By Peter O’Halloran, Vice President, Global Digital Commerce, Fiserv
In 2021, digital innovation will continue to accelerate, allowing businesses to shift to new ways of operating and adapt to changing consumer behaviour and expectations. We will continue to see an increase in digital commerce and alternative payment methods, and more intertwined physical and digital experiences. Here are my five predictions for the year ahead.
- Digital commerce will continue to rise
This year, businesses will be focused on ramping up existing avenues of growth and generating new ones, leaning into experiences and incorporating lessons learned during the pandemic. To stay ahead of the competition, drive sales, and continually engage with customers, we’ll see businesses send out special offers on a more regular basis, integrate loyalty and gift schemes, as well as offer additional value-added services, such as click-and-collect services that allow people to pick up online orders in store, free shipping and better options on returns.
- Physical and digital environments will blend
A growing consideration for businesses is how to optimise and connect digital and physical experiences. There has been an exponential rise in click-and-collect services, virtual queuing and appointment systems. According to 2019 research from Barclaycard, a third of retailers (34%) saw in-store sales increase after offering click-and-collect services. And by digitalising certain parts of the customer experience, businesses from restaurants to salons can operate more safely in their physical locations. Apps that allow customers to order and pay for food in advance, or book time slots for in-person services, are some examples of how businesses will continue to connect the physical and digital environments as they navigate the current landscape.
- Alternative payment methods will proliferate
Consumer payment habits have shifted significantly since the start of the pandemic. The recent Expectations & Experiences report from Fiserv found that a large number of consumers have increased their use of mobile payment apps and person-to-person (P2P) payments, and that they expect those changes to last. We will also likely see an increase in the adoption of proximity payments, such as mobile payments, NFC payments and QR codes.
In addition, the rise of digital payments could also accelerate the adoption of local or regional payment methods to better engage with customers. There are a number of methods that have emerged and already gained popularity, such as Klarna across Europe, Paytm in India and Brazil’s Boleto voucher system.
- Commerce-enabled Internet of Things (IoT) will grow
As consumers continue to expect new payment forms and digital experiences, businesses will continue to adopt more innovative capabilities. There is a growing usage trend for IoT in commerce, such as smartphone-based or voice-enabled capabilities. From grocery, fashion to other day-to-day activities such as paying for petrol, IoT devices can enable businesses to harness customer data to gain further insight into their behaviour and provide personalised offers and services. The new year will see commerce-enabled IoT increase, as well as further digital innovations to help grow revenue streams and enhance customer experience.
- Security will continue to be a priority
As more activity moves online, security is more vital than ever. 2020 saw a proliferation of COVID-19 related scams and fraud, such as phishing emails on relief funds or health information. These trends will likely continue, evolving to latch on to the concern of the moment, and we will see businesses, payment providers and financial institutions increasing their investment in the appropriate fraud solutions to protect both their organisation and customers.
Regulatory requirements will also continue to bolster security and fraud management. In Europe, regulations such as Strong Customer Authentication (SCA), which is part of the EU Revised Direction on Payment Services (PSD2), help ensure that payments are secured with multi-factor authentication, providing additional security and assurance for consumers.
A digitally-enabled future
Many businesses have successfully adapted to a new way of operating. As we go into the new year and continue to navigate the challenges posed by the pandemic, businesses will be able to rely on those learnings to adjust quickly to changes that come their way.
Viewpoint: Autonomous Cloud Security
By Scott Dodds, CEO Ultima
Moving to the cloud securely remains a significant challenge of flexible working
While the end may be in sight for full-scale remote working, most companies are looking to continue with flexible working in some form or other. The benefits that both employers and employees have reaped in terms of cost reductions and flexibility are unlikely to be given up quickly. But in a recent survey of customers, Ultima has found that many challenges still exist for companies if they are to embrace flexible working successfully in the long-term.
The pandemic has forced many companies to innovate at an unprecedented rate, and digital transformation has moved on in a year to a place it would have taken five or more years to do. But many businesses are still struggling with the new normal. They have become more susceptible to cyberattacks, and poor IT infrastructure has resulted in poor employee experience causing productivity and profits to fall.
In a recent survey of over 200 prospective customers, Ultima asked about the challenges they were facing due to current requirements for remote working. Nearly half (41%) cited security concerns as an issue and 17% application access.
IT infrastructure is a cause for concern too. While many companies have embraced the advantages of cloud computing during the lockdown, over a third (37.5%) of respondents, don’t believe they have the capability to move to the cloud. There were a variety of reasons why the respondents don’t think they have the capability, with 16% saying it was due to legacy applications and another 16% saying it was due to budget constraints or challenges. A further 12% per cent blamed lack of in-house technical expertise and another 10% on investment being made in on-premise infrastructure.
The pandemic has created exponential growth in companies requiring cloud services, but their IT staff don’t have all the technical skills to effectively and safely move them to the cloud. This leaves companies open to security vulnerabilities as well as meaning they are not optimising their cloud environment.
While many businesses have risen to the challenges of remote working, infrastructure and security remain an issue. But automated cloud services with in-built security solutions can solve these problems. They can be bought on a pay-as-you-go basis, addressing large CAPEX outlay issues and allowing companies to overcome legacy application issues and provide security that protects both employee and company from outside attack.
Lack of capability and capacity solved
For those companies who’ve still not made the leap to the cloud, automated cloud migration services exist that can overcome the financial and skills shortage barriers to entry. Managed Service Partners (MSPs) can provide technical expertise and technical solutions to make this possible. The results of moving to the cloud can be spectacular too: from an average 30% reduction in expenditure and up to a 750% increase in productivity. They also have no upfront costs.
Using Microsoft Azure’s open and flexible cloud computing platform, for example, combined with automated migration, you no longer need to look after and buy hardware, or sort out power and cooling. Your IT infrastructure and security can be run on a pay-as-you-go basis. And if you need increased capacity, automation means you can extend your on-premises data centres and infrastructure to Azure within a few hours, providing the extra capacity required for critical systems and applications.
Poor security solved
We know that traditional security solutions don’t work well in the cloud. When customers move to the cloud, they try and take their traditional security solutions with them. But as the cloud works in a very different way to on-premises, this leaves companies open to vulnerabilities. You need a made for purpose solution, based on cloud security best practice.
With the latest automation technology security and monitoring solutions are automatically applied to existing and new workloads. It scans the collected data and includes proactive monitoring around security events that will let you know exactly what’s happened in clear-to-understand alerts, and where action should be taken if needed, covering critical areas such as anti-malware. IT staff can view in real-time their security and compliance reporting. Soon we will be able to scan a customer’s environment for security-related bad practice or incidents and make recommendations on how to fix them and even give them a score as to how they are doing.
At Ultima, we’ve also found that on moving to the cloud customers have poor visibility of what is going on in their environment. We know about 25% of companies don’t even realise they have high severity patches missing. This is down to a skills shortage and a lack of time – as patches are often done manually.
With automated cloud services, patching happens automatically on repeat and even scales as your infrastructure grows. If a patch is due and fails for whatever reason the system will automatically create an alert. This information will go to the third line technical team, and they will investigate it themselves, whether that’s your MSP or your own IT staff. The time savings to the IT department are huge – often 100’s of hours a year – enabling them to focus on other projects and have peace of mind about security.
Traditionally, you would do a true-up every month or quarter of your IT environments to bring new things, including security issues, to the management. But when you are in the cloud, you can spin things up so fast, that you will have a gap if you are only doing a true-up every month or quarter. With an automated service, you can automatically onboard things, so you don’t have to wait for the true-up process, which means you have a more proactive security service and less vulnerability. We’ve found that customers who are using automated cloud services have a 66% reduction in security incidents.
Lack of visibility of critical data solved
With ever increasing cloud resources, it can be hard to get visibility into your cloud infrastructure. The technology exists now to automatically scan and configure your cloud resources with centralised logging and telemetry capabilities. As your environment grows, this process repeats itself automatically as it scans and configures itself when new resources are added. This means that all logging information is available, and you can also see on one dashboard insights into your security posture. Usually, it’s hard to see what’s happening from a security perspective – what data is coming in and going out, top destinations, any malicious activity detected in the last 24 hours, etc. Automated services give customers a dashboard that centralises all the information to see what is happening in a simplified format and how your infrastructure is performing at a high level.
These new autonomous cloud services enable companies to free up 100’s of hours of IT staff time and reduce security incidents. Moving to the cloud has previously been a struggle for some companies as costs escalated for support, maintenance and security. New technology has changed that and is ensuring security and infrastructure are no longer barriers to successful cloud deployments and productive, flexible working.
What does cybersecurity look like for the financial sector in 2021?
By Neill Lawson-Smith, managing director at CIS
The landscape is changing incredibly fast, with cybercriminals using the most up-to-date technology to hack systems. Here are the six areas those in finance should be watching out for…
The finance and insurance sector is increasingly becoming a notable target for cyber attacks. Many of these breaches happening are believed to be due to inadequate security measures when teams or businesses are using cloud services.
The financial industry is also being affected by changes in processes with more fintech, virtual banks, and other digital disruptors impacting the market. The landscape is changing incredibly fast, with cybercriminals using the most up-to-date technology to hack systems, so it is therefore up to the financial sector to keep up to avoid security breaches.
What does this look like for the year ahead in the financial sector? Here are the Six areas those in finance should be watching out for:
- AI securityand cyber defence
Both Cybercriminals and cyber defence are commonly using Artificial Intelligence (AI). In cybersecurity, it is used to identify new threats, as well as assess the effectiveness of the responses to threats, enabling them to foresee and essentially block attacks before they happen. It is also used to spot behavioural patterns and can quickly identify possible infiltrations.
Hackers have also started to use AI to make it easier for them to get past security systems in place. This year, it is likely that AI will be increasingly used as a means of gaining personal details (i.e. credit card details) as well as optimising spam phishing campaigns.
- Mobile cybersecurity in banking
With the number of consumers using their mobile devices for banking and financial transactions increasing, especially since the COVID-19 pandemic has rendered society predominantly cashless, cybercriminals have been heavily targeting mobile systems. For example, mobile malware only targets mobile phone operating systems. The most common forms of mobile malware are virus and trojans, spyware and madware (mobile adware), phishing campaigns, and browser exploits.
This means it is now more important than ever to protect mobile devices to the same extent as traditional hardware.
The same protocols that are in place to ensure your staff PCs and laptops are secure now, need to also be applied to their mobile devices as well, such as:
- Ensuring the latest versions of the operating system and other applications are installed.
- Installing a firewall.
- Enabling mobile security software to protect against malware and viruses.
- Using password protected lock screens.
- Ensuring apps are only downloaded from official sites like Apple App store and Google Play.
- Multi-factor authentication
Multi-factor authentication adds an extra layer of security to all your business networks by ensuring every transaction or login is supported by at least two security measures for access. It is one of the easiest security measures to implement within your business and is becoming more common within the financial sector for many transactions. The traditional username and password are becoming increasingly easy for cybercriminals to acquire, whereas adding an extra identification method, that is not easily accessible to the hackers, ensures an extra layer of protection.
The most commonly used multi-factor authentication methods are:
- Passwords – They should be complex and comprise at least eight characters and be a combination of upper- and lower-case letters, numbers, and special characters.
- One-time use code – A randomly generated code sent via SMS or email which is used only once. With weaknesses in mobile networks and email accounts, these can however be intercepted by hackers.
- App generated codes – a code generated by an app on a mobile phone often created by scanning a QR code that contains a ‘key’. As the key is stored on the phone itself this is less likely to be intercepted by a third party.
- Physical authentication keys – this is a USB which the user inserts every time they login from a new computer. Unfortunately, they don’t work on all devices without adapters (such as iPhone, MacBook or Android).
- Biometrics – Using a fingerprint, voice, or an eye dent is an effective identifier. They are extremely difficult to hack but if they are, they cannot be used ever again for anything.
- Information – this could be something that only the user would know – either a password or a piece of information.
Most of these methods are free or relatively cheap to implement and don’t require anything other than a mobile phone for the user. The added security of multi-factor authentication means even if a hacker has acquired a username/password combination there is still an extra security barrier preventing access.
- Refined testing
As the finance industry is constantly changing, then so too are the security threats. Financial cybersecurity is an ongoing commitment, so installing new anti-virus software and implementing MFA, and stopping there is not going to keep you protected for long. It requires ensuring software and firewalls are up to date as well as ensuring access is regularly updated. In addition to this constant maintenance regular testing of the systems is essential. All systems have vulnerabilities, and as these change, cybercriminals learn to overcome them, and therefore software develops.
One thing to remember is that it is not possible to be over-cautious when it comes to cybersecurity. Regular penetration testing essentially identifies any weaknesses in your systems before the cyber criminals do. It is essential to schedule penetration testing or vulnerability scans at least once a quarter unless compliance dictates otherwise. They can be carried out using a vulnerability scanner.
- Hiring the right people
It is crucial to have the right team on hand to ensure your systems are up to date, regularly tested and maintained is essential.
Your IT team should have the following skills and knowledge:
- Knowledge and understanding of the company’s IT infrastructure
- Knowledge of cybersecurity best practices
- Understanding of company processes and data flows
- Up to date knowledge of cybersecurity solutions
- Plan a Defence, Prepare for Attack…
Although businesses can take many precautions, there are limitations on skills, investment and timescales in implementing a comprehensive cybersecurity infrastructure, it is essential that appropriate procedures, policies and processes are established to ensure that an appropriate response is carried out in the event of a detection – whether manual or ideally automated – so that whenever an attack occurs, the appropriate and proportionate response is carried out immediately to limit any further damage or intrusion.
Data protection: it’s time to reassess your security strategy
By Tony Pepper, CEO of Egress
It’s no secret that the Covid-19 pandemic has created a perfect storm of cybersecurity risk. External threats are heightened, but there’s also a higher level of internal risk too, exacerbated by home working. With most financial services organisations planning to continue with mass remote working for the foreseeable future, it’s important for security teams to review their strategy and assess whether it still works in this new landscape. When it comes to insider threat, there are three key areas that IT leaders should focus on: building a positive culture around security, understanding their organisation’s level of risk and protecting their people.
- Build a security-positive culture
Many organisations have unknowingly instilled a security-negative culture among their employees, where people are punished or shamed if they cause a security incident. While they might think that this would discourage employees from causing data breaches for fear of repercussions, this actually makes your organisation less secure. Our Outbound Email Security Report found that 62% of organisations rely on their people to report email data breach incidents – and if employees are too afraid to come forward, that means your business is at risk of developing a security blind spot.
A security negative culture won’t actually prevent data breaches caused by human error, something which organisations need to recognize as largely unavoidable without technological intervention; it just delays remediation, which makes every incident worse. By creating a security-positive culture, you can better engage and educate employees, as well as ensure you’re able to rapidly triage any incidents if they occur.
- Understand your risk
When mapping out your risk, you’ll likely find that the picture looks very different to how it did even a year ago. In the past, organisations have focused on their networks and their devices when it came to security strategy. While these are vital areas for consideration, what hasn’t been as well-addressed to date is the human aspect of risk, particularly human error. You need to look closely at the tools that your employees are using daily to facilitate digital communication with clients and colleagues, including when sending sensitive information.
Employees are specifically using email more than ever before – our recent research found that 94% of organisations are sending more emails due to Covid-19, with one-in-two IT leaders reporting an increase of more than 50%. With this expansion of email volumes comes an increase in the risk that an email containing sensitive data might be misdirected. Remote working has also heightened the threat – our research found that 35% of organisations’ serious email data breaches were caused by remote working. Why? The causes lie in their behavior and the environments in which they operate. Some individuals may feel they’re able to take more risks away from the “watchful eyes” of their Security team, and every employee is faced with a myriad of distractions that make them more likely to make a mistake.
It’s time for organisations to take stock of their risk by looking at where gaps in their security might exist – and provide safety nets for their employees that can automatically detect and mitigate inadvertent data breaches and risky behaviour.
- Protect your people
It goes without saying that not all data breaches are caused by malicious activity. An overwhelming amount of data breaches are caused by hardworking employees making honest mistakes, from sending an email to the wrong person to responding to a phishing attack. Unfortunately, human error is an unavoidable part of life, and mistakes will happen. In the past, many organisations have taken the approach that employee error can be ‘trained away’, embarking on comprehensive security training programs in the hope that security incidents might decrease.
Unfortunately, if that were the case, then employee activated data breaches would be a thing of the past! Organisations need to employ a multifaceted approach when it comes to avoiding accidental insider data breaches – education and training remain an important element, but ultimately businesses need to implement the right technology to provide a safety net for their people. Many organisations have legacy DLP solutions in place that cannot mitigate the risk as they fail to fully understand employees’ behaviour.
Often, these tools stand in the way of productivity, prompting users even when there isn’t a legitimate risk. When click fatigue sets in, these solutions become ineffective, with users ignoring prompts whenever they appear. Luckily, advances in machine learning mean that there’s technology available to prevent insider data breaches such as misdirected email, by deeply understanding the way that users behave and the context in which they share data, to ensure emails are sent to the right recipients with the right level of security.
The vast majority of organizations will never go back to every employee working full time within the office environment, instead post-pandemic we will see a myriad of different approaches – with some based in the office, while others work at home part or full-time, and as the world opens up again, their locations may change throughout the day. To mitigate risks from inadvertent errors to intentional data exfiltration, CISOs must address their security culture and protect their human layer with intelligent controls that mitigate employees’ behaviors and stop breaches before they happen.
2021: A year of digital enablement
By Peter O’Halloran, Vice President, Global Digital Commerce, Fiserv In 2021, digital innovation will continue to accelerate, allowing businesses to...
5 Trends Driving the Future of Customer Service in 2021 and Beyond
By Matt McConnell, CEO of Intradiem 2020 ignited radical shifts for contact centre operations with the move to a remote...
World shares sink as bond yields, commodities surge
By Ritvik Carvalho LONDON (Reuters) – World shares sank on Monday as expectations for faster economic growth and inflation battered...
UK regulators need global ‘competitiveness’ remit, says UK Finance body
By Huw Jones LONDON (Reuters) – Keeping the City of London competitive should be an “across the board” objective for...
Creating a B2B lead generation strategy in the Covid economy
By Petra Smith, Founder and Managing Director of marketing agency Squirrels&Bears The pandemic has transformed the relationship driven B2B environment in...
Estate planning for wealthy celebrities or UHNWIs
By Sean Sheridan, Client Director, ZEDRA Isle of Man Estate planning often gets pushed aside…sometimes with disastrous knock-on effects for...
British Airways owner IAG says pensions deal, loan help boosts liquidity
By Sarah Young LONDON (Reuters) – British Airways-owner IAG said on Monday it had raised total liquidity by 2.45 billion...
Viewpoint: Autonomous Cloud Security
By Scott Dodds, CEO Ultima Moving to the cloud securely remains a significant challenge of flexible working While the end...
HSBC reshuffles top jobs ahead of strategy update
LONDON (Reuters) – HSBC on Monday reshuffled several of its top regional executive roles, as it prepares to announce full...
Breakdown of Global Trends: The Current State of Female Professionals Working in Accountancy
By Sarah-Jane McQueen, General Manager of the accountancy course comparison website CoursesOnline. Accountancy is a strong sector, which is growing on...