By Csaba Krasznay, Security Evangelist,Balabit
When it comes to cyber security, financial institutions are generally quick to adopt new technologies, though many organisations are still hamstrung by legacy infrastructure and applications. A recent study from IBM found that financial services organisations are breached on average 65% more than organisations in any other industry. So, with the ever-increasing attacks to banking infrastructure from sophisticated cyber-criminals, one of the biggest challenges facing banking IT is investigating incidents and recovering as quickly as possible.
The increased risk to banks is due to the massive amounts of sensitive data they keep stored, which can provide immense financial gains for cyber-criminals. Financial organisations must also comply with industry and government regulations which require them to monitor and record all access to their sensitive information. For this reason, it’s now more important than ever for banks to protect their clients’ identities and their own privileged users’ accounts, which are top priority targets for criminals. However, this can present a challenge due to the large, distributed IT networks typically operated by international financial organisations, often managed by hundreds of system administrators.
In such large distributed environments, having enough employees focused on security can be almost impossible. Whilst password based authentication can help restrict access, hackers can easily infiltrate financial IT system accounts using social engineering tactics. There is also the problem of the malicious insider, or employees who have decided to go rogue. Banking security managers must look for advanced security solutions, which allow them to focus on insider threats and monitor user activities in real-time, and make sure to continuously audit who is doing what in their IT systems.
Effective incident response
Following an incident, the simple question of ‘who did what’ is one of the most critical, but it’s also the most difficult to answer. Organisations want to determine the root cause as quickly as possible, to meet government and compliance regulations. This can often involve security teams analysing thousands of logs during an investigation, which is time and resource intensive. When an incident includes privileged account access, this can present even more of a challenge.
Privileged insiders and external attackers in control of hijacked credentials can easily cover their tracks by modifying or deleting log files, making it that much harder to determine the roots of the attack. It’s because of this that hijacking privileged accounts has become a popular method of attack for criminals.
What can banks do to manage privileged access incidents?
Firstly, financial organisations must have a proper access policy implemented, which should be based on the least privilege rule.They should also be able to detect potential insider threats at the earliest stages.
The best way to speed up the incident response process is to deploy a privileged access management (PAM) solution. These kinds of solutions can act as centralised authentication and access-control points in the IT environment, which in turn provides access control, session recording and auditing to prevent security breaches and speed up forensics investigations. Additional security that doesn’t burden users with more constraints can be achieved by deploying an agentless, transparent proxy technology. The data collected from the monitoring solution can be used to build detailed profiles of each privileged user to demonstrate baseline ‘normal’ behaviour and then privileged account analytics can be used to spot anomalies as they happen, which are then flagged to the security teams who can then tackle potential breaches as they occur.
What are the advantages of agentless, proxy technology?
Proxy technology works in the same way as a web proxy.When an HTTP(s) connection is initiated to a web server, the web proxy terminates it, checks the access rules if this connection is enabled for the user, and initiates a new connection to the web server. So, the client communicates with the proxy and the proxy communicates with the server, but both endpoints think that they are communicating with each other. Privileged session management tools do the same thing with the supported administrative protocols. The technology acts as a proxy between the privileged user’s workstation and the protected server. The transferred connections and traffic are then inspected on the application level, rejecting all traffic which violates the protocols. This proves a very effective deterrent against attacks.
Easing the limitations of SIEMs with PAM tools
Security Information and Event Management (SIEM) systems have become central to enterprise security management, in order to process and correlate alerts coming from various security systems. However, SIEM tools can be limiting, as they rely on being fed only by system log messages and they lack contextual information on privileged user activity. As privileged accounts are the main target for cyber criminals, financial organisations need to move towards collecting comprehensive data on privileged activities as a priority in order to finesse the incident response process.
Another issue presented by these tools is that they only look for threats that have already been identified and fall under their pre-configured rules. So, if an attacker were to use a new method of attack, the SIEM will be unable to detect it, as it is unaware that it even exists.
This can lead to analysts being so overwhelmed with security alerts generated by SIEMs that they can struggle to evaluate which alert should be analysed first. Even if they have a shortlist of alerts, they have limited time to investigate and decide if a red-flag alert is a false positive or indicates an actual incident.
Following a breach, Privileged Access Management (PAM) tools can help to increase incident management efficiency adding information sources which can detect and analyse privileged user threats. Rapid investigations and making quick, well-informed decisions present a challenge for organisations and require data in real-time to shed light on the context of a suspicious event. In these situations, an access management tool can provide risk-based scoring of alerts, fast search and easily digestible evidence. As cyber-attacks become the new reality for banks and financial organisations, coupled with the introduction of more stringent compliance requirements, banks must be better prepared to deal with incidents and recover quickly. Without relevant and reliable data recordings of individual user sessions, incident investigations can be expensive and in some cases, inconclusive.
By deploying advanced Privileged Access Management (PAM) solutions, organisations can collate and analyse information about privileged access. The ability to easily reconstruct and analyse user sessions reduces the time and costs of investigations. They also provide risk-based alerting, and searchable, easy-to-interpret records about user activities, so analysts can quickly find the root cause of a problem. All in all, a PAM tool provides a fast return to value in a specific challenge – investigation of incidents related to privileged accounts. They can be seamlessly integrated into SOC environments, making security operations more effective.
How does account high-jacking work?
Criminals steal the credentials of a privileged account employee, such as the system administrator and, acting as a legitimate user, gain potentially unlimited access to sensitive customer data and underlying infrastructure such as servers and databases. This makes it possible to steal data on an unparalleled scale, disrupt critical infrastructure and even install malware. As attacks usually unfold over a period of months, this allows intruders the time to perform reconnaissance, escalate privileges as well as covering their tracks and stealing data.
How robotic technology will disrupt the manufacturing industry
By Marga Hoek, author of The Trillion Dollar Shift
Robotics technology has the potential to disrupt industries across all sectors – but its impact on the manufacturing industry will be transformative. Not only can robots increase productivity, efficiency and profit margins but adopting this tech for good will be a key way for the manufacturing industry to transition to a more sustainable future.
Driving productivity & efficiency
Manufacturing processes are faster, more efficient, and more cost-effective when humans and robots work together. Studies show that idle time is reduced by 85% when people work collaboratively with a human-aware robot, rather than in an all-human team. Modern robotic automation is key to reshaping production processes to become more efficient and reliable. They deliver significant benefits for companies and investment is often recouped within just 18 months.
Robots in manufacturing can allow businesses to monitor the production lines from anywhere and pinpoint issues quickly, allowing for production to continue smoothly and efficiently, ensuring companies surpass consumers’ expectations of supply chain speed and reliability. Intelligent industrial service robots are an upcoming industrial tool that will amplify manufacturing capabilities and allow businesses to safely operate faster, in places humans could never go, and with cognitive and physical capabilities not yet imagined.
Transitioning to a sustainable future
Robots are a vital way to reduce pollution and emissions from manufacturing operations. For starters, they reduce our reliance on larger vehicles and machines that are harmful to the planet. Robots’ ability to be extremely accurate and minimize errors is also hugely important in sustainability efforts to reduce waste. Robots also aid businesses in their energy-saving process because they do not require as much energy to operate as humans do. Where humans need facilities with sufficient lighting and heat, robots can work under cold and dark conditions. This drastically reduces the amount of energy used in the manufacturing production process. It is estimated that for every 1C reduced in factory heat levels, there is a potential saving of up to 8%. In addition, up to 20% of energy savings can be reached if the plant turns off any unnecessary lighting.
Case Study: GE
Tech giant GE is a brilliant example of how robotics technology can both boost the bottom line and sustainability.
GE is at the forefront of robotics manufacturing technology. Their value proposition is tightly tied to productivity in field service and manufacturing and offers potential cost savings within operations. While delivering industrial-grade service robotic systems that enable automation, productivity and safety for GE and its customers, the company works closely with GE business units, GE customers and strategic partners across the globe to envision, shape and build intelligent robotic technologies from idea to commercialization.
GE’s recent $125 million investment project at its Decatur refrigerator plant boosted production capacity, added new “smart” technology and increased the site’s workforce. This includes auto guided vehicles, or AGVs, that move materials through the assembly process and more than 50 robots that perform heavy lifting operations and repetitive tasks.
The expansion project, announced in June 2018, allowed GE Appliances to increase production to meet growing demand for its freezer-refrigerators, which are top-rated in the industry for both quality and reliability. The expansion created 255 jobs, bringing total employment at the plant to 1,300. The project boosts production capacity by 25 % and ensures early compliance with 2022 refrigerant changes, making the Alabama plant a super site for GE. GE Appliances said Industry 4.0 technology additions at the Decatur facility include data visualization, 3-D scanning, rapid prototyping and other smart automation that provides the operations team with real-time data to make better and faster decisions.
Achieving the UN’s Sustainable Development Goals
Utilizing robotics technology within the manufacturing industry can help to meet the UN’s 17 Sustainable Development Goals (SDG) for a healthier planet, to be met by 2030:
SDG 3 – Good Health & Wellbeing: Collaborating with people, service robots work with shoulder-to-shoulder and over long distances, to fulfil dull, dirty and dangerous work.
SDG 8 – Decent Work & Economic Growth: Presenting new growth opportunities for businesses and creating new jobs at manufacturing plants
SDG 9 – Industry, Innovation & Infrastructure: Manufacturing value proposition of robotics ties tightly to productivity and brings potential cost savings into those operations.
SDG 12 – Responsible Production & Consumption: Providing a new and rich data source for companies to produce products responsibly
Marga Hoek is a global thought-leader on sustainable business, international speaker and the author of The Trillion Dollar Shift, a new book revealing the business opportunities provided by the UN’s Sustainable Development Goals. The Trillion Dollar Shift is published by Routledge, in hardback and e-book. For more information go to www.margahoek.com
RPA, the software robots that finance and banking professionals need to hear about.
By Rory Gray, Vice President of Sales at leading software automation firm, UiPath, explains what role Robotic Process Automation (RPA) can play in improving the efficiency of finance and banking departments.
Pre-coronavirus, the finance and banking industries were already facing a myriad of challenges. Now, this myriad is quickly becoming ever more complicated. There is increasing pressure to react to declining business health, be flexible to changing customer behaviour and to adapt to evolving workforce dynamics.
Unfortunately, for these teams, improving agility is easier said than done. Many processes involve legacy systems, paper-based documents and unstructured data. These processes are time-consuming and mundane, leaving finance and banking professionals hard-pressed to fit in client-centric and strategic work.
Take processing invoices. The way it’s done hasn’t changed for years in many organisations. It often involves a member or members of the finance team receiving the invoice by mail or email, approving it manually, printing, signing and submitting it to Accounts Payable. An AP Clerk then has to pick it up, read it, verify the approvals, extract the data and input it into to the accounting package. This all takes time and costs money. What’s more, it’s dull and prone to errors. People don’t want to spend their days doing it.
Imagine if processes such as invoicing, but also loan processing, credit card disputes and many more, could be automated. Finance and banking teams would spend much less time copying, pasting and printing and could refocus on business health and transformation.
RPA is the key to finding more time in the day
Robotic Process Automation or RPA, is software that can work just like a human. It can use AI capabilities to read and interpret data from both physical and digital documents. It can extract the necessary information and it can transfer this to multiple IT applications. It’s a software robot – or digital assistant.
For finance and banking professionals, RPA could help them break free from the time constraints caused by inefficient and complex legacy operations by passing rule-based repetitive tasks to software robots. This saves time and money – and allows people to focus on the tasks that can make a difference to the business.
RPA can help carry the burden of compliance
With data extracted, processed and formatted by software robots, employees will also no longer have to carry the full and heavy burden of compliance.
However accurate we aim to be, the reality is that processing data is always open to mistakes. This is exacerbated by ever shifting market regulations. Software robots, however, are programmed by finance and banking professionals to strictly follow the same steps every time and thus do not fall victim to the same blunders as all humans inevitably do.
Of course, many regulatory compliance functions will often need to involve some human validation or decision making. While the robots work around the clock without fatigue to complete tasks, professionals can still intervene if there is an inaccuracy that requires the personal touch or a loop in the workflow where a decision is needed. Therefore, time-consuming compliance tasks can be passed to software robots, but humans ultimately remain in control.
This in turn provides better risk management and compliance, higher accuracy, better cycle times and improved throughput.
RPA in practice
This may all sound very futuristic, but in practice, many firms are already using RPA to free up employee time, improve compliance and save money.
For example, a leading smart infrastructure solutions firm we work with has created a software robot affectionately named Archie, which has taken over the responsibility for processing all invoices.
Pre-Covid, the 400,000 invoices received by the firm each year were dealt with manually. With Archie this is now fully automated freeing up on average 11 minutes per invoice of time which employees can now use to focus on value-adding activities. It also means that no employee needs to come into the office to process the invoice, nor does any paper need to be passed around the team. Thus helping to keep the workforce safe.
With all this extra time, finance and banking departments can focus on adapting to and thriving in the current crisis. Moving away from data processing and towards advisory roles where they can best use their strategic skills.
Consequently, businesses will benefit during the pandemic and beyond and employees could see their roles shifting away from the mundane and towards tasks that keep them on their toes. A rare win-win in a difficult time.
WeWALK joins Microsoft’s AI for Accessibility Programme Using artificial intelligence to change the lives of the visually impaired
WeWALK, the smart cane designed for people who are blind or with low vision which is now in use across 37 markets, has joined Microsoft’s AI for Accessibility programme to accelerate WeWALK’s capability by developing and validating a human behaviour model for visually impaired users and creating a Voice Assistant designed for the visually impaired, providing the right mobility information when needed and allowing for even greater control of the WeWALK mobility experience.
Microsoft’s AI for Accessibility $25 million 5-year programme is aimed at harnessing the power of AI to amplify human capability for the more than one billion people around the world with disabilities. Through grants, technology, and AI expertise, the program aims to accelerate the development of accessible and intelligent AI solutions and build on recent advancements in Microsoft Cognitive Services to help developers create intelligent apps that can see, hear, speak, understand and interpret people’s needs.
WeWALK’s new Voice Assistant will be released later in 2020 and will have immediate usability benefits, improving the user’s confidence as they mobilise. The assistant will be built on clearly derived requirements and natural usage patterns and the challenge that WeWALK is seeking to overcome is to make the assistant truly ‘smart’ and dynamic, where it will effectively categorize and deliver on the user’s commands in a host of different environments.
WeWALK’s human behaviour model is due for release in 2021 and is of significant importance as currently there are no accurate models for how a person who is blind moves and how their mobility holistically evolves, especially after receiving orientation and mobility training. As a result, healthcare, government, and mobility trainers cannot effectively track how a person who is blind mobilizes and whether or not intervention has had benefit. By using WeWALK’s built-in IMU (inertial measurement unit) sensors, including the gyroscope, accelerometer, and compass, as well as data collected from a connected smartphone, the model can be implemented and expanded organically through daily usage. The first stage will be rigorous data collection and user testing, followed by data manipulation and classification to ensure that optimum reliability and system usability can be achieved.
Commenting upon WeWALK’s entry into the program Jean Marc Feghali, R&D Lead at WeWALK. “By working on these two objectives, WeWALK can set the standard for visually impaired mobility for both the individual user and the organisations that support them. We are now rigorously collecting mobility data with novel experimentation, validating our work by continuously engaging our users to ensure an exceptional product powered by Microsoft’s best. Being a part of the Microsoft family truly excites us, bringing us closer to mobility trainers, researchers, and the global visually impaired community.”
Mary Bellard, principal innovation architect lead at Microsoft adds “At Microsoft, we believe AI solutions built thoughtfully by and with the disability community have incredible potential to offer meaningful independence in people’s daily lives. That’s why we’re thrilled to support WeWALK on this important assistive tool that stands to empower the millions of people around the world who use a white cane.”
With the power of Microsoft AI, WeWALK’s impact will be wide-reaching explains Kürşat Ceylan, WeWALK’s co-founder & CPO “As a blind person from birth, I know that it is very important to get the right habits of using a cane from a young age. It is amazing to see how WeWALK can enhance this aspect of our lives with high tech, making training and orientation more effective. I believe that the smart cane will be a symbol for the fully independent journey people who are blind or with low vision.”
Selected as one of the best inventions of 2019 by TIME Magazine, WeWALK is a member of YGA Ventures, which is an ecosystem of impact entrepreneurs. The team envisions WeWALK as a platform for continuous and collaborative development, putting it at the forefront of cutting-edge assistive technologies. This is exemplified through WeWALK’s collaboration with Microsoft, where WeWALK participated in Microsoft’s 2019 AI for Good in the UK.
The WeWALK smart cane is currently available on the market and can be purchased on the company website www.wewalk.io. The free WeWALK mobile app which provides various features such as VIP friendly navigation and public transport tracking capabilities is also available for immediate download on both iOS and Android devices.
Reconnecting the retail brain: learning from the octopus
By John Malpass, Retail Consultancy Practice Lead at Teradata An octopus has nine brains: one for each tentacle and plus one at...
How robotic technology will disrupt the manufacturing industry
By Marga Hoek, author of The Trillion Dollar Shift Robotics technology has the potential to disrupt industries across all sectors...
RPA, the software robots that finance and banking professionals need to hear about.
By Rory Gray, Vice President of Sales at leading software automation firm, UiPath, explains what role Robotic Process Automation (RPA)...
The rise of nomadic work: how to turn your remote team into a creative force
By Paige Erickson, EMEA MD, Workfront During the first stage of the lockdown in the spring, almost half of Brits...
The value of digital identity in payments
By Vince Graziani, CEO, IDEX Biometrics ASA In ever more challenging times, the payments industry needs to maintain trust by...
Consumers in the COVID era can learn to embrace strong customer authentication
By Ed Whitehead, Signifyd managing director, EMEA The changes that COVID-19 has caused in rapid succession make it hard to...
How NatWest used social media to better target its communications
By DuBose Cole, Head of Strategy, VaynerMedia London For banks, it is imperative to reach their existing – and potential...
It’s time to press ‘reset’ on travel and expense processes
By Rudy Daniello, EVP of Corporations, Amadeus Travel & Expenses(T&E) is a large spend category for companies across the globe....
Covid-19 and the rise of remote payment fraud: how do we catch a digital thief?
By Evgenia Loginova, co-founder and co-CEO of Radar Payments Covid -19 is finding different ways to hurt our finances –...
Effective financial planning will secure businesses a certain future
By Simon Bittlestone, CEO of financial analytics company Metapraxis 2020 has been an unpredictable year, bringing further volatility to already...