By Tony Pepper, CEO of Egress

It’s no secret that the Covid-19 pandemic has created a perfect storm of cybersecurity risk. External threats are heightened, but there’s also a higher level of internal risk too, exacerbated by home working. With most financial services organisations planning to continue with mass remote working for the foreseeable future, it’s important for security teams to review their strategy and assess whether it still works in this new landscape. When it comes to insider threat, there are three key areas that IT leaders should focus on: building a positive culture around security, understanding their organisation’s level of risk and protecting their people.

1. Build a security-positive culture

Many organisations have unknowingly instilled a security-negative culture among their employees, where people are punished or shamed if they cause a security incident. While they might think that this would discourage employees from causing data breaches for fear of repercussions, this actually makes your organisation less secure. Our Outbound Email Security Report found that 62% of organisations rely on their people to report email data breach incidents – and if employees are too afraid to come forward, that means your business is at risk of developing a security blind spot.

A security negative culture won’t actually prevent data breaches caused by human error, something which organisations need to recognize as largely unavoidable without technological intervention; it just delays remediation, which makes every incident worse. By creating a security-positive culture, you can better engage and educate employees, as well as ensure you’re able to rapidly triage any incidents if they occur.

2. Understand your risk

When mapping out your risk, you’ll likely find that the picture looks very different to how it did even a year ago. In the past, organisations have focused on their networks and their devices when it came to security strategy. While these are vital areas for consideration, what hasn’t been as well-addressed to date is the human aspect of risk, particularly human error. You need to look closely at the tools that your employees are using daily to facilitate digital communication with clients and colleagues, including when sending sensitive information.

Employees are specifically using email more than ever before – our recent research found that 94% of organisations are sending more emails due to Covid-19, with one-in-two IT leaders reporting an increase of more than 50%. With this expansion of email volumes comes an increase in the risk that an email containing sensitive data might be misdirected. Remote working has also heightened the threat – our research found that 35% of organisations’ serious email data breaches were caused by remote working. Why? The causes lie in their behavior and the environments in which they operate. Some individuals may feel they’re able to take more risks away from the “watchful eyes” of their Security team, and every employee is  faced with a myriad of distractions that make them more likely to make a mistake.

It’s time for organisations to take stock of their risk by looking at where gaps in their security might exist – and provide safety nets for their employees that can automatically detect and mitigate inadvertent data breaches and risky behaviour.

3. Protect your people

It goes without saying that not all data breaches are caused by malicious activity. An overwhelming amount of data breaches are caused by hardworking employees making honest mistakes, from sending an email to the wrong person to responding to a phishing attack. Unfortunately, human error is an unavoidable part of life, and mistakes will happen. In the past, many organisations have taken the approach that employee error can be ‘trained away’, embarking on comprehensive security training programs in the hope that security incidents might decrease.

Unfortunately, if that were the case, then employee activated data breaches would be a thing of the past! Organisations need to employ a multifaceted approach when it comes to avoiding accidental insider data breaches – education and training remain an important element, but ultimately businesses need to implement the right technology to provide a safety net for their people. Many organisations have legacy DLP solutions in place that cannot mitigate the risk as they fail to fully understand employees’ behaviour.

Often, these tools stand in the way of productivity, prompting users even when there isn’t a legitimate risk. When click fatigue sets in, these solutions become ineffective, with users ignoring prompts whenever they appear. Luckily, advances in machine learning mean that there’s technology available to prevent insider data breaches such as misdirected email, by deeply understanding the way that users behave and the context in which they share data, to ensure emails are sent to the right recipients with the right level of security.

The vast majority of organizations will never go back to every employee working full time within the office environment, instead post-pandemic we will see a myriad of different approaches – with some based in the office, while others work at home part or full-time, and as the world opens up again, their locations may change throughout the day. To mitigate risks from inadvertent errors to intentional data exfiltration, CISOs must address their security culture and protect their human layer with intelligent controls that mitigate employees’ behaviors and stop breaches before they happen.

Leading life insurer uses Talend in data lake environment for data analytics

Talend (NASDAQ: TLND), a global leader in data integration and data integrity, announced today that Sumitomo Life Insurance Company, one of the Japan’s leading life insurance companies, has selected Talend Data Fabric for its data analytics infrastructure.

Sumitomo Life aims to become the most trusted and supported company by its stakeholders, including its customers, and to grow sustainably and stably. Sumitomo Life’s vision is to offer advanced products to enable customers to live vigorously. To respond to that, the company is developing and delivering cutting-edge products that respond to its customers’ current and expected futures needs in areas focusing on nursing care, medical insurance and retirement planning.

“With the trust from our customers as the starting point of all our activities, Sumitomo Life is providing optimal life insurance services to every person through the sound management of the insurance business,” said Mr. Masakazu Ohta, General Manager in Charge of Information System Department at Sumitomo Life. “As a new approach, it was necessary to build a common foundation for big data management, and Talend is the driver. Talend’s superiority in cloud implementation, development productivity, features, and licensing model convinced us to be part of this journey together.”

To meet the needs of its customers and offer them innovative products and services, Sumitomo Life has decided to build a foundation for data analysis (Sumisei Data Platform) in the cloud for the promotion of new insurance products. The company evolved its legacy data environment to the new environment where they can store the data extracted from various systems both on-premises and effectively in the cloud.

In order to meet the needs of each individual customer and provide the best insurance for them, Sumitomo Life uses Talend Data Fabric as the hub of its data infrastructure. This manages data across the organization and integrates data into a data lake, which makes them able to utilize data across the company.

“We have been able to release projects with the continuous support of Talend, even amid the changing business environment in the Covid-19 crisis. We will continue to collaborate with Talend in order to actively promote company-wide data analysis projects,” added Mr. Ohta.

“The insurance market is one of the most competitive sectors. By facing tight regulations and complex customer needs, companies must be at the forefront of innovation to offer even more services and new products to its customers,” said Kenji Tsunoda, Country Manager Japan, at Talend. “Talend helped Sumitomo Life reinvent its data-driven infrastructure to provide a data management platform that enables the development of advanced products for its customers.  We are delighted to support Sumitomo Life in the pursuit of their vision.”

By Roy Aston, Chief Information Officer, Paysafe

2020 saw the rapid acceleration of companies’ digital transformation plans due to the COVID-19 pandemic. Businesses being unexpectedly forced into a situation of remote working environments, coupled with rapidly changing consumer habits and an increased reliance on digital solutions, have contributed to a need to increase the speed of their tech upgrades.

But what does that mean in practice? Here are five trends we expect to be at the forefront of payments technology innovation in the next 12 months.

Further migration to distributed cloud

A key area of focus for payments businesses will inevitably be on creating even easier ways for customers to consume payment services, including how to develop and distribute some of the technology that will enable more frictionless payments. Allowing payment technology companies to focus on the innovation of products and solutions without having to worry about the underlying supporting infrastructure is important to ensure rapid scalability and resilient solutions. Operating now in a distributed cloud mode blurs the lines of ownership of the physical infrastructure further than has been seen before. This trend of cloud evolution will continue to enable payments companies to deliver solutions to merchants and consumers in a way that is highly flexible to meet the needs of the rapidly changing digital environment.

Expanded use cases for AI and deep learning

When thinking more specifically about those new capabilities distributed cloud will facilitate, the potential of Artificial Intelligence will become more significant. We are going to see trends come to the fore related to how companies think about analysing data, leveraging the immense power that comes from being able to tap into almost an infinite level of resources and processing capability. In payments that is going to be particularly prevalent around identifying consumer trends, mass personalisation, and without doubt fraud and Know Your Customer (KYC).

The concept of using technology to create digital identities, all the way from a retailer through the payments mechanism, will enable you to know the consumer more thoroughly using AI and deep learning technologies to assess all the data point we now have. The palette of data has become much richer now to enable better decision making.

A renewed focus on 5G

5G is going to create a level of connectivity and speed of data transmission that has never been possible outside of a physically connected world. That is also going to bring significant benefits in payments to areas that are not physically connected. For example, the ability to get data connectivity to remote areas of the world to enable people to set up businesses and to transact online is going to be a big growth area. Equally, the ability to deliver more immersive online experiences though remote devices will be transformational for the gaming industry.  5G is also going to enable companies to shift more data globally to enhance the power of AI even further.

Roy Aston

The drive for greater remote working

Clearly many companies will not rush back to full time office-based working practices, but more progress needs to be made for a truly successful permanent, efficient transformation to regular remote working. This means not only how you think about enabling employees to work from home effectively generally, but also a specific focus on running operational and heavily interconnected teams in a distributed manner and coming together in a way that has not happened before.

New levels of security

Finally, these enhancements must be underpinned by new levels of security. COVID-19 has resulted in the need to think about a different dimension of security being pushed to its limits, for several reasons. The first is that, unfortunately, criminals tend to thrive in a crisis, and unprincipled fraudsters have used the pandemic as an opportunity to leverage it for their own gain. This is creating pressure on companies to step up and look at more tooling to combat the threat, and not only how we think about protecting the company but also colleagues and end users as well.

The second is another consequence of remote working. As employees are becoming more distributed, we don’t always know where people are going to be working from or what they are going to be connected to, which creates an additional challenge. As this looks set to be the status quo moving forward, it will be a key area of focus for payments companies in 2021.