Connect with us

Top Stories

7 PROVEN RESILIENCE BEST PRACTICES AGAINST RANSOMWARE FOR FINANCIAL INSTITUTIONS IN THE MIDDLE EAST

Published

on

7 PROVEN RESILIENCE BEST PRACTICES AGAINST RANSOMWARE FOR FINANCIAL INSTITUTIONS IN THE MIDDLE EAST

By: Gregg Petersen, Regional Vice President, Middle East & Africa at Veeam Software

Gregg Petersen, Regional Vice President, Middle East & Africa at Veeam Software

Gregg Petersen, Regional Vice President, Middle East & Africa at Veeam Software

After becoming one of the main cybersecurity threats in 2016 and causing global chaos in May 2017, ransomware is currently keeping everyone in a state of constant security alert. Financial organizations are particularly at risk, targeted by approximately 13% of total attacks[1] . Ransomware was actually reported as the number one vector of security risk in the financial sector in the 2016 SANS Survey, reported by 55% of the financial services firms surveyed. The outcomes of these attacks can be highly damaging. Hackers successfully extorted a total of up to half a billion dollars from more than 32% of financial institutions in 2016 alone.

How ransomware impacts the financial services industry

Despite the increasing number of attacks on financial institutions, public announcements of ransomware infections are rarely made due to the grave brand integrity and consumer confidence consequences. However, numerous attacks were reported in the last few years. Armada Collective attacked three Greek banks, encrypting valuable data and asking for €7 million (20,000 Bitcoin) from each bank, followed by three other attacks in a span of five days. Fortunately, these attempts failed, as the banks successfully leveraged their defense strategies instead of paying the ransom[2].

A 2016 report by SentinelOne on ransomware highlighted that the most vulnerable data for ransomware attacks are employee records, financial data, customer information, product & IP, payroll / HR and research.

Ransomware’s notoriety is not a surprise, considering its ability to evolve and surpass traditional data protection solutions. Beyond the use of sophisticated attack techniques, such as social engineering and the development of Ransomware as a Service platforms, ransomware has been driven by certain key factors, such as security holes, lack of IT security knowledge, wrong permissions, lack of patching, and inadequate backup and recovery processes. Finally, the appearance of anonymous e-currency as a payment method as well as the decision to pay the ransom contribute greatly to encouraging cybercriminals’ future attempts.

Keeping up with compliance and Availability challenges

In this threat landscape, stringent regulations, such as PCI, DSS, GLBA or GDPR and data breach notification requirements, legally require financial institutions to properly store and protect customer data along with other highly sensitive data. As they gain more users, adopt new technologies and face data upsurges, modern IT ecosystems must maintain the ability to collect, maintain and store data in changing environments.

7 best practices for ransomware resilience in financial services

  1. Use different credentials for backup storage: Although this is a standard and well-known anti-ransomware best practice, it’s crucial to follow. The username context that is used to access backup storage should be closely guarded and exclusive for that purpose. Additionally, other security contexts shouldn’t be able to access the backup storage other than the account(s) needed for the actual backup operations. Do not use DOMAIN / Administrator for everything.
  2. Start using the 3-2-1 Rule:Veeam promotes the 3-2-1 Rule often and for good reason. It essentially states to have three different copies of your media on two different media sites, one of which is off site. This will help address any failure scenario without requiring specific technology. Moreover, to effectively prepare in the advent of a ransomware attack, you should ensure that one of the copies is air-gapped, i.e., on offline media. The offline storage options listed below highlight many options where you can implement an offline or semi-offline copy of the data.
  3. Have offline storage as part of the Availability strategy: One of the best defenses against propagation of ransomware encryption to the backup storage is to maintain offline storage. There are numerous offline (and semi-offline) storage options. These include:
    1. Tape: Completely offline when not being written or read from
    2. Storage snapshots of primary storage: A semi-offline technique for primary storage, but if the storage device holding backup supports this capability, it is worth leveraging to prevent ransomware attacks. It is important to consider that this strategy is not entirely failsafe and must be taken as only one of the key steps needed in ensuring ransomware preparedness
    3. Cloud: A great additional resource for resiliency against ransomware. For one, it’s a different file system, and secondly, it is authenticated differently.
    4. Rotating hard drives (rotating media): Offline when not being written to or read from
  4. Leverage different file systems for backup storage: Having different protocols involved can be another way to prepare for a ransomware attack. It’s imperative that users add backups on storage that require different authentication.
  5. Achieve complete visibility of your IT infrastructure: One of the biggest fears of ransomware is the possibility that it may propagate to other systems. Gaining visibility into potential activity is a massive value-add. An Availability solution should have a pre-defined alarm that will trigger if there are a lot of writes and high processor utilization, which is a typical ransomware pattern.
  6. Let the Backup Copy Job do the work for you: The Backup Copy Job is a great mechanism to have in order to create restore points on different storage and with different retention rules than the regular backup job. When the previous points are incorporated, the Backup Copy Job can be a valuable mechanism in a ransomware situation because there are different restore points in use with the Backup Copy Job. However, with the Backup Copy Job being a VBK file, it can also get infected with ransomware unless the copy is in a cloud, on tape or air-gapped.
  7. Educate all employees on ransomware not just your IT staff: Social engineering and phishing schemes are effective when companies do not educate employees on the dangers of ransomware nor the specific activities that leave the company vulnerable. Establish a strong source of education, communication and support to ensure the entire company is equipped to avoid propagating a ransomware attack.

[1] SonicWall Annual Threat Report, 2017

[2]Digital Guardian: Biggest ransomware attacks

Top Stories

Using payments to streamline everyday transport

Published

on

Using payments to streamline everyday transport 1

By Venceslas Cartier, Global Head of Transportation & Smart Mobility at Ingenico Enterprise Retail

Once upon a time the only way to get from A to B on public transport was with cash – and likely a pre-paid ticket bought from a physical office. Nowadays, thanks to technological developments, options range from contactless and mobile payments, to in-app tickets and more. As payment methods advance, consumers and merchants are naturally moving towards Mobility as a Service (MaaS) systems, integrating various forms of transport services into a single mobility service, accessible on demand.

This move towards MaaS does not only streamline the consumer experience, it has other positive impacts too. Incentivising public transport use reduces environmental pollution, improves mental wellbeing by reducing travel-related stress, and aids productivity by freeing up time otherwise spent driving. With this in mind, let’s take a look at the current trends affecting the transport sector, as well as how payments can optimise transportation for both operators and consumers alike.

Optimising transport with payments

The payment process is integral to any service. A payment service provider (PSP) can provide a range of key benefits to operators by proving a gateway to the transportation open payment ecosystem, and ensuring they meet objectives in 3 key areas.

  1. Environmentally, by reducing the use of personal cars and alleviating pollution and congestion.
  2. Societally, making urban mobility more inclusive in terms of improving access to all areas and for all socioeconomic classes.
  3. Economically, by optimising investment in eco-structure and fostering financial transactions, therefore improving the wealth of the city.

Payments professionals’ expertise and technological solutions can make payments easy again for transport operators. They can provide a range of options so that the customer can choose which one is right for them, leveraging the capabilities of the mobility services’ infrastructure (contactless, mobile wallets, P2P, closed-loop, QR code, and blockchain).

Furthermore, they can help promote inclusion and sustainable urban development. For example, methods such as prepaid virtual cards, or mobility accounts linked to a prepaid account can reduce the risks of excluding the unbanked. The environmental impact per kilometre can also be reduced, along with the use of vehicles with lower emissions per person per kilometre.

Finally, PSPs can put merchants’ minds at ease, providing payment liability, allowing aggregation of all due amounts from all mobility service providers, and collecting payments in one single transaction from users while dispatching revenue between mobility service providers.

Managing coronavirus

Venceslas Cartier

Venceslas Cartier

COVID-19’s disruption to the travel industry cannot be overlooked. In fact, research suggests that public transit ridership is down 70% across the globe since the onset of the virus, longer distance travel has seen reductions of up to 90%, and payment by cash has seen a 60% drop.

Being realistic, these behavioural shifts are unlikely to revert anytime soon, so it’s important for merchants to keep this in mind when thinking about payment methods. More than 70% of consumers and travellers say they are likely to avoid the use of cash over the next six months. As a result, more than 40 countries have already raised their contactless payment threshold, further helping consumers to avoid contact with frequently touched pin pads.

However, the pandemic has only accelerated the way things were heading already and highlighted the benefits. Within the context of the pandemic, transportation needs to reinvent itself and adapt its processes to suit the shift in commuter habits that we’ve already seen and will continue to see in the future.

Other trends to keep an eye on

Contactless has been steadily growing on the transport scene, as have mobile payments and in-app purchases. In fact, the recent move to mobile and online ticketing is the most promising method so far, having seen significant growth in the last few years and having been accelerated by COVID-19 as discussed above. Once consumers move to these easy, convenient, and seamless methods, it’s rare that they revert – so it’s a good idea for operators to think how they can cater to these preferences.

Speed and convenience are a must for busy travellers – but not at the expense of data security. Finding the right payments partner is therefore crucial so operators can safeguard their customers’ personal data, while also keeping on top of other security regulations/features such as P2P encryption, PCI certification, and tokenisation.

Next steps for operators

Public transport is essential for many peoples’ everyday lives – COVID-19 or no COVID-19. As such, mobility service providers can make a great difference to their service and operations by implementing the right solutions.

Continue Reading

Top Stories

Grey skies ahead – Malta prepares for a gloomy 2021 if they can’t tackle financial crime

Published

on

Grey skies ahead – Malta prepares for a gloomy 2021 if they can’t tackle financial crime 2

By Dhanum Nursigadoo, ComplyAdvantage

With the summer drawing to a close, many countries who rely significantly on warm weather tourism will be assessing the impact of Covid-19. Being a small island in the middle of the Mediterranean you would expect Malta to be taking a significant economical hit – just like we are seeing in other popular European holiday destinations – but this doesn’t take into account the strength of the Maltese economy.

Emerging from the eurozone crisis with one of the most dynamic economies strategically positioned between three continents, Malta has had one of the lowest unemployment rates in the EU and has recently seen its GDP growth expand year-on-year.  But perhaps the most important aspect of the Maltese economy has been its attraction for foreign businesses with only a 5% tax on profits. It is no secret that Malta is a tax haven, probably one of the most effective tax havens in the world.

But you can’t pick and choose who takes shelter, and it’s no secret that money launderers have been taking advantage of the regulatory landscape in this archipelago.

The conditions of a tax haven suit criminal enterprises, who can take advantage of the opaque environment and blend their illegal activities with the same operations enjoyed by high net worth individuals and corporations who are looking to reduce their tax bill. And last year Malta’s keenness for secrecy and avoidance resulted in a damning report by Moneyval – the Council of Europe’s Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) body – which found that while the nation had made some efforts to curb money laundering there was still much to be desired in order to bring the tax haven up to standard. Overall, they were of the opinion that Malta viewed combating money laundering as a non-priority and this resulted in branding Malta with low to partial ratings for 30 out of the 40 Financial Action Task Force (FATF) recommendations.

The findings of the report were stated to have the potential to “create within the wider public the perception that there may exist a culture of inactivity or impunity”. This follows on from a series of international high-profile stories regarding Malta and financial crime. Most shocking was the murder of journalist Daphne Caruana Galizia – who investigated corruption and money laundering in her native country – and was killed by a car-bomb three years ago leading to international outrage and condemnation.

Now Malta is in a race against time to turn their reputation around or they will suffer genuine consequences. The FATF have threatened to place Malta on a “greylist” of high-risk jurisdictions unless they have shown a genuine commitment to combatting financial crime and implemented the recommendations of the Moneyval report. If they fail, this would make Malta the first EU country to make the list and join others such as Panama, Syria and Zimbabwe.

The pandemic has actually given Malta more time to meet these obligations, and it has been widely reported that an initial summer deadline has now been moved to October due to the widespread disruption.

As we head into the autumn, there are signs that Malta has begun to take action. The Malta Financial Services Authority (MFSA) has created and established an empowered AML now headed up by Anthony Eddington, formerly of the UK’s Financial Conduct Authority and who has previous experience of tackling anti-financial crime at Deutsche Bank. This team has already begun working closely with international experts, specifically partners in the US through the US embassy in Malta and the United States Commodities Futures Trading Commission (CFTC). In May this collaboration led to 25 new cases focused on money laundering in particular, and with plans to increase standard inspections and on-site investigations into businesses in Malta, it appears there is a change to the country’s priorities.

Importantly, the report highlighted a problem for countries that choose to become tax havens. In some cases it was not that the Maltese authorities deliberately turned a blind-eye, but simply that they did not have the necessary knowledge to effectively tackle financial crime in the first place. Law enforcement appeared unable to even recognise when crime was occurring.

But this blurring of financial compliance will not help businesses if Malta does indeed become “greylisted” this year. While not as devastating as being blacklisted (the two occupants of this list are Iran and North Korea) there are significant detrimental effects to being put on the FATF greylist. Although this signals that the country is committed to developing AML/CFT plans (unlike the blacklist) it still sends out a warning signal to the world that this is a high-risk area, with the country in question subject to increased monitoring and potential sanctions from the IMF and the World Bank. Make no mistake, being put on the greylist will be catastrophic for Malta’s economy.

It remains to be seen how the work to avoid such a calamity will affect Malta’s tax haven status. Perhaps with an increased fight against financial crime there will be less ability to defend one of Europe’s most competitive tax regimes. But if Malta does not show they are genuinely committed to tackling this problem, then the pandemic disruption to the island’s tourism may be minor in comparison to the grey clouds that now approach their shores.

Continue Reading

Top Stories

How will the UK prepare a supply chain for the distribution of the Covid-19 vaccines?

Published

on

How will the UK prepare a supply chain for the distribution of the Covid-19 vaccines? 3

By Don Marshall, Marketing role at Exporta.

The challenge of mobilising a supply chain for the introduction of a global and nationwide vaccine will be enormously complex. The process will be costly, and it’s likely the figures will stretch to the hundreds of millions for both the production of the vaccine itself and its distribution across the UK. We must prepare and plan a supply chain strategy to ensure it reaches those most in need in a timely and safe manner.

The task of immunising a whole population is something that has never been planned or likely imagined by anyone within a standard supply chain. A supply chain that goes directly from the manufacturer to the end consumer, or user/ patient in this case, is complex and goes beyond the scope of any single logistics company. It would have to be conceived and delivered via a large joint effort and collaboration between multiple organisations. Effectively distributing the vaccine will depend on the source of manufacture, its storage requirements, and protection of the vaccines from manufacture through to patient administration.

The majority of vaccines require storage within a specific temperature range and need to be handled safely and in hygienic conditions. Depending on where the vaccines are manufactured, the transport legs will vary; if they are coming from overseas, air freight will increase cost and complexity. In addition to supplying the vaccine, syringes, needles and containers also need to be taken into account when preparing the supply chain.

Securing the specific types of boxes or containers i.e. the lidded containers normally used for transporting pharmaceutical products will mean acquiring them from all available stockists and manufacturers. Delivery vehicles would then need to be considered, with temperature-control factored in. The medical supply chain can inform their approach to distribution by assessing data from previous supply chains, and how large quantities of vaccines have been sent out in the past. Collating successful vaccine delivery examples from other parts of the world would be advantageous here, the more we can do to prepare for a logistical challenge of this magnitude, the better.

The distribution of this COVID vaccine will be unique in its scale and for that reason, additional supply chains will need to be mobilised. Apart from medical supply chains, those best suited for this type of transportation are the fresh/frozen food industries and supermarkets. I would mobilise these businesses to assist with the vaccine’s distribution wherever possible and use their car parks and facilities for the temporary medical centres needed to administer the vaccine to the public.

Using the food industry and supermarket networks would leave the current pharmaceutical supply chains intact for health services, pharmacies and the NHS. It would protect those vital services and continue to serve communities across the UK. Inevitably, it would place a short term strain on food supply chains, but these are supply chains that are well-equipped and versed in coping with excess demand i.e. the spike endured from the brief spell of public panic buying at the start of the crisis. With adequate resourcing and planning, I believe the UK supply chain can and will handle this challenge.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Using payments to streamline everyday transport 4 Using payments to streamline everyday transport 5
Top Stories8 mins ago

Using payments to streamline everyday transport

By Venceslas Cartier, Global Head of Transportation & Smart Mobility at Ingenico Enterprise Retail Once upon a time the only...

WeWALK joins Microsoft’s AI for Accessibility Programme Using artificial intelligence to change the lives of the visually impaired  6 WeWALK joins Microsoft’s AI for Accessibility Programme Using artificial intelligence to change the lives of the visually impaired  7
Technology5 hours ago

WeWALK joins Microsoft’s AI for Accessibility Programme Using artificial intelligence to change the lives of the visually impaired 

WeWALK, the smart cane designed for people who are blind or with low vision which is now in use across...

Adoption of tech in private markets lags behind industry trends 8 Adoption of tech in private markets lags behind industry trends 9
Business20 hours ago

Adoption of tech in private markets lags behind industry trends

Nine out of ten financial institutions have accelerated their digitisation strategy as a result of Covid-19. Yet just 26% of...

Covid-19 disruption drives five new retail supply chain trends 10 Covid-19 disruption drives five new retail supply chain trends 11
Business23 hours ago

Covid-19 disruption drives five new retail supply chain trends

The business disruption caused by COVID-19 has resulted in four out of five (82%) retailers changing their approach to stock...

Remote leadership anxieties 12 Remote leadership anxieties 13
Business1 day ago

Remote leadership anxieties

It’s a difficult time to be navigating the complex world of business. Whilst adapting to new ways of working remotely,...

Online jobs soar by 14% in third quarter 2020, Freelancer.com’s Fast 50 reports  14 Online jobs soar by 14% in third quarter 2020, Freelancer.com’s Fast 50 reports  15
Business1 day ago

Online jobs soar by 14% in third quarter 2020, Freelancer.com’s Fast 50 reports 

Freelancer.com (ASX: FLN), the world’s largest freelancing and crowdsourcing marketplace by number of users and jobs posted, today released the...

One third of money management tools face closure by the end of the year if they do not embrace open banking 16 One third of money management tools face closure by the end of the year if they do not embrace open banking 17
Finance1 day ago

One third of money management tools face closure by the end of the year if they do not embrace open banking

New research from Yolt Technology Services shows 35% of Personal Finance Managers aren’t using any open banking technology Imminent screen...

Pivoting growth strategy to rebuild consumer trust and confidence 18 Pivoting growth strategy to rebuild consumer trust and confidence 19
Business1 day ago

Pivoting growth strategy to rebuild consumer trust and confidence

By Richard Steggall, the CEO of Urban FT Trust is essential to all relationships, whether personal or professional. And in...

Everything you need to know about APIs for business 20 Everything you need to know about APIs for business 21
Technology1 day ago

Everything you need to know about APIs for business

By Omar Javaid, president, Vonage API Platform, Vonage  If your work brings you into close proximity with technology, chances are...

Accountants have become critical to the survival of businesses and their reputations during Covid-19 22 Accountants have become critical to the survival of businesses and their reputations during Covid-19 23
Finance1 day ago

Accountants have become critical to the survival of businesses and their reputations during Covid-19

The opportunity for fraudulent activity to flourish as finance departments operate remotely with less oversight in these extraordinary Covid-19 times...

Newsletters with Secrets & Analysis. Subscribe Now