The key feature of this scheme is that the leasing cost is deducted directly from the employee’s gross salary before tax and National Insurance contributions are applied. By reducing the taxable income, employees can benefit from substantial savings on both tax and National Insurance payments. This arrangement not only makes EVs more affordable for employees but also aligns with governmental incentives to reduce carbon emissions.

For employers, implementing an EV salary sacrifice scheme can lead to cost efficiencies as well. The reduction in National Insurance contributions on the employee’s reduced gross salary can offset some of the costs associated with administering the scheme. Additionally, such programmes can enhance the overall benefits package offered by the employer, making the company more attractive to prospective and current employees.

Benefits for Employees

1. Tax and National Insurance Savings

By opting for an EV salary sacrifice scheme, employees can benefit from reduced tax and National Insurance contributions. Since the lease payments are made from the gross salary, the taxable income decreases, resulting in substantial savings.

2. Access to Premium EVs

Leading salary sacrifice car schemes often provide access to high-end electric vehicles that might be otherwise unaffordable. Employees can enjoy the latest EV models with advanced features, contributing to a more enjoyable and environmentally friendly driving experience.

3. Lower Running Costs

Electric vehicles typically have lower running costs compared to traditional petrol or diesel cars. With savings on fuel, reduced maintenance costs, and exemptions from certain charges (such as London’s Congestion Charge), employees can enjoy significant long-term financial benefits.

4. Environmental Impact

Driving an electric vehicle reduces the carbon footprint and supports the UK’s goal of achieving net-zero emissions by 2050. Employees can take pride in contributing to a cleaner environment.

Benefits for Employers

1. Attract and Retain Talent

Offering an EV salary sacrifice scheme can enhance an employer’s benefits package, making it more attractive to potential recruits. It also helps in retaining current employees by providing them with valuable and cost-effective benefits.

2. Cost Neutrality

For employers, EV salary sacrifice schemes are often cost-neutral. The savings on National Insurance contributions can offset the administrative costs of running the scheme, making it an economically viable option.

3. Corporate Social Responsibility (CSR)

Implementing an EV salary sacrifice scheme demonstrates a commitment to sustainability and corporate social responsibility. This can improve the company’s public image and align with broader environmental goals.

4. Employee Well-being

Providing employees with a cost-effective means to drive electric vehicles can contribute to their overall well-being. With lower running costs and the convenience of driving a new EV, employees may experience reduced financial stress and increased job satisfaction.

How to Implement an EV Salary Sacrifice Scheme

1. Assess Feasibility

Evaluate whether an EV salary sacrifice scheme is feasible for your organisation. Consider the number of interested employees, potential cost savings, and administrative requirements.

2. Choose a Provider

Select a reputable provider that offers a range of electric vehicles and comprehensive support services. Ensure they can handle the administrative tasks and provide a seamless experience for both the employer and employees.

3. Communicate the Benefits

Educate your employees about the advantages of the scheme. Highlight the financial savings, environmental impact, and access to premium EV models. Provide clear guidance on how they can participate in the programme.

4. Monitor and Review

Regularly review the scheme’s performance to ensure it continues to meet the needs of your employees and the organisation. Gather feedback and make adjustments as necessary to enhance the programme’s effectiveness.

Conclusion

The EV salary sacrifice scheme offers a win-win situation for both employers and employees in the UK. With significant financial savings, access to premium vehicles, and a positive environmental impact, it’s an attractive option for forward-thinking organisations. By implementing such a scheme, employers can demonstrate their commitment to sustainability and employee well-being, while employees can enjoy the benefits of driving an electric vehicle at a reduced cost.

Adopting an EV salary sacrifice scheme is a step towards a greener, more sustainable future for everyone.

Continue Reading

Business

Machine Learning Interpretability for Enhanced Cyber-Threat Attribution

Source: Finance Derivative

By: Dr. Farshad Badie,  Dean of the Faculty of Computer Science and Informatics, Berlin School of Business and Innovation

This editorial explores the crucial role of machine learning (ML) in cyber-threat attribution (CTA) and emphasises the importance of interpretable models for effective attribution.

The Challenge of Cyber-Threat Attribution

Identifying the source of cyberattacks is a complex task due to the tactics employed by threat actors, including:

  • Routing attacks through proxies: Attackers hide their identities by using intermediary servers.
  • Planting false flags: Misleading information is used to divert investigators towards the wrong culprit.
  • Adapting tactics: Threat actors constantly modify their methods to evade detection.

These challenges necessitate accurate and actionable attribution for:

  • Enhanced cybersecurity defences: Understanding attacker strategies enables proactive defence mechanisms.
  • Effective incident response: Swift attribution facilitates containment, damage minimisation, and speedy recovery.
  • Establishing accountability: Identifying attackers deters malicious activities and upholds international norms.

Machine Learning to the Rescue

Traditional machine learning models have laid the foundation, but the evolving cyber threat landscape demands more sophisticated approaches. Deep learning and artificial neural networks hold promise for uncovering hidden patterns and anomalies. However, a key consideration is interpretability.

The Power of Interpretability

Effective attribution requires models that not only deliver precise results but also make them understandable to cybersecurity experts. Interpretability ensures:

  • Transparency: Attribution decisions are not shrouded in complexity but are clear and actionable.
  • Actionable intelligence: Experts can not only detect threats but also understand the “why” behind them.
  • Improved defences: Insights gained from interpretable models inform future defence strategies.

Finding the Right Balance

The ideal model balances accuracy and interpretability. A highly accurate but opaque model hinders understanding, while a readily interpretable but less accurate model provides limited value. Selecting the appropriate model depends on the specific needs of each attribution case.

Interpretability Techniques

Several techniques enhance the interpretability of ML models for cyber-threat attribution:

  • Feature Importance Analysis: Identifies the input data aspects most influential in the model’s decisions, allowing experts to prioritise investigations.
  • Local Interpretability: Explains the model’s predictions for individual instances, revealing why a specific attribution was made.
  • Rule-based Models: Provide clear guidelines for determining the source of cyber threats, promoting transparency and easy understanding.

Challenges and the Path Forward

The lack of transparency in complex ML models hinders their practical application. Explainable AI, a field dedicated to making models more transparent, holds the key to fostering trust and collaboration between human and machine learning. Researchers are continuously refining interpretability techniques, with the ultimate goal being a balance between model power and decision-making transparency.

Continue Reading

Copyright © 2021 Futures Parity.