Connect with us

Technology

Cyber-Security professionals must rethink their strategy of beating cyber-attacks

Cyber-Security professionals must rethink their strategy of beating cyber-attacks

By Alan Platt, COO, of CyberHive

A recent survey by the Bank of England revealed that cyber-attacks were the joint second most cited risk to the stability of the UK financial system.

The proportion of respondents that named cyber-attacks increased for the third consecutive survey to a new record high of 62 per cent – an increase of five per cent.

Furthermore, an increase of five per cent listed cyber-attack as the risk most challenging to manage, according to Bank of England – Systemic Risk Survey Results – 2018 H1¹

Against this background of increased threats to cybersecurity, and continually strengthening legislation concerning data security, it is no surprise that IT security has become a high priority for organisations.

Cyber threats have evolved to become more sophisticated, often originating from well-organised groups – state-sponsored or criminal networks – who target businesses or individuals connected to businesses for valuable information.

High cost of human errors

Alan Platt

Alan Platt

IT professionals in financial services often envisage their role in cyber-security as fortifying the defences against external attacks. The reality, though, is very different. Most cyber-attacks originate from human errors within an organisation, such as an employee opening a malware-laden phishing email, or as the result of some deceptive social engineering on the part of the attacker to infiltrate malicious code inside the defences.

Most standard cyber-defences, such as firewalls and penetration testing, serve to secure the systems from external attack. Anti-virus is used by most companies, but its effectiveness is minimal in the defence against the increasingly sophisticated and bespoke cyber-attacks that can go undetected for several months.

Security professionals need to change their mindset to counter these disastrous attacks. They need to carefully explore the options that can safeguard a company from damage caused by human error. They must be mindful of the reality that mistakes can – and will happen.

It is not a case of “if” a data breach will occur, but “when”. Companies would be well advised to shift the emphasis from defending against known external threats and instead focus on identifying attacks as quickly as possible once they happen – and taking swift action to foil them before they wreak havoc.

This need to act quickly to limit damage is borne out by key findings in a study published last year by IBM security and Ponemon Institute. In the 2017 Cost of Data Breach Study: United Kingdom² the Mean Time to Identify (MTTI) and Mean Time to Contain (MTTC) metrics were used to assess the effectiveness of an organisation’s incident response and containment processes. It took an average of 168 days to identify a data breach and 67 days to contain it. The previous year’s MTTI and MTTC figures were 178 and 72 days respectively.

Incident response plans important

The findings also emphasise the importance of being able to rapidly detect and contain an attack. New technologies are emerging that focus on detecting malware before it can do any damage. If the MTTI was less than 100 days, the average cost to identify the data breach was £1.98 million. However, if the MTTI was greater than 100 days, the average cost rose significantly to £2.97 million. If this MTTI were reduced to a few days, the costs of a cyber breach could be massively reduced.

Similarly, the study highlights the need to have an effective incident response plan in place. If the time it took to contain the breach was less than 30 days, the cost to contain the breach was £2.24 million. If it took 30 days or longer to contain the breach, the cost soared to £2.71 million. The longer it takes to detect, respond and contain a breach must become a critical priority for every CISO and board.The rising costs of data breaches are extremely detrimental and only set to increase with GDPR legislation in place, let alone the reputational damage that can be suffered as customers begin to lose trust in a firm that can’t protect their assets.

Cyber-crime is recognised as a serious threat in the financial services industry and the UK Financial Conduct Authority (FCA) warns that firms should be vigilant to this threat, able to defend themselves effectively, and respond proportionately to cyber events.

Perils of bad data management

One of the chief threats to the sector comes from poor approaches to data management in notoriously disjoined IT systems or inadequately managing their defences when outsourcing data storage.

The importance of the guidance given by the FCA can easily be seen in perspective when we consider the disastrous impact of recent cyber-attacks at large well-known companies.

In June the data breach at Dixons Carphone served as a serious wake-up call to improve cyber security across the world for organisations holding data on EU citizens. The reality is that Dixons Carphone showed it was unable to secure the card details of 5.9 million customers, who became victims of “unauthorised access”. The breach, which also involved the personal data of 1.2 million customers, was serious enough for cybersecurity chiefs at GCHQ to launch an investigation.

An Equifax security breach revealed last October, is understood to have affected around 700,000 UK-based customers and many more in the US. Stolen information included email addresses, passwords, usernames and partial card details linked to membership data, as well as driving licence and phone numbers.

Financial organisations must assume they are going to be breached, they are being targeted on a daily basis and the sophistication levels of hackers continues to rise. It’s absolutely critical that banks and financial service businesses know about the breach in a matter of minutes or hours, not days. They can then mitigate the risk and avoid further damage to their systems or avoid data loss.

Sources:

¹ https://www.bankofengland.co.uk/systemic-risk-survey/2018/2018-h1

² 2017 Cost of Data Breach Study: United Kingdom by IBM Security and Ponemon Institute (June 2017).

Technology

Survey of IT decision makers exposes the increased pressures IT organisations face amidst covid-19

Survey of IT decision makers exposes the increased pressures IT organisations face amidst covid-19 36

Independent Survey Uncovers the Limitations Traditional IT Infrastructure Imposes, Exacerbated by a Remote Workforce

Nebulon, Inc.®, the pioneer of Cloud-Defined Storage, released today the results of an independent survey completed by IT decision makers at 500 companies in the IT, financial services, manufacturing, retail, distribution and transport industries across the UK, US, Germany and France. Conducted in June of this year, the survey exposes the biggest challenges enterprises face in transforming their on-premises application storage environments, which have only been exacerbated during this COVID-19 era. While IT organisations cite multiple restrictions, the survey reveals limited infrastructure automation and high CAPEX as the most significant challenges for those deploying enterprise storage array technology, forcing them to re-examine IT spending and operations even more so than usual amidst the pandemic.

While increasing automation and reducing costs may seem like mainstream initiatives for any large organisation, the pandemic and resulting workforce restrictions mandate significant progress in days or weeks, versus months or quarters. The results of the survey, undertaken by Vanson Bourne, further reinforce this as respondents also highlighted their on-premises application storage environments are difficult to maintain, and reveal that they lacked the in-house expertise necessary to manage them. Even more disconcerting, respondents indicate that their traditional external storage arrays are not suited to handle new workloads, including containers and NoSQL databases. This is unsurprising as modern workloads have been architected for local versus shared storage resources.

British IT decision makers specifically ranked “expensive” highest, with 57% making this one of their top three challenges, followed by “time consuming to maintain” (50%) and “difficult to automate at scale” (49%). Respondents from smaller organisations (1,000-2,999 employees) were more likely to mark “lack of in-house expertise” highly compared to larger organisations (3,000+employees) (59% compared to 31%) while these larger companies were more likely to consider cost a top challenge (61% compared to 35%).

“The impact of the pandemic is forcing CIOs worldwide to reconsider their operations,” said Siamak Nazari, Co-Founder and CEO of Nebulon, Inc. “Reducing costs through server-based storage alternatives without the restrictions of hyperconverged infrastructure, and reducing operating cost pressure through cloud-based management of the application storage infrastructure are crucial initiatives for IT organisations looking to survive this new normal.”

For companies with a growing class of mission-critical data that cannot or should not move to the public cloud, Cloud-Defined Storage is an alternative to expensive storage arrays, offering enterprises a cloud-managed, server-based approach for mission-critical storage. By combining a cloud-based control plane, called Nebulon ON, with server-based storage that is powered by the Nebulon Services Processing Unit (SPU), Nebulon enables organisations to reduce cost for enterprise storage by up to half without compromising on enterprise data services. This is made possible by Nebulon’s unique architecture that makes use of commodity SSDs in industry standard servers, Ethernet in favour of Fibre Channel, and by eliminating operational complexities by moving management to Nebulon ON with an as-a-service model.

Nebulon ON uses AI to analyse application workloads during operations, provides actionable recommendations for IT organisations and provides a single API endpoint that greatly streamlines automation at-scale. Customisable application templates, tailored for customer’s application clusters, eliminate the guesswork in configuring infrastructure and produce repeatable, reliable infrastructure services for modern, mission-critical workloads. With the architectural and operational simplicity of Cloud-Defined Storage, application owners gain a self-service infrastructure provisioning that is unmatched with existing on-premises storage solutions.

“IT organisations have been seeking a cost-effective alternative to external storage arrays for years,” said Nazari. “With our Cloud-Defined Storage offering, they finally have the opportunity to reduce costs while also deploying a self-service solution for application owners that also reduces the operational burden.”

Continue Reading

Technology

Are you ‘prescribing’ the right security solution to your merchants?

Are you ‘prescribing’ the right security solution to your merchants? 37

By Sandra Higgins, Chief Marketing Officer at Sysnet Global Solutions, draws parallels between taking multivitamins for the body to keeping small businesses ‘healthy’ using an all-in-one security solution

When it comes to leading a healthy lifestyle, eating the right food, taking regular exercise, and maintaining a positive mindset are key. However, despite these best intentions and practices, you still might not get all the nutrients your body needs to ensure it is working as effectively as possible. To combat this, a doctor might suggest taking a daily multivitamin as an insurance policy, to guarantee the body gets all the minerals and vitamins it needs, avoiding any shortfalls. Makes sense, right?

This same logic can be applied to businesses and the importance of cybersecurity and compliance solutions, especially in the current climate and the risks associated with remote working. Like a doctor prescribing a multivitamin to help their patients’ minds and bodies function effectively, in the same way, acquirers can offer security ‘prescriptions’ to help merchants keep on top of business health. The prescription is then deployed by a security software provider, much like a pharmacy would, dispensing the multivitamin of data security services and tools to help keep businesses in good health.

Just what the doctor ordered

With a wide variety of data security and compliance solutions available, like the streams of vitamins you see on pharmacy shelves, smaller businesses can often become overwhelmed by the sheer volume of available tools and may forego sourcing their business ‘medication’ altogether.

Taking the stress out of trying to understand what the business needs, it’s an acquirer’s responsibility to prescribe one solution that allows merchants to stay security fit and prevents them from becoming overwhelmed at the choice available. That way, merchants don’t end up buying the wrong solutions or supplementary add-ons at additional cost, that they don’t actually need.

The benefits of an all-in-one solution

Like with medicine, merchants need to know the long-term benefits of prescriptions before administering it, and with an all-in-one solution, the benefits are vast. In addition to easy compliance with payments standards such as PCI DSS and access to security tools that are appropriate to business set-up, other benefits of all-in-one security solutions include;

  1. Increased energy levels. With business security taken care of, business owners will have more time to focus on what matters, giving them more energy to run other areas of the business.
  2. Reduced fatigue. If a business has to work hard to manage its security levels, or its owner is losing sleep over not managing it at all, resulting in overdrive just to perform simple tasks, being compliant with regulations, like the PCI DSS standard, becomes much harder.
  3. Long-term healthy lifestyle. By taking an all-in-one security solution, businesses will become ‘compliance and security fit’. Everything will run more efficiently, without security issues slowing things down and preventing a business from moving forward.
  4. Improved mood. Certain studies have shown that a daily multivitamin has positive effects on a person’s mood and emotional well-being. Not having to think so much about security and compliance lifts a burden and has the same effect – business owner don’t feel guilty about not paying it enough attention and there’s no need to worry about breaches or facing fees from not being PCI compliant.
  5. Reduced stress and anxiety. Similar to having an improved mood, by simply attending to security matters, businesses will have one less thing to worry about.

Strength in numbers

Not only is there a multitude of long-term benefits attached to having a fully managed data security solution prescribed by acquirers, allowing businesses to be faster, simpler and more profitable, it also means that costs are kept low. Many people buy vitamins in bulk to help share the cost with family or close friends. By buying security tools at scale, costs are kept down for merchants. This means that when a business is weighing up their budgets, they can be sure their compliance and security cost is entirely affordable.

When buying a multivitamin, customers will likely buy from a reputable brand so that you can rely on the quality and effectiveness of the daily dose, as reputable multivitamin providers undergo meticulous analysis and rigorous quality controls during the manufacturing process. In the same vein, humans wouldn’t want a substandard multivitamin for their own body, so businesses wouldn’t expect this from an acquirer’s prescription.

Easy to consume

Multivitamins can provide patients with numerous health benefits but the biggest benefit of all is having these solutions in one place. It makes it easier to ensure the body gets all it needs to stay healthy. It is the same thing for businesses. Taking a security ‘multivitamin’ will greatly take the stress out of addressing compliance and security, and provide a business with more time to focus on other pressing tasks.  If small businesses, in particular, can get into the habit of taking a regular multivitamin, a straightforward all-in-one solution, to address compliance and security at their business, they will be more open to trying other things too that may lead to an evolution of the business.

Continue Reading

Technology

Legal spend management technology: enabling finance and legal to reduce costs together

Legal spend management technology: enabling finance and legal to reduce costs together 38

By Timo Tscherig, Head of Customer Success at BusyLamp, a legal operations software provider.

CFOs are always under pressure to reduce costs, increase revenue and forecast accurately for the future. They can be forgiven for treating legal as a cost centre: a recent survey of chief legal officers by the Association of Corporate Counsel (ACC) found that one-third anticipate outsourcing more work to law firms next year. Outsourcing legal work is unavoidable and therefore one of the biggest potential expenses of any legal team.

There are three main ways legal can reduce costs when it comes to outsourcing: catching erroneous billing from law firms; improving efficiency and therefore reducing how much work is outsourced; and making data-driven decisions on which work to outsource to whom.

The same survey also found that CLOs are implementing new technologies to improve efficiency, and that more than half either plan to adopt a new technological solution or have done so recently. As outsourcing legal work is a necessity, a legal spend management technology solution that provides the ability to use granular spend data to drive more value from firms could be just one way in which legal and finance can reduce costs together. So what is it that holds finance and legal departments back from working together?

The case for a legal-specific solution

Many finance departments do not understand why legal can’t use the enterprise accounts payable (AP) system, but legal invoices are more detailed than other departments’ invoices and the way legal work is procured often differs too. In order to fully understand expenditure and therefore reduce costs in a strategic manner, corporate legal departments need to capture granular information – including detailed breakdowns of timelines, timekeepers and expenses coded against tasks, activities and expenses – than an AP system can manage.

A typical legal team will receive thousands of invoices a year. Because of their granularity, reviewing these invoices manually is time-consuming and prone to error. Different billing guidelines – what firms can and cannot invoice for – exist for different firms. Trying to remember and accurately apply these rules when manually reviewing invoices is a daunting task and mistakes, and therefore over-spend, will slip through the net. AP systems cannot manage these billing guidelines either and there are many other limitations. The answer, then, is to implement a technology that bridges the gap between legal and finance and enables each to work together.

The benefits of legal spend management technology

With the increased pressure on legal departments to improve efficiency and control costs, modern legal spend management solutions are a sensible option as they quickly generate savings that exceed the initial investment.

Legal spend management is the practice of controlling outside counsel spend such as the costs of using external law firms. Management of outside counsel spend involves having visibility of spend, identifying and actioning cost-reduction opportunities, and budgeting future spend. The level of detail provided by a legal spend management solution adds value to legal and finance, allowing legal departments to identify cost-saving measures both in the immediate term and by making use of data-driven strategies for the future. Most legal spend management systems integrate with the enterprise AP system, giving both finance and legal teams the information they need so they can work together smoothly and transparently.

This visibility of spend is especially useful in those situations where it’s not the legal team mandating the law firm. In some companies, business units can mandate firms directly, which is where a centralised legal spend management system can help provide company-wide reporting on total legal spend. This centralisation can also help the company negotiate volume discounts with the firm.

Using legal spend management to reduce costs

Legal spend management software can reduce costs for legal departments by automating invoice review and enforcing legal billing guidelines (rules such as caps on hours, total spend, expenses, overtime or staffing) through e-billing: the core feature of legal spend management solutions. By automating invoice review and guideline compliance with e-billing software, an in-house legal department can save 5% of external legal spend in year one, and 2.5% in subsequent years. It also offers real-time cost transparency, visibility and consistency of how legal bills, matter information and budgets are input, processed and centrally stored. This increased transparency makes budgeting easier and reduces unexpected costs.

As with many software tools, legal spend management dramatically improves efficiency and accuracy. With e-billing, information is automatically processed digitally and centrally with no need for manual sorting and organising. This saves a huge amount of administration time spent doing tasks which carry the risk of significant manual errors, and even makes some tasks, such as data entry, scanning and filing, redundant. With counsel no longer doing these admin tasks, they have more time to do legal work, which can reduce the volume of work being done by firms.

Having real-time, secure, accurate and consistent centralised data saves a lot of time accessing and reporting on documents, legal matters and financials. Custom reports required by the business can be scheduled for automatic creation and delivered to stakeholders in legal, finance, or elsewhere by email.

Over time, the use of legal spend management creates a database of all historic matters and their associated spend, broken down into UTBMS and LEDES codes – an industry standard for coding legal work to a fine level of detail. There will always be a need for expert legal advice from specialist firms and it’s worth paying for it on business critical matters. However, analytics can be used to gain insights into legal spend and inform data-driven decision making by using UTBMS-level codes to compare costs, savings, spending trends and budget-to-actuals across law firms, matter types, practice areas, task codes, jurisdictions, timekeeper seniority, and more. This allows the department to decide where savings can be made, but also where investment is necessary. The goal is to get more value and efficiency, rather than reducing costs for the sake of it.

Modern legal spend management solutions also include tools beyond e-billing and reporting that enable the entire lifecycle of legal work to be completed in a single system. One such feature enables counsel to submit request for proposals (RFPs) and cost estimates to law firms. Pre-structuring the requests in a consistent format ensures a fair and easily comparable response. Proposals are more likely to be competitively priced, as firms know they are competing for the work. Unlike enterprise procurement systems, these estimates also comply with the legal-standard coding that enables a more detailed evaluation of the proposal. Using data from responses and estimates can empower a legal department to make more informed resourcing and budgeting decisions faster. Throughout the course of the matter, law firms can submit Work in Progress (WIP), work completed that has not yet been billed. Unlike accruals, in a legal spend management system this is submitted with the same line item coding as the invoice itself. This gives both legal and finance visibility of upcoming invoices at a granular level and also allows invoices to be pre-approved. At the end of the legal matter, counsel can score the firm within the system and other lawyers can reference this qualitative data when mandating or negotiating with firms in the future.

Providing data to the finance department

Presenting legal spend data in a clear, concise way that gets the message across is a challenge, as different stakeholders will often want the same data presented in different formats. A legal spend management system automates invoice review so data is inputted consistently and has robust reporting tools for all stakeholder needs.

Legal spend management software empowers the legal department to make their own decisions around cost control, without blindly cutting budget in a way that may be detrimental to the business. At the same time, finance has access to the higher-level figures and KPIs that they need either through the legal spend management solution or a seamless integration between that and the AP system.

Timo Tscherig

Timo Tscherig

In order to deliver greater financial benefits to the business, finance and legal departments can put in place Key Performance Indicators (KPIs). These KPIs can be presented in a dashboard within the system, or sent by email to stakeholders on a regular basis.

KPIs worth considering include:

  • Total cost of services (inside and outside)
  • Legal spend as percentage of revenue
  • Budget-to-actual total spend comparison (e.g., percent handled within budget)
  • Outside expense versus in-house
  • In-house lawyers versus revenue
  • Cost per matter
  • Cost per lawyer
  • Spend after implementing e-billing compared to spend without.

Having one source of truth ensures all relevant data is held in one place. It means higher data quality, with more data available for better analysis and more reliable reports. There is greater transparency and all the information is readily available for the finance department.

Finance and legal: working together

With the increased pressure on legal departments to improve efficiency and control costs, legal spend management software quickly generates savings that pay for the investment so is a popular software purchase for legal operations managers. The benefits of legal spend management software are directly related to reducing costs so it’s easy to prove return on investment quickly.

The best way to improve legal operations to benefit the wider business is by eliminating cost surprises, wherever possible. Given the open-ended, unpredictable and sometimes urgent nature of many legal matters, it’s unrealistic to expect that everything can be accurately forecast. But steps can be taken to minimise the variables, improve the value, and help control overall spend, including some measures available through legal e-billing.

With a legal spend management software solution in place, legal departments and finance departments no longer need to be at loggerheads. In fact, the transparency between the two can only be of benefit to the business. Legal spend management improves reporting and forecasting, helps teams make smarter and more cost-effective outsourcing decisions, provides greater spend visibility as well as facilitating the negotiation of volume discounts, highlights and reduces errors such as overcharging by outside law firms and minimises risk such as exposure or gaps in legal counsel. By working more closely together, both departments not only support each other but also bring greater financial benefits to the business. In anyone’s book, but especially in that of the CFO looking to deliver cost savings across the business, that’s a win-win.

Continue Reading

Latest Articles

Contis enters RBS Capability and Innovation Fund bid seeking £35 million for disruptive SME growth strategy   39 Contis enters RBS Capability and Innovation Fund bid seeking £35 million for disruptive SME growth strategy   40
Business2 hours ago

Contis enters RBS Capability and Innovation Fund bid seeking £35 million for disruptive SME growth strategy  

Leading payments provider, Contis, has applied for two grants from the RBS & BCR Alternative Remedies Package, totalling £35 million.   Unlike most applicants who...

Four years of digital transformation in four weeks: UK lockdown puts pressure on brands to digitally deliver 41 Four years of digital transformation in four weeks: UK lockdown puts pressure on brands to digitally deliver 42
Business2 hours ago

Four years of digital transformation in four weeks: UK lockdown puts pressure on brands to digitally deliver

Nearly a third (32%) of consumers would switch providers if a brand’s website is unavailable for more than 24 hours...

Demonstrating the value of collaborative leadership during crises 43 Demonstrating the value of collaborative leadership during crises 44
Business1 day ago

Demonstrating the value of collaborative leadership during crises

By Jean Stephens, CEO, RSM International In 2000, a leading expert in behavioural science, Daniel Goleman, outlined the six key...

Empowerment Accelerates Continuous Improvement 45 Empowerment Accelerates Continuous Improvement 46
Business1 day ago

Empowerment Accelerates Continuous Improvement

By Larry Sternberg, JD, Fellow, Talent Plus, Inc. Empowerment First, let me clarify how I am using the word “empowerment”...

What is loneliness and how can you manage it? 47 What is loneliness and how can you manage it? 48
Top Stories1 day ago

What is loneliness and how can you manage it?

By Iris Schaden Your Business and Personal Coach A mere century ago, almost no one lived alone. Today, many do...

How banks can build digital transformation into business continuity 49 How banks can build digital transformation into business continuity 50
Business1 day ago

How banks can build digital transformation into business continuity

By Andrew Warren, Head of Banking & Financial Services, UK&I, Cognizant Businesses around the world are falling victim to the...

Akerton Partners 51 Akerton Partners 52
Finance1 day ago

Akerton Partners

Akerton Partners S.L. is a Spanish independent mid-market corporate finance advisor founded over a decade ago, in 2008, amid a...

Looking to the future, virtual (or online) businesses will prove more profitable 53 Looking to the future, virtual (or online) businesses will prove more profitable 54
Business1 day ago

Looking to the future, virtual (or online) businesses will prove more profitable

By Richard Fletcher Magic Sauce Marketing Business owners of all types have had to make some major adjustments this year. With...

Digital marketing: Chasing the golden marketing mix in a fintech 55 Digital marketing: Chasing the golden marketing mix in a fintech 56
Business1 day ago

Digital marketing: Chasing the golden marketing mix in a fintech

By Dmitry Ryzhkov, CMO at Aximetria GmbH When thinking of online or digital marketing, we can define two major points...

It’s all relative: Older generations feel helping out the family financially is more important since the Covid-19 outbreak 57 It’s all relative: Older generations feel helping out the family financially is more important since the Covid-19 outbreak 58
Banking1 day ago

It’s all relative: Older generations feel helping out the family financially is more important since the Covid-19 outbreak

Before Covid, 23% of people prioritised helping younger generations out financially, that increased to a third as a result of...