By Tony Pepper, CEO of Egress
It’s no secret that the Covid-19 pandemic has created a perfect storm of cybersecurity risk. External threats are heightened, but there’s also a higher level of internal risk too, exacerbated by home working. With most financial services organisations planning to continue with mass remote working for the foreseeable future, it’s important for security teams to review their strategy and assess whether it still works in this new landscape. When it comes to insider threat, there are three key areas that IT leaders should focus on: building a positive culture around security, understanding their organisation’s level of risk and protecting their people.
- Build a security-positive culture
Many organisations have unknowingly instilled a security-negative culture among their employees, where people are punished or shamed if they cause a security incident. While they might think that this would discourage employees from causing data breaches for fear of repercussions, this actually makes your organisation less secure. Our Outbound Email Security Report found that 62% of organisations rely on their people to report email data breach incidents – and if employees are too afraid to come forward, that means your business is at risk of developing a security blind spot.
A security negative culture won’t actually prevent data breaches caused by human error, something which organisations need to recognize as largely unavoidable without technological intervention; it just delays remediation, which makes every incident worse. By creating a security-positive culture, you can better engage and educate employees, as well as ensure you’re able to rapidly triage any incidents if they occur.
- Understand your risk
When mapping out your risk, you’ll likely find that the picture looks very different to how it did even a year ago. In the past, organisations have focused on their networks and their devices when it came to security strategy. While these are vital areas for consideration, what hasn’t been as well-addressed to date is the human aspect of risk, particularly human error. You need to look closely at the tools that your employees are using daily to facilitate digital communication with clients and colleagues, including when sending sensitive information.
Employees are specifically using email more than ever before – our recent research found that 94% of organisations are sending more emails due to Covid-19, with one-in-two IT leaders reporting an increase of more than 50%. With this expansion of email volumes comes an increase in the risk that an email containing sensitive data might be misdirected. Remote working has also heightened the threat – our research found that 35% of organisations’ serious email data breaches were caused by remote working. Why? The causes lie in their behavior and the environments in which they operate. Some individuals may feel they’re able to take more risks away from the “watchful eyes” of their Security team, and every employee is faced with a myriad of distractions that make them more likely to make a mistake.
It’s time for organisations to take stock of their risk by looking at where gaps in their security might exist – and provide safety nets for their employees that can automatically detect and mitigate inadvertent data breaches and risky behaviour.
- Protect your people
It goes without saying that not all data breaches are caused by malicious activity. An overwhelming amount of data breaches are caused by hardworking employees making honest mistakes, from sending an email to the wrong person to responding to a phishing attack. Unfortunately, human error is an unavoidable part of life, and mistakes will happen. In the past, many organisations have taken the approach that employee error can be ‘trained away’, embarking on comprehensive security training programs in the hope that security incidents might decrease.
Unfortunately, if that were the case, then employee activated data breaches would be a thing of the past! Organisations need to employ a multifaceted approach when it comes to avoiding accidental insider data breaches – education and training remain an important element, but ultimately businesses need to implement the right technology to provide a safety net for their people. Many organisations have legacy DLP solutions in place that cannot mitigate the risk as they fail to fully understand employees’ behaviour.
Often, these tools stand in the way of productivity, prompting users even when there isn’t a legitimate risk. When click fatigue sets in, these solutions become ineffective, with users ignoring prompts whenever they appear. Luckily, advances in machine learning mean that there’s technology available to prevent insider data breaches such as misdirected email, by deeply understanding the way that users behave and the context in which they share data, to ensure emails are sent to the right recipients with the right level of security.
The vast majority of organizations will never go back to every employee working full time within the office environment, instead post-pandemic we will see a myriad of different approaches – with some based in the office, while others work at home part or full-time, and as the world opens up again, their locations may change throughout the day. To mitigate risks from inadvertent errors to intentional data exfiltration, CISOs must address their security culture and protect their human layer with intelligent controls that mitigate employees’ behaviors and stop breaches before they happen.
Sumitomo Life Insurance Selects Talend to Build Company’s Data Infrastructure
Leading life insurer uses Talend in data lake environment for data analytics
Talend (NASDAQ: TLND), a global leader in data integration and data integrity, announced today that Sumitomo Life Insurance Company, one of the Japan’s leading life insurance companies, has selected Talend Data Fabric for its data analytics infrastructure.
Sumitomo Life aims to become the most trusted and supported company by its stakeholders, including its customers, and to grow sustainably and stably. Sumitomo Life’s vision is to offer advanced products to enable customers to live vigorously. To respond to that, the company is developing and delivering cutting-edge products that respond to its customers’ current and expected futures needs in areas focusing on nursing care, medical insurance and retirement planning.
“With the trust from our customers as the starting point of all our activities, Sumitomo Life is providing optimal life insurance services to every person through the sound management of the insurance business,” said Mr. Masakazu Ohta, General Manager in Charge of Information System Department at Sumitomo Life. “As a new approach, it was necessary to build a common foundation for big data management, and Talend is the driver. Talend’s superiority in cloud implementation, development productivity, features, and licensing model convinced us to be part of this journey together.”
To meet the needs of its customers and offer them innovative products and services, Sumitomo Life has decided to build a foundation for data analysis (Sumisei Data Platform) in the cloud for the promotion of new insurance products. The company evolved its legacy data environment to the new environment where they can store the data extracted from various systems both on-premises and effectively in the cloud.
In order to meet the needs of each individual customer and provide the best insurance for them, Sumitomo Life uses Talend Data Fabric as the hub of its data infrastructure. This manages data across the organization and integrates data into a data lake, which makes them able to utilize data across the company.
“We have been able to release projects with the continuous support of Talend, even amid the changing business environment in the Covid-19 crisis. We will continue to collaborate with Talend in order to actively promote company-wide data analysis projects,” added Mr. Ohta.
“The insurance market is one of the most competitive sectors. By facing tight regulations and complex customer needs, companies must be at the forefront of innovation to offer even more services and new products to its customers,” said Kenji Tsunoda, Country Manager Japan, at Talend. “Talend helped Sumitomo Life reinvent its data-driven infrastructure to provide a data management platform that enables the development of advanced products for its customers. We are delighted to support Sumitomo Life in the pursuit of their vision.”
Five payment tech trends for 2021
By Roy Aston, Chief Information Officer, Paysafe
2020 saw the rapid acceleration of companies’ digital transformation plans due to the COVID-19 pandemic. Businesses being unexpectedly forced into a situation of remote working environments, coupled with rapidly changing consumer habits and an increased reliance on digital solutions, have contributed to a need to increase the speed of their tech upgrades.
But what does that mean in practice? Here are five trends we expect to be at the forefront of payments technology innovation in the next 12 months.
Further migration to distributed cloud
A key area of focus for payments businesses will inevitably be on creating even easier ways for customers to consume payment services, including how to develop and distribute some of the technology that will enable more frictionless payments. Allowing payment technology companies to focus on the innovation of products and solutions without having to worry about the underlying supporting infrastructure is important to ensure rapid scalability and resilient solutions. Operating now in a distributed cloud mode blurs the lines of ownership of the physical infrastructure further than has been seen before. This trend of cloud evolution will continue to enable payments companies to deliver solutions to merchants and consumers in a way that is highly flexible to meet the needs of the rapidly changing digital environment.
Expanded use cases for AI and deep learning
When thinking more specifically about those new capabilities distributed cloud will facilitate, the potential of Artificial Intelligence will become more significant. We are going to see trends come to the fore related to how companies think about analysing data, leveraging the immense power that comes from being able to tap into almost an infinite level of resources and processing capability. In payments that is going to be particularly prevalent around identifying consumer trends, mass personalisation, and without doubt fraud and Know Your Customer (KYC).
The concept of using technology to create digital identities, all the way from a retailer through the payments mechanism, will enable you to know the consumer more thoroughly using AI and deep learning technologies to assess all the data point we now have. The palette of data has become much richer now to enable better decision making.
A renewed focus on 5G
5G is going to create a level of connectivity and speed of data transmission that has never been possible outside of a physically connected world. That is also going to bring significant benefits in payments to areas that are not physically connected. For example, the ability to get data connectivity to remote areas of the world to enable people to set up businesses and to transact online is going to be a big growth area. Equally, the ability to deliver more immersive online experiences though remote devices will be transformational for the gaming industry. 5G is also going to enable companies to shift more data globally to enhance the power of AI even further.
The drive for greater remote working
Clearly many companies will not rush back to full time office-based working practices, but more progress needs to be made for a truly successful permanent, efficient transformation to regular remote working. This means not only how you think about enabling employees to work from home effectively generally, but also a specific focus on running operational and heavily interconnected teams in a distributed manner and coming together in a way that has not happened before.
New levels of security
Finally, these enhancements must be underpinned by new levels of security. COVID-19 has resulted in the need to think about a different dimension of security being pushed to its limits, for several reasons. The first is that, unfortunately, criminals tend to thrive in a crisis, and unprincipled fraudsters have used the pandemic as an opportunity to leverage it for their own gain. This is creating pressure on companies to step up and look at more tooling to combat the threat, and not only how we think about protecting the company but also colleagues and end users as well.
The second is another consequence of remote working. As employees are becoming more distributed, we don’t always know where people are going to be working from or what they are going to be connected to, which creates an additional challenge. As this looks set to be the status quo moving forward, it will be a key area of focus for payments companies in 2021.
Banking on automation: the future of cyber security for financial services
By Dave Henderson, founder, BlueFort Security
For cyber criminals banks are where the money is. A successful attack on a bank offers multiple avenues for profit through extortion, theft, and fraud. Given that many financial services firms are now largely perimeter-less businesses in the cloud, the cyber criminal’s playing field has expanded further and faster than many IT security teams can adequately defend.
Despite financial firms spending up to $3,000 per employee on cyber security to keep their networks protected, more often than not this fails. A recent study from Accenture and the Ponemon Institute “Unlocking the Value of Improved Cybersecurity Protection,” claims that the cost of cyberattacks is highest in the banking industry, reaching $18.3 million annually per company.
A key factor at play here is visibility. This remains the biggest problem when it comes to cybersecurity. Fundamentally if you can’t see what you have, how can you protect it, secure it or have any understanding about whether it’s attackable? The net result is that companies don’t understand where the weaknesses are in their threat surface until a breach occurs, and by then it’s far too late.
Cyber attackers have an edge because they only have to succeed once where defenders need to succeed every time. Increasingly attackers and adversaries are using automated
& AI driven tools to penetrate and attack corporate networks.
Automation as well as being part of the problem, could also likely be a big part of the solution. Regardless of the industry or application, The benefits of automated operations deliver higher productivity, reliability, availability, increased performance, and reduced operating costs. Within cyber security it allows businesses and individuals to concentrate on more productive problem-solving network defending activities. An added benefit is that it’s these problem-solving activities that foster innovation and can lead to a more resilient cybersecurity organisation.
What’s wrong with the traditional approach?
There are three key challenges that cannot be solved using a manual approach:
- As digital transformation has gathered pace, the growth of applications, big data, artificial intelligence and multi-cloud has meant an increase in attack vectors for cyber criminals. This isn’t going to change any time soon. In 2020, projections suggest that worldwide spending on digital transformation will grow 4 percent year-on-year – a compromised and yet still strong growth despite the economic recession caused by the coronavirus (COVID-19) pandemic.
- The ongoing cyber security skills gap means that there are simply not enough professionals with the right skills to tackle the problem. Despite the establishment of a new independent organisation that has been tasked with making sure there are enough skilled workers in the field, there is no doubt that resource challenge will be around for the foreseeable future.
- At the end of the day we’re all only humans – and that means we make mistakes. Human error combined with the ever-increasing amount of data to manage, will inevitably mean that a threat, or potential threat, will slip through the cracks. It is simply unrealistic to expect human teams to catch all potential cybersecurity events.
The good news is that cybersecurity products designed to automate specific processes are widespread, and the likelihood is that most organisations will have already implemented automation tools somewhere within their organisation. This is because automation enables organisations to be proactive about improving their cyber resilience rather than being target practice for any new malware that’s out there. They can have separate tools and service providers do the job or, as many are now doing, embrace new automated tools to do it themselves.
Automated penetration testing is a great example. Our networks are in need of continuous, on-demand testing to ensure controls are kept in tune at all times. Focused on the inside threat, automated penetration-testing platforms mimic the hacker’s attack. These tools “deliver” a pen test that simulates the pen tester’s laptop and/or attack proxy plugging into your network. The pen testing bot then performs reconnaissance on its environment by doing identical scans as a human would do. Once the automated tools have established where they sit within the environment, they will filter through what they’ve found. Detailed reports are produced together with proposed remediations, and all one step ahead of tomorrow’s malicious hacker.
It’s becoming increasingly difficult for businesses to secure themselves from cyber-threats and mitigate attacks due to their sophistication. Security teams worldwide are facing the hurdle of effectively managing millions of notifications that are generated by security capabilities. Automation and integration of cyber-security in business operations is becoming a critical way of saving resources – revenue, data, and reputation. Implementing automation could be vital in order to reliably protect organisations and ensure resilience through robust and repeatable processes.
Laboratory Balances And Scales Market is projected to grow significantly to reach US$ 2,129.7 Mn by 2027
According to FMI analyst’s laboratory balances and scales market is going to expand its research and development part, sooner or later. Manufacturers...
Will COVID Finally Give Big Banks Their Direction?
By Shreya Jain If the recently finished 2020 has taught us anything, it is that we’d do well to re-evaluate...
ECB faces tricky balancing act after pandemic debt surge
By Francesco Canepa, Frank Siebelt and Balazs Koranyi FRANKFURT (Reuters) – As the euro zone begins to emerge from the...
Japan cuts economic outlook in February for first time in 10 months
TOKYO (Reuters) – Japan’s government cut its view on the overall economy in February for the first time since April...
UK delays review of business rates tax until autumn
LONDON (Reuters) – Britain’s finance ministry said it would delay publication of its review of business rates – a tax...
Discounter Pepco has all of Europe in its sights
By James Davey LONDON (Reuters) – Pepco Group, which owns British discount retailer Poundland, has targeted 400 store openings across...
UK retail sales drop, NatWest loss dampen FTSE 100 mood
By Shivani Kumaresan and Amal S (Reuters) – The FTSE 100 was muted on Friday as a bigger-than-expected drop in...
Fashion-focused livery launch reveals new colours for Gasly, Tsunoda in 2021
Scuderia AlphaTauri debuted their colours for the 2021 Formula 1 season as drivers Pierre Gasly and Yuki Tsunoda unveiled the...
Euro zone services hit in February but factories racing along – PMIs
By Jonathan Cable LONDON (Reuters) – Business activity across the euro zone contracted again in February as lockdown measures to...
Lockdown decimates UK retail, borrowing surge slows
By William Schomberg and David Milliken LONDON (Reuters) – British retail sales tumbled in January as shops went back into...