Connect with us

Top Stories

Financial Organizations Impacted by the Latest Cybercrime Trends  

Published

on

Financial Organizations Impacted by the Latest Cybercrime Trends  

By Anthony Giandomenico, Senior Security Strategist and Researcher, FortiGuard Labs

The phrase “all roads lead to Rome” was used as early as the 1100s to refer to the ancient Roman highway system where all roads across the empire radiated from the capital.

The same concept holds true for cybercrime and the Financial Services industry. At the end of the day, regardless of who the ultimate victim of a cyberattack is, the end goal of most cyber events continues to be financial gain. And capitalizing on the theft of information, whether credit card or banking data or the selling of PII on the dark web, ultimately involves taking advantage of someone or some organization associated with the Financial Services sector.

Cybercriminals increasingly target online banking and mobile apps

Anthony Giandomenic

Anthony Giandomenic

According to a recent Threat Landscape Report, over one-quarter of organizations experienced a mobile malware attack in Q3 of 2018, with the vast majority of those attacks targeting or originating from devices running the Android operating system. In fact, of all the threats organizations faced last quarter from all attack vectors, 14% were Android related. By comparison, only .000311% of threats were targeted to Apple iOS.

Exploits targeting banking apps on mobile devices, for example, are a significant part of this growing threat trend that must be addressed. Compromising mobile devices not only allows attackers to steal data stored on that device, but can be used to collect personal banking information using phishing apps, intercept data moving between a user and his or her online bank, and monitor financial transactions when purchasing goods or services online. The Android. banker. A2f8a malware, for example, targeted more than 200 different banking apps to steal login credentials, hijack SMSs, and upload contact lists and other data onto a malicious server. It also displayed an overlay screen on top of legitimate apps to capture additional information.

These apps aren’t just being downloaded from risky sites. Between August and October of this year, 29 banking Trojans masquerading as legitimate apps were removed from the Google Play store, but only after they had been installed by over 30,000 users. But even that is only part of the exposure. Compromised devices are also becoming a gateway through which the larger financial services network can be exploited.

Additional threat trends the financial sector needs to follow

In addition to mobile threats, we have documented three additional attack strategies over the third quarter of 2018 that financial security teams need to be paying special attention to:

Cryptojacking has become a gateway for other attacks. In many industries, including financial services, cryptojacking has leapfrogged ransomware as the malware of choice. While ransomware continues to be a serious concern for financial networks, the number of unique cryptojacking signatures nearly doubled in the past year, while the number of platforms compromised by cryptojacking jumped 38%. Perpetrators include advanced attackers using customized malware, as well as “as-a-service”options available on the dark web for novice criminals. Although cryptojacking is often considered to be a nuisance threat that only hijacks unused CPU cycles, a growing number of new attack techniques include disabling essential security functions on devices, thereby enabling cryptojacking to actually become a gateway for additional attacks.

Encrypted Traffic Reaches a New Threshold.While encrypted traffic has always been a staple of financial organizations, it now represents an unprecedented 72% of all network traffic, up from 55% just one year ago. While encryption can certainly help protect data and transactions, it also represents a challenge for traditional security solutions. The critical firewall and IPS performance limitations of most legacy security solutions continue to limit the ability of organizations to inspect encrypted data at network speeds. As a result, rather than attempting to slow down time-sensitive financial transactions, a growing percentage of this traffic is simply not being adequately analyzed for malicious activity, making it an ideal mechanism for criminals to spread malware or exfiltrate data.

Botnets are getting smarter. The number of days that a botnet infection was able to persist inside an organization increased 34% during Q3, rising from 7.6 to 10.2 days, indicating that botnets are becoming more sophisticated, difficult to detect, and harder to remove. This is also the result of many organizations still failing to practice good cyber hygiene, including patching and updating vulnerable devices, protecting IoT and other devices that can’t be directly hardened, and thoroughly scrubbing a network after an attack has been detected. The importance of consistent security hygiene remains vital to addressing the total scope of these attacks as many botnets can go dormant upon detection, only to return after normal business operations have resumed if the root cause or “patient zero” has not been rooted out.

Addressing the Challenge

The challenge facing many financial organizations is that new digital transformation efforts have spread security resources thin, restricting visibility and fragmenting the controls of many IT teams. Addressing these latest attack vectors includes:

  • Beginning your security transformation.Digital transformation requires an equivalent security transformation effort. This includes shifting from point security products, manual security management, and reactive security to a strategy where different security elements are integrated into a single system, security workflows can span multiple network ecosystems, threat-intelligence is centrally collected and correlated, and threat detection and response is automated and uniform.
  • As the speed of threats rapidly increases, the time windows for prevention, detection, and remediation continue to shrink. Rapid response times are crucial, which makes the implementation of truly expansive and integrated security automation essential, from data collection to coordinated responses to threats. To do this, organizations need to implement an integrated security platform where each element is designed to communicate with all the others in real time.
  • Identifying and trackingall mobile and IoT devices. One essential approach to combatting things like cryptojacking involves maintaining a comprehensive inventory of devices (especially the mobile devices of end users) through third-generation network access controls and then baselining their behavior. With this information in hand, you’re able to monitor for aberrant behavior that may reflect cryptojacking and other malicious activity.
  • Securingany customers that use mobile banking apps.One recent analysis found that nearly a third of businesses around the globe used a mobile device to access a corporate bank account or facilitate a corporate transaction – a trend that researchers said is “certain” to continue. To protect these customers, start by educating them about your legitimate banking applications. This includes constantly reminding them of what sorts of information you will – and won’t – ask for, such as online “password validation” or “account validation” techniques used by phishers and scammers.

In addition, some major banks have begun adding things like biometrics to their applications to protect consumers and better secure data and transactions. In addition, organizations should regularly scan the internet for fraudulent applications, warn consumers when they are found, and apply pressure on application stores to remove them from their inventories.

Summing Up

Cybersecurity challenges continue to grow, and financial institutions– especially those in the midst of digital transformation efforts – are being highly targeted by cybercriminals. Commercial Banks, Credit Unions, Stock Brokerage Firms, Asset Management Firms, and Insurance Companies that support digital transactions through mobile apps are increasingly being targeted and exploited by malicious criminals. At the same time, they are suffering the same challenges of other organizations, including figuring out how to inspect and secure the growing volume of encrypted traffic, battling the persistence of botnets, and addressing new malware trends such as cryptojacking.

To successfully address today’s challenges, the security teams of financial services organizations need to rethink their strategy, from automating their security hygiene measures to replacing isolated security devices with an integrated security fabric architecture that can seamlessly span the growing attack surface.

About the author:

Anthony Giandomenico is an experienced Information Security Executive, Evangelist, Entrepreneur and Mentor with over 20 years of experience.  In his current position at Fortinet he is focused on delivering knowledge, tools and methodologies to properly demonstrate advanced threat concept and defense strategy using a practical approach to security.  Anthony works closely with FortiGuard Labs and Fortinet System Engineering to respond to advanced threats as they break – and proactively plan beforehand.

Top Stories

Deloitte: Middle East organizations need to rethink their workforce in the wake of COVID-19

Published

on

Deloitte: Middle East organizations need to rethink their workforce in the wake of COVID-19 1

Organizations in the Middle East have had to take immediate actions in reaction to the COVID-19 pandemic, such as shifting to remote and virtual work, implementing new ways of working and redirecting the workforce on critical activities. According to Deloitte’s 10th annual 2020 Middle East Human Capital Trends report, “The social enterprise at work: Paradox as a path forward,” organizations now need to think about how to sustain these actions by embedding them into their organizational culture.

“COVID-19 has created a clarifying moment for work and the workforce. Organizations that expand their focus on worker well-being, from programs adjacent to work to designing well-being into the work itself, will help their workers not only feel their best but perform at their best. Doing so will strengthen the tie between well-being and organizational outcomes, drive meaningful work, and foster a greater sense of belonging overall,” said Ghassan Turqieh, Consulting Partner, Human Capital, Deloitte Middle East.

According to the Deloitte report, many organizations in the Middle East made quick arrangements to engage with employees in the wake of the pandemic through frequent communications, multiple webinars where senior leaders addressed employee concerns, virtual employee events, manager check-ins, periodic calls and other targeted interactions with the workforce.

The report also discussed how UAE and KSA governments have reexamined work policies and practices, amended regulations and introduced COVID-19 initiatives to support companies and the workforce in the public and private sectors. Flexible and remote working, team-building and engagement activities, well-ness programs, recognition awards and modern workspaces are among the many things that are now adding to the employee experience.

Key findings from the Deloitte global report include:

  • Only 17% of respondents are making significant investments in reskilling to support their AI strategy with only 12% using AI primarily to replace workers;
  • 27% of respondents have clear policies and practices to manage the ethical challenges resulting from the future of work despite 85% of respondents saying the future of work raises ethical challenges;
  • Three-quarters of leaders are expecting to source new skills and capabilities through reskilling, but only 45% are rewarding workers for the development of new skills; and
  • Only 45% of respondents are prepared or very prepared to take advantage of the alternative workforce to access key capabilities despite gig workers being likely to comprise 43% of the U.S. workforce this year according to the Bureau of Labor Statistics.

“Worker well-being is a top priority today, and similarly to the rest of the world, companies in the Middle East are focusing their efforts to redesign work around well-being by understanding workforce well-being needs,” said Rania Abu Shukur, Director, Human Capital, Consulting, Deloitte Middle East.

Continue Reading

Top Stories

One in five insurance customers saw an improvement in customer service over lockdown, research shows

Published

on

One in five insurance customers saw an improvement in customer service over lockdown, research shows 2

SAS research reveals that insurers improved their customer experience during lockdown

One in five insurance customers noted an improvement in their customer experience over lockdown, according to research conducted by SAS, the leader in analytics. This far outweighed the 11% of customers who felt it had deteriorated over the same period.

This is positive news for insurers during such challenging times, with 59% of customers also saying that they would pay more to buy or use products and services from any company that provided them with a good customer experience over lockdown.

The improvement in customer experience also coincides with a rise in the number of digital customers. Since the pandemic started, the number of insurance customers using a digital service or app has grown by 10%. Three-fifths (60%) of new users plan to continue using these digital services moving forward.

However, while the number of digital users grew over lockdown, half of the insurance customer base has not yet chosen to move to digital insurance apps or services.

Paul Ridge, Head of Insurance at SAS UK & Ireland, said:

“It’s impressive that there was a net improvement in customer experience during lockdown, despite the challenges the industry was facing with a transition to remote working and increased claims for things like cancelled holidays. While many were forced to wait on customer help lines for long periods, part of the improvement may be explained by even a small (10%) increase in the number of digital users.

“However, it’s clear that a huge number of customers are still yet to make the move online. It’s vital that insurers provide the most accurate, timely and relevant offerings to customers, and this is best achieved by having additional insight into online customer journeys so they can understand them better. Using analytics and AI, insurers can seize this opportunity to digitalise their customer experience and offer a more personalised approach.”

Meanwhile, for insurers that fail to offer a consistently satisfactory customer experience, the price could be severe. A third (33%) of customers claimed that they would ditch a company after just one poor experience. This number jumps to 90% for between one and five poor examples of customer service.

For more insight into how other industries across EMEA performed during lockdown, download the full report: Experience 2030: Has COVID-19 created a new kind of customer? 

Continue Reading

Top Stories

The power of superstar firms amid the pandemic: should regulators intervene?

Published

on

The power of superstar firms amid the pandemic: should regulators intervene? 3

By Professor Anton Korinek, Darden School of Business and Research Associate at the Oxford Future of Humanity Institute. Gosia Glinska, associate director of research impact, Batten Institute for Entrepreneurship and Innovation, Darden School of Business

Recent news that Apple hit a market cap of USD2 trillion highlights an extraordinary success story: A once struggling computer-maker on the verge of bankruptcy innovates its way to becoming the most valuable publicly traded company in the United States.

Apple’s 13-figure valuation is indicative of a larger trend that is not entirely benign — the rise of a handful of superstar firms that dominate the economy. Over the past three decades, advances in information technology, mainly the Internet, have supercharged the superstar phenomenon, allowing a small number of entrepreneurs and firms to serve a large market and reap outsize rewards. And COVID-19 has greatly accelerated the phenomenon by pushing us all into a more virtual world.

Apple — along with Amazon, Facebook, Google, Microsoft and Netflix — is a case in point. The combined market value of those six companies exceeds USD7 trillion, which accounts for more than a quarter of the entire S&P 500 index. Even amid the pandemic’s economic wreckage, these megacompanies continue to prosper. The combined share price for Apple and its five peers was up more than 43 percent this year, while the rest of the companies in the S&P 500 collectively lost about 4 percent.[1]

Superstar firms can be found in almost every sector of the economy, including tech, management, finance, sports and the music industry. They command increasing market power, which has consequences for technological, social and economic progress. It is, therefore, critical to understand how their advantages arose in the first place.

THE FORCES BEHIND THE SUPERSTAR PHENOMENON

The “economics of superstars” was first studied by the late University of Chicago economist Sherwin Rosen. Forty years ago, Rosen argued that certain new technologies would significantly enhance the productivity of talented workers, enabling superstars in any industry to greatly expand the scope of their market, while reducing market opportunities for everyone else.[2] Digital innovations, including advances in the collection, processing and transmission of information, is what Rosen envisioned would lead to the superstar phenomenon.

Digital technologies are information goods, which are different from the traditional, physical goods in the economy. What it means is that fundamentally different economic considerations apply. Unlike physical goods — a loaf of bread or a car — information goods have two key properties: They are non-rival and excludable. Non-rival means that something can be used without being used up. Excludability means that an owner of digital innovation can prevent others from using it, by protecting it with patents, for example. These two fundamental properties of information goods are what give rise to the superstar phenomenon.

In a working paper I co-authored with Professor Ding Xuan Ng at Johns Hopkins University[3], we described superstars as arising from digital innovations that require upfront fixed costs that allow firms to reduce the marginal costs of serving additional customers.[4] For example, once an online travel agency has programmed its website at a fixed cost, it can easily displace thousands of traditional travel agents without much additional effort, scaling at near-zero cost.

Because a firm can exclude others from using its digital innovation, it automatically gains market power. The innovator then uses that power to charge a mark-up and earn a monopoly rent — basically, a price superstars charge in excess of what it costs them to provide the good — which we call the ‘superstar profit share’.

THE POLICYMAKER’S DILEMMA

In a vibrant free market economy, businesses compete for customers by innovating and improving their offerings while keeping prices low; otherwise, they are displaced by more innovative rivals entering the market. Unfortunately, the increasing monopolization of the economy by technology superstars is weakening the competitive environment around the world.

Monopoly power is the main inefficiency from the emergence of superstar firms, because superstars can exclude others from using the innovation that they have developed.

So, what policy measures can be employed to mitigate the inefficiencies arising from the superstar phenomenon?

We do have antitrust policies designed to promote competition and hence economic efficiency. Authorities could take a drastic measure and break up monopolies. Or they could tax all those excess profits megacompanies make.

Another policy to consider involves giving consumers control rights over their data. Right now, only companies have that data, and they are selling it. If you free it up and don’t allow them to sell it anymore, it reduces their monopoly profits. And if you give consumers more freedom over their data, they could, for example, share it with the latest start-up and create a more competitive landscape.

However, such policy remedies can be a double-edged sword. On the one hand, they reduce monopoly rents. On the other hand, they can also reduce innovation.

Innovation requires investments in R&D, which represent a significant sunk cost that only large firms can afford. Government regulations can easily backfire, discouraging large firms from making long-term R&D investments.

What, then, is the best policy intervention? Professor Ding Xuan Ng and I believe that basic research should be public. Digital innovations should be financed by public investments and should be provided as free public goods to all. This would make the superstar phenomenon disappear, and the effects of digital innovation would simply show up as productivity increases.[5]

We live in a brave new world that is increasingly based on information. Because the information economy is different from the traditional economy, antitrust policy should be revamped to reflect that. Instead of worrying about the economy being eaten up by these gigantic monopolies, policymakers need to focus on the question ‘What specific actions can we pursue to make the economy more competitive and efficient?’

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Data Unions, fisherfolk and DeFi 4 Data Unions, fisherfolk and DeFi 5
Finance3 hours ago

Data Unions, fisherfolk and DeFi

By Ruby Short, Streamr In the fintech world it seems every month there’s a new trend or terminology to get...

Deloitte: Middle East organizations need to rethink their workforce in the wake of COVID-19 6 Deloitte: Middle East organizations need to rethink their workforce in the wake of COVID-19 7
Top Stories4 hours ago

Deloitte: Middle East organizations need to rethink their workforce in the wake of COVID-19

Organizations in the Middle East have had to take immediate actions in reaction to the COVID-19 pandemic, such as shifting...

One in five insurance customers saw an improvement in customer service over lockdown, research shows 8 One in five insurance customers saw an improvement in customer service over lockdown, research shows 9
Top Stories4 hours ago

One in five insurance customers saw an improvement in customer service over lockdown, research shows

SAS research reveals that insurers improved their customer experience during lockdown One in five insurance customers noted an improvement in...

ECOMMPAY expands Open Banking payments solution to Europe 10 ECOMMPAY expands Open Banking payments solution to Europe 11
Finance4 hours ago

ECOMMPAY expands Open Banking payments solution to Europe

Open Banking by ECOMMPAY facilitates fast, secure and simple payments  International payment service provider and direct bank card acquirer, ECOMMPAY, has...

Bots Are People Too: Robotic Process Automation in Finance 12 Bots Are People Too: Robotic Process Automation in Finance 13
Technology4 hours ago

Bots Are People Too: Robotic Process Automation in Finance

By Tom Venables, Practice Director – Application & Cyber Security at Turnkey Consulting As technology has advanced, Robotic Process Automation...

The power of superstar firms amid the pandemic: should regulators intervene? 14 The power of superstar firms amid the pandemic: should regulators intervene? 15
Top Stories4 hours ago

The power of superstar firms amid the pandemic: should regulators intervene?

By Professor Anton Korinek, Darden School of Business and Research Associate at the Oxford Future of Humanity Institute. Gosia Glinska, associate...

How to drive effective AI adoption in investment management firms 16 How to drive effective AI adoption in investment management firms 17
Technology5 hours ago

How to drive effective AI adoption in investment management firms

By Chandini Jain, CEO of Auquan Artificial intelligence (AI) has the potential to augment the work of investment management firms...

Democratising today’s business software with integrated cloud suites 18 Democratising today’s business software with integrated cloud suites 19
Technology5 hours ago

Democratising today’s business software with integrated cloud suites

By Gibu Mathew, VP & GM, APAC, Zoho Corporation Advances in the cloud have changed the way we interact with...

Why the UK is standing tall at the forefront of fintech 20 Why the UK is standing tall at the forefront of fintech 21
Top Stories5 hours ago

Why the UK is standing tall at the forefront of fintech

By Michael Magrath, Director of Global Standards and Regulations, OneSpan In recent years, the UK has established itself as one...

How CFO’s can Help Their Businesses Successfully Navigate The Financial Fallout From COVID-19 22 How CFO’s can Help Their Businesses Successfully Navigate The Financial Fallout From COVID-19 23
Top Stories1 day ago

How CFO’s can Help Their Businesses Successfully Navigate The Financial Fallout From COVID-19

By Mohamed Chaudry, Group CFO of FoodHub 2020 has been one of the toughest years in recent memory for business....

Newsletters with Secrets & Analysis. Subscribe Now