By Anthony Giandomenico, Senior Security Strategist and Researcher, FortiGuard Labs
The phrase “all roads lead to Rome” was used as early as the 1100s to refer to the ancient Roman highway system where all roads across the empire radiated from the capital.
The same concept holds true for cybercrime and the Financial Services industry. At the end of the day, regardless of who the ultimate victim of a cyberattack is, the end goal of most cyber events continues to be financial gain. And capitalizing on the theft of information, whether credit card or banking data or the selling of PII on the dark web, ultimately involves taking advantage of someone or some organization associated with the Financial Services sector.
Cybercriminals increasingly target online banking and mobile apps
According to a recent Threat Landscape Report, over one-quarter of organizations experienced a mobile malware attack in Q3 of 2018, with the vast majority of those attacks targeting or originating from devices running the Android operating system. In fact, of all the threats organizations faced last quarter from all attack vectors, 14% were Android related. By comparison, only .000311% of threats were targeted to Apple iOS.
Exploits targeting banking apps on mobile devices, for example, are a significant part of this growing threat trend that must be addressed. Compromising mobile devices not only allows attackers to steal data stored on that device, but can be used to collect personal banking information using phishing apps, intercept data moving between a user and his or her online bank, and monitor financial transactions when purchasing goods or services online. The Android. banker. A2f8a malware, for example, targeted more than 200 different banking apps to steal login credentials, hijack SMSs, and upload contact lists and other data onto a malicious server. It also displayed an overlay screen on top of legitimate apps to capture additional information.
These apps aren’t just being downloaded from risky sites. Between August and October of this year, 29 banking Trojans masquerading as legitimate apps were removed from the Google Play store, but only after they had been installed by over 30,000 users. But even that is only part of the exposure. Compromised devices are also becoming a gateway through which the larger financial services network can be exploited.
Additional threat trends the financial sector needs to follow
In addition to mobile threats, we have documented three additional attack strategies over the third quarter of 2018 that financial security teams need to be paying special attention to:
Cryptojacking has become a gateway for other attacks. In many industries, including financial services, cryptojacking has leapfrogged ransomware as the malware of choice. While ransomware continues to be a serious concern for financial networks, the number of unique cryptojacking signatures nearly doubled in the past year, while the number of platforms compromised by cryptojacking jumped 38%. Perpetrators include advanced attackers using customized malware, as well as “as-a-service”options available on the dark web for novice criminals. Although cryptojacking is often considered to be a nuisance threat that only hijacks unused CPU cycles, a growing number of new attack techniques include disabling essential security functions on devices, thereby enabling cryptojacking to actually become a gateway for additional attacks.
Encrypted Traffic Reaches a New Threshold.While encrypted traffic has always been a staple of financial organizations, it now represents an unprecedented 72% of all network traffic, up from 55% just one year ago. While encryption can certainly help protect data and transactions, it also represents a challenge for traditional security solutions. The critical firewall and IPS performance limitations of most legacy security solutions continue to limit the ability of organizations to inspect encrypted data at network speeds. As a result, rather than attempting to slow down time-sensitive financial transactions, a growing percentage of this traffic is simply not being adequately analyzed for malicious activity, making it an ideal mechanism for criminals to spread malware or exfiltrate data.
Botnets are getting smarter. The number of days that a botnet infection was able to persist inside an organization increased 34% during Q3, rising from 7.6 to 10.2 days, indicating that botnets are becoming more sophisticated, difficult to detect, and harder to remove. This is also the result of many organizations still failing to practice good cyber hygiene, including patching and updating vulnerable devices, protecting IoT and other devices that can’t be directly hardened, and thoroughly scrubbing a network after an attack has been detected. The importance of consistent security hygiene remains vital to addressing the total scope of these attacks as many botnets can go dormant upon detection, only to return after normal business operations have resumed if the root cause or “patient zero” has not been rooted out.
Addressing the Challenge
The challenge facing many financial organizations is that new digital transformation efforts have spread security resources thin, restricting visibility and fragmenting the controls of many IT teams. Addressing these latest attack vectors includes:
- Beginning your security transformation.Digital transformation requires an equivalent security transformation effort. This includes shifting from point security products, manual security management, and reactive security to a strategy where different security elements are integrated into a single system, security workflows can span multiple network ecosystems, threat-intelligence is centrally collected and correlated, and threat detection and response is automated and uniform.
- As the speed of threats rapidly increases, the time windows for prevention, detection, and remediation continue to shrink. Rapid response times are crucial, which makes the implementation of truly expansive and integrated security automation essential, from data collection to coordinated responses to threats. To do this, organizations need to implement an integrated security platform where each element is designed to communicate with all the others in real time.
- Identifying and trackingall mobile and IoT devices. One essential approach to combatting things like cryptojacking involves maintaining a comprehensive inventory of devices (especially the mobile devices of end users) through third-generation network access controls and then baselining their behavior. With this information in hand, you’re able to monitor for aberrant behavior that may reflect cryptojacking and other malicious activity.
- Securingany customers that use mobile banking apps.One recent analysis found that nearly a third of businesses around the globe used a mobile device to access a corporate bank account or facilitate a corporate transaction – a trend that researchers said is “certain” to continue. To protect these customers, start by educating them about your legitimate banking applications. This includes constantly reminding them of what sorts of information you will – and won’t – ask for, such as online “password validation” or “account validation” techniques used by phishers and scammers.
In addition, some major banks have begun adding things like biometrics to their applications to protect consumers and better secure data and transactions. In addition, organizations should regularly scan the internet for fraudulent applications, warn consumers when they are found, and apply pressure on application stores to remove them from their inventories.
Cybersecurity challenges continue to grow, and financial institutions– especially those in the midst of digital transformation efforts – are being highly targeted by cybercriminals. Commercial Banks, Credit Unions, Stock Brokerage Firms, Asset Management Firms, and Insurance Companies that support digital transactions through mobile apps are increasingly being targeted and exploited by malicious criminals. At the same time, they are suffering the same challenges of other organizations, including figuring out how to inspect and secure the growing volume of encrypted traffic, battling the persistence of botnets, and addressing new malware trends such as cryptojacking.
To successfully address today’s challenges, the security teams of financial services organizations need to rethink their strategy, from automating their security hygiene measures to replacing isolated security devices with an integrated security fabric architecture that can seamlessly span the growing attack surface.
About the author:
Anthony Giandomenico is an experienced Information Security Executive, Evangelist, Entrepreneur and Mentor with over 20 years of experience. In his current position at Fortinet he is focused on delivering knowledge, tools and methodologies to properly demonstrate advanced threat concept and defense strategy using a practical approach to security. Anthony works closely with FortiGuard Labs and Fortinet System Engineering to respond to advanced threats as they break – and proactively plan beforehand.
Pandemic risks eclipse treasury priorities as businesses diversify investments to mitigate impact
The Covid-19 pandemic has shunted aside existing challenges to sit atop treasurers’ priority lists, according to “The resilient treasury: Optimising strategy in the face of covid-19”, a survey run by the Economist Intelligence Unit (EIU) and sponsored by Deutsche Bank.
The results show that treasurers are looking to diversify their investments in a bid to mitigate the pandemic impacts, including heightened liquidity, foreign-exchange and interest-rate risk. As many as 55% plan to increase investments in long-term instruments, with 48% increasing investments in bank deposits, another 48% in local investment products, and 47% in money-market funds.
“The Covid-19 pandemic has drastically altered business plans in 2020. It has placed a certain level of strain on treasury processes, but the challenge it presents has been managed by traditional treasury skills. It is clear that pandemic risk will be on the treasury checklist for years to come, but it is one of many risks the department faces and will continue to manage,” says Melanie Noronha, the EIU editor of the report.
Despite Covid-19 looming large, other challenges wait in the wings. Notably, the replacement of the London Interbank Offered Rate was identified by 38% of respondents as the main challenge of their function.
Technology, meanwhile, continues to be a pressing issue, with treasury teams becoming increasingly reliant on IT solutions. Here, data quality is rising up the list of concerns. Already highlighted as very or somewhat concerning in 2019 by 69% of respondents, the figure rose to 78% in 2020. Acquiring the necessary skill sets to realise the full benefits of this data and technology is also a continuing priority – with some progress registered from last year. In 2020, 30% of respondents say they have all the skills they need to manage technological change, up from 22% in 2018.
“Treasury’s focus on technology is not only helping teams operate more efficiently in a remote-working environment, it has long played – and continues to play – a key role in realising their long-term priorities,” notes Ole Matthiessen, Head of Cash Management, Corporate Bank, Deutsche Bank. The survey shows that
Release 1 | 2 managing relationships with banks and suppliers (highlighted by 32% of respondents) and collaborating with other functions of the business (also 32%) remain top of the agenda – and seamless digital systems will help give treasurers the bandwidth and insight to be more effective partners for both internal and external stakeholders.
Based on a global survey of 300 treasury executives, conducted between April and May, the survey explores stakeholders’ attitudes among corporate treasurers towards the drivers of strategic change in the treasury function – from the pandemic through to regulation and technology – and their priorities for the next five years.
Digital collaboration: Shaping the Future of Finance
By Ryan Lester, Senior Director of Customer Experience Technologies at LogMeIn
With heightened economic uncertainty and increased customer expectation becoming the norm in the banking industry, it is understandable that the sector is struggling to keep afloat. Due to its precarious nature, banking institutions are trying their best to ensure they remain relevant in the competitive landscape and guarantee that their customers continue to be a priority.
When it comes to the first half of this year, the pandemic has shown how easy it is for industries to fail. Customers and companies alike had to get used to the new normal, as physical locations started to close. The banking industry felt this first hand, as banks were made to restructure how their business ran, with restricted opening hours and a wider push to motivate people to use online banking.
While some had already embraced digital options prior to the pandemic, this proved to be a stark contrast to the elderly population, who frequently visited branches to access their finances. Moving forward, banks have to adopt new methods to ensure customers get the most out of our their accounts, without their experience suffering.
Heightened Customer Expectations
When the pandemic reached its peak, people were encouraged to use online banking, as telephone contact was under strain with long waiting times and pressure mounting on contact centre agents. According to Fidelity National Information Services (FIS), which works with 50 of the world’s largest banks, there was a 200% jump in new mobile banking registrations in early April, while mobile banking traffic rose 85%.
With branches remaining closed, customers were continuously being urged to limit the amount of calls they made to the most urgent cases and consider whether they could solve their answers through mobile online banking or checking the company website. Although already being adopted in pockets of the industry, this was a real catalyst that spurred banks to up their game on digital channels and with self-service tools.
Banks are challenged with precariously balancing customer needs with the cost of personalised support. With the demographic of customers changing over the last few years, customers are becoming increasingly younger and more comfortable with technology. Influenced by the “Amazon Effect”, their expectations have raised to an all-time high, placing record strain on the sector
Customer experience isn’t just about support anymore, it’s about serving your customer at every point in the journey. Companies have an opportunity to elevate the experience they provide by moving beyond one-and-done interactions to create continuous engagements with their customers. It is starting to become a primary competitive differentiator in the market and one that doesn’t have a lot of variation. Deploying AI chatbot technology will be able to strategically help banks improve customer experience and raise the level of support that agents provide.
Digital collaboration: Working around the Clock
The benefits of adopting digital channels and self-service tools are second to none. By implementing chatbots, fuelled by conversational AI, banks will be able to help serve a wide range of customer queries and ensure they are protected from fraud and scams.
Conversational AI is exactly what it sounds like: a computer programme that engages in a conversation with a human. When it comes to service delivery, conversational AI can be deployed across multiple channels to engage with customers in ways that effectively address evolving customer needs. At a time defined by COVID-19, self-service tools such a conversational chatbots can work around the clock to solve customer queries in a concise and timely way. Of course, self-service tools won’t completely replace human agents in the banking industry, but they will help companies re-distribute customer traffic and workflows in ways that enhance customer experience. Self-service tools fuelled by conversational AI can also improve employee experience because service employees can handle fewer, but higher-level service tasks that chatbots might escalate to them.
Adopting new tools to help facilitate consistent and concise answers and help maintain customer experience is on the forefront of many industry minds. Banks such as the Natwest Group have seen this first-hand and are testament to the benefits that a good digital experience can provide. Simon Johnson, Capability Consultant, Digital at NatWest Group highlights NatWest’s use of digital tools during lockdown, “Over the last few months, we’ve learnt how to use digital tools to help our employees remotely. From a banking perspective, there have been a lot of changes including base rates, waive fees and the best ways of contacting our vulnerable customers, ensuring we keep them protected from frauds and scams.
“By introducing our Bold360 chatbot interface, Ella, we’ve been able to get relevant information out quickly, apply the best practice and ensure that our customer journeys are being developed correctly. Due to the volume of questions, some of our customers were finding themselves waiting longer than usual. So digital channels become essential to helping reduce the wait time. Using Bold360, we were able to mitigate issues and answer questions in a more timely way through our chatbot.
“Moving forward, as we open more digital services, we are analysing our data to see if customer will return back to their usual way of banking, now that they’ve seen what a good digital experience can provide. Either way, with Ella, we are ready.”
Chatbots and Humans: The Best Option for Customer Service
Over the last year, banking institutions have recognised the power that digital collaboration can have to their success. Delivering exceptional customer service and support is key for any business wanting to stay competitive in today’s market and banks are especially challenged with precariously balancing customer needs with the cost of personalised support. Leveraging the right technology, such as AI-powered chatbots, will enable the banking industry to provide better support and a more robust customer experience in the long term. Other institutions must follow suit, or risk becoming obsolete.
A sleeping digital giant wakes? 4 key trends accelerating payments transformation in the US
By Lauren Jones, International Payments Ambassador, Icon Solutions
The US payments industry is undoubtedly ripe for change. Before the unprecedented shock of COVID-19, digitization and payments transformation initiatives had been organic, piecemeal and predominately the preserve of the largest banks.
Now, increasing pressure means that financial institutions of all sizes are working to define a digital strategy to unlock new opportunities, drive business value, and stay competitive. But beyond the immediate impact of COVID, what underlying trends are accelerating digitization in the US?
- Real-time payments – the stimulus for change
Real-time payments have been met with a degree of caution by US financial institutions. Risking traditional profit generators in return for potential revenues down the line is a gamble many have not been willing to take. But immediate payments are coming to the US whether banks like it or not.
Major payments infrastructure providers, including NACHA and The Clearing House (TCH), have moved to encourage immediate payment adoption in recent years. But the Fed, frustrated with a slow rate of progress, has announced that it is pressing ahead with the implementation of its FedNow system (despite significant industry objection). Although the Fed’s true intentions are open to interpretation and this may just be a play to accelerate private initiatives, it is a clear signal that they mean business.
This means holdouts risk their own ‘Kodak’ moment if they miss the huge opportunities in front of them by fixating on traditional revenue streams. Banks are in a position to support innovation across entire industries such as healthcare, which could be released from the constraints of paper-based bureaucracy and slow, expensive transactions.
Another opportunity that can be unlocked via instant payments is ISO 20022 (used in the TCH RTP system). It is the future of payments messaging standards and can greatly enhance various payments processes through increased data-carrying capabilities. More importantly given the current climate, citizens reliant on federal or state support can benefit from RTPs combined with additional data to immediately access emergency funds.
- The kids are growing up
The US is getting older. Consumers who were 10 when the iPhone first launched are now 23. This means we are seeing a ramp-up of digitally native Gen Z consumers (roughly those born between 1995 and 2010) accessing banking services.
Demographics are an inexact science and not perfect predictors (there are technophobe college students and 100-year-old Instagram influencers), but we can detect noticeable trends.
Younger customers don’t usually choose a bank because there is an ATM in their neighbourhood, a slightly better interest rate or an advert in the newspaper. Rather, a strong digital presence, personalised tools, rewards and experiences, and the trusted recommendations of friends and family, will have a more significant impact on customer acquisition.
Banks must look at the effect this will have on their longer-term digitalization strategy and be able to segment what this emerging customer base might want and how they will interact in years to come.
- Checkmate? Evolving corporate requirements
Corporate treasurers are people and their experience of seamless, immediate payments in their personal lives shapes expectations in the workplace. Although check usage for business-to-business (B2B) transactions is still the norm in the US and barriers remain, corporates are increasingly demanding the ability to transact in a real-time, omnichannel environment, 24×7.
The benefits are clear. Corporate treasurers stand to enjoy enhanced liquidity management and transparency, greater control over payments and enhanced data for reconciliation purposes. And for consumers, alternative digital payment options such as buy now pay later promote choice and flexibility.
- Increasing competition
A significant consequence of emerging consumer and business demand for digital offerings is the increase in competition from fintechs, technology giants and other third-parties. Traditionally, incumbent banks have enjoyed the advantage of consumer trust to offset more limited innovation. But as consumers become more comfortable entrusting their financial transactions to non-banks, banks must differentiate and digitize to remain competitive.
Data is where the technology giants excel, and their ability to personalise experiences and emotionally connect with their users is unprecedented. Banks need to learn from the positive aspects of this model to better understand their users and deliver meaningful, useful products and services.
For data to become the cornerstone of a banks’ customer relationship and take services to the next level, breaking the channel silos and extracting value from a comprehensive dataset will be decisive. But with only 18% of banks reporting that they are in the process of shifting from a transactional revenue model to a data-driven revenue model, this work has some way to go.
Taking customer propositions to the next level
Customers now expect services that work for them, not their banks. All banks, no matter the footprint, need to move quickly to offer a broad digital service platform that adds value to both the customer and the bank.
By defining a robust payments transformation strategy, banks of all sizes can remain fiercely competitive by rapidly lowering costs, unlocking revenues and promoting innovation
Satisfaction with Credit Card Issuers in Canada Remains Flat Amid COVID-19, J.D. Power Finds
Tangerine Bank Ranks Highest in Overall Credit Card Customer Satisfaction for Second Consecutive Year With 73% of credit card customers...
The benefits of automated pension plans
While many people will prefer to speak to fellow human beings when discussing their investments, automation is already part of...
Pandemic risks eclipse treasury priorities as businesses diversify investments to mitigate impact
The Covid-19 pandemic has shunted aside existing challenges to sit atop treasurers’ priority lists, according to “The resilient treasury: Optimising...
Boost for consumers as banks recognise room for improvement on service and delivery
42% of banks are looking to improve service provision and boost customer satisfaction in the year ahead Less than half...
By Paddy Osborn, Academic Dean, London Academy of Trading Whether you’re negotiating a business deal, playing a sport or trading...
The impact of the Accounts Payable risk landscape
By David Thorley, Director of Customer Development, FISCAL Technologies The current economic climate has never been so uncertain. Not since...
The Viral Return On Investment
By Sabine Saadeh Author of Trading Love Investment Pitch It was around August 2018 when a friend of mine approached...
How AI and ML are changing insurance for good
By Alan O’Loughlin, Director of Analytics and Statistical Modelling, International and John Beal, Senior Vice President of Analytics at LexisNexis®...
How Assistive Learning Technology Is Making Online Learning Inclusive
By Sandra Goger is Learning Technology Analyst at Iflexion, Denver-based software development company. The global online learning market is expected...
Can your company data make you famous?
By Kerry Gould, Associate Director, Speed Communications Businesses gather and generate reams of data every day on everything from purchasing...