Connect with us
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Technology

HOLLYWOOD CYBERCRIME SPREE OFFERS 10 TIPS FOR PROTECTING PERSONAL PRIVACY

Published

on

HOLLYWOOD CYBERCRIME SPREE OFFERS 10 TIPS FOR PROTECTING PERSONAL PRIVACY

By Robert Kang

Everyone has emails that they consider to be no one’s business except their own.  Our emails contain everything from tax returns to intimate photos meant only for someone special.  Imagine the horror if a hacker infiltrated an email account belonging to someone you knew and made those emails public.  Imagine the horror if it happened to you.

For many people, no imagination is needed, because it did happen to them.   This type of hacking is a crime and many hackers have been brought to justice.  But that doesn’t change the horror of being victimized.  This article walks through some of the country’s most prominent personal privacy hacks and shares tips for responding to similar attacks.  Learning what happened may help protect you and your loved ones from the same techniques used by these hackers.

Part 1:
Protecting yourself from 2010’s “Hollywood Hacker”
(Password Challenge Questions)

Renee Olstead is an actress and singer.  Olstead started acting when she was five years old, and has appeared in shows like “Touched by an Angel” and “The Secret Life of the American Teenager.”  She works hard and has a bright future.   Renee is also a survivor of sex-based computer hacking.

In 2010, a then-unknown hacker hacked into Olstead’s personal email accounts.  Her private photos, including nude photos, appeared on the internet, where they spread like wildfire.  It was a gross violation of her privacy.  Olstead even attempted suicide, though fortunately wasn’t successful.  She was only 21 at the time.

Olstead shared her story to a court in 2012 as follows.   “About two years ago, I received a phone call from (FBI) Agent (Josh) Sadowski informing me that my personal information had been compromised.  And basically that it was a matter of time before these images hit the internet . . .  I was humiliated.”

Olstead wasn’t alone.  Between November 2010 and October 2011, the FBI tied over 50 female victims to Olstead’s hacker.  The list reflected a “who’s who” of Hollywood: Scarlett Johansson, Mila Kunis and Christina Aguilera, among others. The widespread sharing of their intimate photos online created one of the most graphic events in American cyber history.  This mysterious assailant became known as the “Hollywood Hacker.”

The case ends with Olstead and Johansson learning their hacker’s identity, and even delivering some payback.  In 2012, the FBI tracked down and arrested Christopher Chaney, a then-35 year old man living in Jacksonville, Florida.  One technique law enforcement uses to find hackers involves tracking their Internet Protocol (IP) address.

Think of an IP address as the internet version of a calling card which is left behind when one computer talks with another.  Chaney had evaded capture using a service called “Hide My IP,” which masked his IP address.  However, the FBI was watching, and the one time Chaney slipped, the FBI found him.  On February 10, 2011, armed with a warrant, the FBI raided Chaney’s home and arrested him.  The trial court sentenced Chaney to ten years, and his sentence was affirmed on February 22, 2016, by the United States Court of Appeals for the Ninth Circuit.  Barring the unexpected, Chaney will remain a guest of the penal system for many years.

The sentencing phase of Chaney’s prosecution is where Olstead and Johansson came in.  Survivors are often reluctant to speak in court, which requires them to share intimate pain in a very public setting.  But victim impact statements are invaluable to putting criminals behind bars.  Olstead recounted her experiences in court. “I realized that suddenly I wasn’t the girl who works full time, is a full-time student still manages to make the Dean’s List,” she told the judge.  Instead, I was the girl who was naked on the internet.  And this is something that has followed me . . . it was the scariest moment of my life.”  Johansson also shared her story in court, via a recorded video statement.  “I have been truly humiliated and embarrassed,” she said.  “I find Christopher Chaney’s actions to be perverted and reprehensible. As long as he has access to a computer, Christopher Chaney continues to be a threat to women who believe email communications are personal and confidential.”

These statements impacted the judge, who referenced them and other victim statements, in sentencing Chaney.  Chaney’s ten year sentence was nearly twice the length proposed by prosecutors.

How did Chaney hack into his victims’ online accounts?  Was he a computer genius?  An inveterate hacker who played electronic hide-and-seek with the NSA in his spare time in a basement?

The answer might surprise you.

Chaney was not a professional hacker.  But he was a social engineer of sorts, and clever enough to figure out how people answer the “challenge questions” used by many online service providers to help users reset a lost or forgotten password.  We’ve all seen them: “What is your pet’s name?”  Or “What is the make of your first car?”   Most of us don’t think twice about answering those questions honestly.  Neither did Chaney’s victims.  That inclination to honesty gave Chaney his chance.

Like a detective, Chaney studied his targets: famous women.  He read magazines and news articles about them; he subscribed to online sources and databases like Intelius that compiled celebrity dossiers.  This careful research enabled Chaney to figure out the answers to many of the celebrity’s email password reset challenge questions.  For example, in one instance, Chaney successfully hacked into one celebrity’s account using the name of her pet.  After gaining access to the victim’s account, Chaney set it to automatically forward the victim’s emails to other accounts controlled by Chaney.  When the victim found herself locked out of an account, she assumed it was an electronic glitch and simply reset it.  But, like many of us, the victim didn’t think to check whether the account had been altered to forward emails automatically to someone else’s account.

Chaney’s work opened him up to a treasure trove of personal emails. He learned about Scarlett Johansson’s separation from Ryan Reynolds before the news became public, for example.  Before being arrested, Chaney also harvested intimate celebrity photos, many of which he shared with others.  The rest is internet history.

Part 1 Tips:

1. Be strategic when providing answers to password reset challenge questions.  Don’t use your actual mother’s maiden name, for example, but rather a word that only you would know.  Some services give you a range of questions.  Changing this personal habit is a good way to protect your online privacy.

  1. Be suspicious if you can’t open an email account.  If your password doesn’t work, don’t assume it’s a glitch.  Instead, treat it as a potential hack.  Inform your service provider.  And check that your account settings haven’t been tampered to forward emails automatically to a different email account.
  2. Want to learn more about challenge questions?  Click HERE – Security Questions Don’t Protect You: Here’s Why.

Part 2
Protecting Yourself from 2014’s “Celebgate” hacker
(Phishing Emails)

Crime never stops.  Two years after Chaney’s capture came “Celebgate” – the name of a hacking spree that, again, resulted in the viral posting of of intimate photos belonging to famous celebrities like Jennifer Lawrence and Kate Upton.  The event came to be known as “Celebgate” and “the Fappening.”

But while the attacks continued, so did the government’s commitment to capturing the guilty.   On March 15, 2016, the FBI and United States Attorney’s Office announced that a then-36 year old Pennsylvania man, Ryan Collins, signed a plea agreement, requiring him to plead guilty to two cyber crimes – felony violation of the computer Fraud and Abuse Act and violation of the unauthorized access to a protected computer system laws.  (Related – Hacker Admits to Stealing Celebrity Nude Photos, Takes Plea Deal). He one of several criminals caught in connection with the Fappening, all of whom used similar techniques to gain unlawful access to their victims personal information.

In order to gain access to his victims’ accounts, Collins, and others like him, engaged in “phishing” – a hacking technique that involves creating fake email accounts that look trustworthy.  For example, Collins created email accounts with names like “[email protected]” and ”[email protected]”  Using these fake accounts, Collins sent emails to celebrities, asking them (or asking the people managing those accounts) for account and password information.  If he was successful, Collins downloaded the contents of a victim’s email or cloud storage account.

As part of the plea deal, prosecutors recommended an 18-month prison sentence, though the trial judge may choose to impose a different one.  Collins was sentenced on October 26, 2016, in a federal courthouse in Harrisburg Pennsylvania.  The United States Attorney’s Office noted that investigators have not uncovered evidence linking Collins to the actual leaks comprising the Fappening, or that he shared or uploaded the information that he obtained. The hunt continues.

Part 2 Tips:

4.Phishing emails are everywhere; don’t take the bait.  View emails asking for your password or other account information with suspicion.  Phishing emails often ask for account information, in order to “verify” security.  But even if you decide to change a password, don’t click on any links within the email.  Instead, go to the account website and change the password directly.

  1. Use two-factor authentication where available.  Many online services allow users to add an additional step before logging into an account, such as the use of a unique code sent to the user’s phone at the time of login. It’s a minor inconvenience that is worth the effort.
  2. Use long, strong passwords that include a mix of numbers, letters and special characters.  Need tips?  Click HERE – Microsoft – Tips for creating a strong password.
  3. Want to learn more about phishing?  Click HERE – NCSC’s Know the Risk – Raise your Shield: Spear Phishing.

Part 3:
Protecting yourself from other hacking methods
(working with law enforcement)

Starting this article with celebrity hacks may give the impression that the criminal justice system only moves for the rich and famous.  Not true: celebrity hacks gain major media attention, but they represent only a fraction of successfully prosecuted sex-based cyber crimes.

Assistant United States Attorney Lisa Feldman explains.  A career cyber prosecutor with the United States Attorney’s Office for the Central District of California, Feldman and her colleagues are at the forefront of catching and prosecuting cyber criminals.

“We’re talking about the Chaney (celebrity) hacking case,” notes Feldman during an interview.  “But most of the victims we work with aren’t celebrities.  They’re regular people.  And we put the same effort into prosecuting those cases as we do the celebrity cases.”  These aren’t empty words.  Especially in recent years, police and prosecutors have racked wins against sex-based cyber criminals across the nation from California to Florida.

Feldman notes the sobering reality that many crimes go unreported, however.  She cites the arrest and conviction of Luis Mijangos as an example.  At the time of his arrest, Mijangos was a 32 year old man living in Santa Ana, California.  Mijangos used many of the same techniques used by other hackers, such as phishing, to gain access to his victims’ computers and accounts.  But where Chaney and Collins primarily collected intimate photos, Mijangos engaged in “sextortion” – a malign, interactive type of cyber crime.  For example, in addition to harvesting intimate photos, Mijangos, a more skillful hacker than Chaney and Collins, would control the webcams built into his victims’ computers and use them to photograph women in their private moments.  Mijangos would then contact the women to blackmail them into sending him even more nude photos.  “I never knew if it was someone that I knew or if it was a complete stranger (who attacked me,)” recounted one victim during the sentencing portion of Mijangos’ eventual prosecution.  “It would be in the back of my mind no matter where I went or who I went with.  It was always there.”

Mijangos came to law enforcement’s attention after one of his victims reported his crime.  The FBI caught Mijangos after backtracking though some of the emails he sent to that victim to domains registered in his name. But the horror is that Mijangos’ computers showed he had victimized over 200 people, including over 30 underage girls.  None of the underaged victims reported the crime to law enforcement.  Why?

“They were young,” says Feldman, as she recounts the reasons people hesitate to report such crimes. “They are often afraid their parents will find out.  They might also be scared to tell people they’ve been victimized.  They may blame themselves.  And criminals like Mijangos know how to exploit that fear and threaten their victims into keeping quiet.  It’s really scary for them.  But we hope they tell us, so we (law enforcement) can help them.”

Feldman understands the difficulty that victims and survivors face in reporting sex-based crimes and tries to help members of the public understand their options before disaster strikes.  In addition to comforting individual victims, Feldman teaches safe cybersecurity habits in her spare time to the public.  It’s a form of community outreach intended to build trust between the public and law enforcement.  Her audiences include schoolchildren and their parents.  Nor is she alone.  Many of her colleagues – including her high ranking supervisors – similarly volunteer their time.  Tracy Wilkison, the Chief of the Cyber and Intellectual Property Crimes Section in Feldman’s office, shared her motivations for volunteering: “Because cybercrimes can happen to anyone, it’s important for us not only to vigorously investigate and prosecute the crime after it has happened, but to also reach out and teach prevention as widely as possible,” said Wilkison.  “We are providing tips to better protect oneself, as well as spreading the word that law enforcement can be trusted to support and aid victims of cybercrimes. We understand how horrifically violated the victim can feel, and we work very hard to help.”

Working with law enforcement requires courage on the part of a cyber crime survivor.  But, as with the Chaney prosecution, the results of such cooperation can be powerful.  In the Mijangos case, one of his victims, identified as “JM” explained why she overcame a clear fear of her attacker to work with law enforcement.  “He was threatening to ruin my work, to talk to my employers and send them pictures that he had personally grabbed also from my personal computer,” she explained during a court hearing.  “I would log onto work, he would somehow just pop up on my computer and call me a bi*ch . . . I started throwing up.  I got a rash, developed a rash on my face, and I just couldn’t go to work.”  But JM found it important to stop Mijangos. “Prior to being a victim of this man, I was a victim of domestic violence,” she told the judge, “and I would tell you that there is no difference (between the two.)  And being so that I had just been a victim of (domestic violence) is why I decided to stand up to him.”

JM’s message came through loud and clear.  In 2011, the judge sentenced Mijangos to six years in prison.

Part 3 Tips:

      8.Contact law enforcement if you believe you were the victim of a crime.  Encourage your friends and loved ones, who may have been victimized, to do the same.  Anyone can be a victim, even celebrities who may be someone’s personal hero.  Stars like Olstead and Johansson found the courage to share their stories publicly, and their courage contributed to the long sentence that shackles Chaney.  Mijangos was convicted after one survivor found the strength to report the crime and work together with law enforcement.

  1. Cover your computer’s built-in webcam when not in use.  Sophisticated hackers like Mijangos can use it to take photos, even when the camera looks like it’s off.
  2. Learn more about protecting personal privacy.  This article only touches the surface of available defenses.  The Department of Homeland Security, in particular, has created cybersecurity guides geared towards protecting people from all walks of life, from children to undergraduate students to elder Americans.  (LINK – DHS Guides).Final Takeaways
    Our online accounts represent a treasure trove of intimate information.  Law enforcement has scored big victories in capturing and prosecuting offenders.  But the first line of defense rests with each of us.  Completely protecting oneself from cyber criminals is a full-time job.  But it is possible to reduce the risk of being low hanging fruit by learning how to protect yourself against the methods employed by hackers like Chaney, Collins and Mijangos.  And share the courage shown by survivors such as JM, Renee Olstead and Scarlett Johansson, with others.  Their courage may inspire other survivors of cybercrime to contact law enforcement.

 

Technology

Hybrid Cloud Application Delivery in Financial Services

Published

on

Hybrid Cloud Application Delivery in Financial Services 1

How are Financial Services Firms Addressing the Requirements of Digital Transformation, Security, and Compliance?

By Adrian Taylor, Regional VP of Sales for A10 Networks 

The financial services sector is experiencing significant commercial disruption coupled with rapid innovation as established institutions strive to become more agile and meet evolving customer demand. As a result, financial services organisations are undergoing rapid digital transformation to meet changing customer needs and preferences, and to compete with a new generation of digital-native competitors. Hybrid cloud environments play a key role in this strategy, allowing greater speed, flexibility, and visibility over application delivery than on-premises data centres while also reducing costs.

But the move to hybrid cloud introduces new challenges as well. So, as financial services organisations plot their strategy for transformation, firms must make critical technical decisions about the clouds and form factors best suited to host their hybrid environment. They also need to consider how they will secure web applications against evolving threats such as ransomware, data theft, and DDoS attacks through measures such as DDoS protection and using a Zero Trust model. At the same time, they must also maintain regulatory compliance, governance, and auditability across complex, fast-evolving infrastructures.

To understand more about these challenges, we recently conducted a survey with Gatepoint Research involving senior decision-makers to gain insight into the current state of financial services technology and the future direction for organisations in this sector. Here are some of the key findings:

Today’s Financial Services Technology Landscape

Although financial services businesses are making a steady move to the cloud for application delivery, on-premises data centres continue to play an important role.

While adoption of public cloud infrastructure is strong, with almost half of those surveyed hosting applications primarily in the cloud, most respondents (58 percent) continue to rely primarily on their private on-premises data centre for application delivery. 35 percent of organisations described their environment as hybrid cloud, though with an emphasis on their own private data centre. This shows that even as transformation continues, the traditional data centre remains prominent in the technology strategy of financial services organisations.

That said, the balance between on-premises and cloud infrastructure may well shift soon. When respondents were asked about their plans for the coming year, 57 percent of decision-makers reported that they intend to move more applications to the cloud.

Ransomware and PII Lead Security Concerns

Today, financial services organisations face a broad spectrum of security threats, including many being targeted at sensitive customer data.  The survey highlighted that organisations’ biggest security concerns or consequences were ransomware (57 percent); personally identifiable information (PII) data theft (55 percent); and phishing or fake sites (49 percent).

While threats to customers and their data are seen as the highest risk, dangers to the company’s brand image and reputation were not far behind. 38 percent of leaders cited concerns about hacking and cyber defacement, tied with brand damage and loss of confidence. Nearly as many (37 percent) were concerned about DDoS attacks, which can undermine a firm’s perception among customers through impaired service quality and customer experience. Meanwhile, insider attacks remain an issue, named by 28 percent of respondents, if not quite at the same level as most external threats.

To address the changing security landscape, many organisations have started initiatives around the Zero Trust model, in which traditional concepts of secured zones, perimeters, and network segments are updated with a new understanding that a threat can come from anywhere or anyone inside or outside the organisation. As of June 2020, 41 percent of respondents had already established a timeline for their Zero Trust model initiative with 15 percent having projects currently underway. Still, nearly two-thirds have no current plans or initiatives around the Zero Trust model.

Moving to Improve Flexibility, Agility, Scalability and Security

Technologies and strategies planned for the coming year reflect a key focus on the competitive requirements of fast-paced digital markets. The top-two initiatives included moving from hardware appliances to more flexible software form factors and deploying hybrid cloud automation, management, and analytics to increase operational efficiency.

With DDoS attacks a prime concern, 29 percent of respondents planned to deploy or replace an existing web application firewall (WAF) or DDoS protection solution. Surprisingly, even several years after the introduction of modern Perfect Forward Secrecy (PFS) and Elliptical Curve Cryptography (ECC) encryption standards for enhanced security, 29 percent of organisations are only now working to upgrade their Transport Layer Security (TLS) capabilities to support these technologies.

Even as cloud adoption continues to be strong, five percent of decision makers intend to repatriate applications from private cloud environments to their private data centre. While not a high number, this is not entirely insignificant. Given the diversity of form factors, architectures, and deployment methods to choose from, it is important to make sure that the approach fits the organisation’s needs before proceeding.

Addressing the Requirements of Hybrid Cloud and Rising Demand

Moving forward, decision-makers view capabilities related to risk as especially important for their financial platforms. When it comes to the most important capabilities for financial platforms running in hybrid cloud environments, regulatory compliance, comprehensive application security and redundancy/disaster recovery are top must-haves.

In addition to the importance placed on redundancy/disaster recovery, many respondents (43 percent) named centralised management and analytics as important capabilities. Along with elastic scale for variable/seasonal demands (25 percent), this shows a recognition of the requirements to provide effective service through redundancy, scalability, and a sound infrastructure.

Compared with risk-related and operational priorities, cost saw considerably less emphasis in the survey. While 28 percent of respondents placed importance on automation for operational efficiency and reduced costs, just 18 percent prioritised flexible licensing and pricing.

Desired Benefits from New Technology Investments

As they plan new technology investments, decision-makers are motivated foremost by risk reduction—far outpacing business factors such as revenue, customer experience, and competitive advantage.

By a large majority, security was the most likely benefit to spur funding for new technology. Operational considerations followed, including operational improvements (65 percent) and cost savings (63 percent). Regulatory compliance, emphasised earlier in the survey as a priority for a hybrid cloud requirement, was not necessarily top-of-mind in the technology funding stage—but still of high importance (57 percent). Revenue generation was named as a highly important benefit by only 35 percent, followed by customer satisfaction at 32 percent. Even in an industry undergoing rapid digital transformation, just 32 percent of decision-makers cited business advantage from new technology as a prime factor—and only 17 percent were moved by the ability to accelerate development speed.

The results of the survey offer a snapshot of an industry in transition, as decision-makers seek to keep control over security and compliance and maintain operational consistency, as they look to tap into the agility and scalability of the cloud. It is clear that, while security is important for digital transformation initiatives, application delivery and managing multi-cloud environments are of equal importance.  Above all financial services organisations must maintain their good reputation and ensure customer trust. Firms must demonstrate that they are protecting customer assets, providing an ultra-reliable service, working with trustworthy partners and reducing risk to the business.

Continue Reading

Technology

Creating a culture of cybersecurity in Financial Services

Published

on

Creating a culture of cybersecurity in Financial Services 2

By Martin Landless, Vice President for Europe at LogRhythm

As the financial services sector increasingly moves online and reaps the benefits of the modern digital economy, the sector has become an even more tantalising target for cybercriminals.  Financial data is among the most lucrative data types for cybercriminals, going for high prices on the Dark Web or used to access accounts, copy payment cards and make fraudulent purchases.

For any business which suffers a successful cyberattack, the consequences can be severe. A halting of business processes whilst the business gets up and running again can impact the bottom line, negative media attention can dent customer confidence, and the potential for a large General Data Protection Regulation (GDPR) fine can derail existing plans for business growth.

These consequences will be front of mind for financial services leaders now, as the sector has found itself in the crosshairs even more so during the current pandemic. Recent data from VMWare indicates that cyberattacks against the financial sector increased by 238 per cent from February to April 2020, with cybercriminals looking to take advantage of the tumult to steal valuable data.

Although financial services institutions find themselves under attack more frequently than ever, it is still possible to remain at the forefront of the digitalisation of the industry and remain secure. Doing so relies on a three-pronged approach, with people, processes and technology all working in concert towards ensuring cybersecurity. Through a holistic approach, a culture of cybersecurity can be created that protects institutions.

Security maturity

Given the sensitivity of the data they manage, financial services organisations must have a mature security operation model in place to deal with threat actors. Security operations maturity is measured based on two variables: mean time to detect (MTTD) threats and mean time to respond (MTTR) to them.

A reduction of both MTTD and MTTR is crucial to ensuring cyberattacks are halted earlier in the threat lifecycle, and is reliant on technological solutions which allow for the automation of workflows. This frees up vital time for security teams to focus their attention where it is most needed. Indeed, a recent survey of security professionals and executives found that 47 per cent[1] of those surveyed felt that they needed increased security teams, so anything that can maximise the effective time of existing cybersecurity personnel is a huge benefit. Visibility across networks and systems is also key, as cybersecurity teams must be able to immediately see shifts in behaviour in the network to recognise imminent threats as they arise.

Although technological innovation in security response is a strong foundation for an effective culture of cybersecurity, this must be complemented with processes and security training for employees.

Ensuring cybersecurity is a board-level issue

It is the responsibility of the CISO and the security team which works under them to ensure that security is front of mind for all employees. A chain is only as strong as its weakest link, and it only takes one employee falling victim to a phishing email to compromise a business. CISOs may be senior figures in a business, but they need the support of the rest of the C-suite to fulfil their goals. At the board level, CISOs must ensure that executives are aware and fully understand the challenges security teams encounter day to day and the longer term[2].

Martin Landless

Martin Landless

This then becomes a matter of communication rather than technology. One potential means of communicating security posture to the board is by focusing on the benefits and return on investment an effective security posture can entail. Additionally, a CISO can furnish a high trust environment through partnering a member of the board with the security team.

This partner can articulate perspective to the team from a purely business standpoint, allowing the team to produce intelligence to the board that exhibits the business value of the security operation centre’s (SOC’s) methods and goals. This collaborative approach will encourage the understanding security teams have for business goals and the board’s understanding of security necessity.

Growing security alongside the business

One area of understanding between security team and leaders that should be nurtured is the impact of business growth on security. Although business growth indicates that a business is in robust health, it also facilitates multiple avenues through which a company can come under cyberattack.

Firstly, don’t assume cybercriminals aren’t keeping an eye on the markets and on the business pages. They’ll be aware of a company’s raised profile and whether they’re now a more lucrative target – or not. Positive business events like mergers and acquisitions can also present opportunities for cybercriminals. On a tech level network and security systems of different companies may be in the process of being migrated and integrated, and on a more human level, new staff, as yet unaware of the security protocols of the company they’re joining, can be targets.

It’s important then that security teams ensure each new employee is vetted, safely added to the system and trained on appropriate security protocol. In the case of acquisitions, security teams must effectively monitor new structures that are added to the network, and third-party connections with whom they are not yet familiar. A Gartner study earlier this year identified third-party cybersecurity risk as a key concern for half of legal and compliance leaders.

This is all easier said than done however, and key to this issue is security budget, and it is here board-level support is important. Security budgets are often determined in advance and follow two common pricing models used by security vendors: the user-based model and capacity-based model. In the face of growth, both are fixed, and may leave security teams making difficult decisions as to where they safeguard their organisations.

Executives should instead look for security vendors which offer a subscription-based model. This offers the guarantee of scalable security at a determined rate, which will greatly alleviate the stress felt by security teams in what often should be an exciting time for an entire organisation.

Changing security budgets to better facilitate the work of SOCs represents a culture of cybersecurity being put into practice. Technological solutions are provided based on an understanding between security teams and the board on what is needed, allowing for better performance in MTTR and MTTD.

Security posture needs to be fixed now

Covid-19 has heightened the risks faced by cybersecurity teams and financial services organisations, and now, more so than ever, is it vital to foster a culture of cybersecurity. The benefits of digitalisation for financial services are too great to ignore, and failure to embrace digitalisation in the name of security will hamper financial services’ growth. Instead, a holistic approach encompassing people, process and technology will be vital to forging a secure path forward in the financial services industry.

[1]https://gallery.logrhythm.com/white-papers-and-e-books/uk-the-state-of-the-security-team-research-report.pdf

[2]https://gallery.logrhythm.com/white-papers-and-e-books/uk-gain-board-level-support-for-your-security-program-e-book.pdf

Continue Reading

Technology

VP Bank Selects AxiomSL to Meet Multi-Jurisdictional Risk and Regulatory Reporting Requirements

Published

on

VP Bank Selects AxiomSL to Meet Multi-Jurisdictional Risk and Regulatory Reporting Requirements 3

Consolidates bank’s reporting on a single platform for financial/statistical, AnaCredit, and CRR2/Basel-driven mandates including ICAAP and ILAAP, and provides foundation for strategic expansion

AxiomSL,  the industry’s leading provider of risk and regulatory reporting solutions, today announces that VP Bank, one of the largest banks in Liechtenstein,  has selected AxiomSL’s ControllerView® data integrity and control platform, as a foundation for its risk and regulatory compliance across Liechtenstein, Luxembourg, Singapore and Switzerland, – encompassing financial and statistical reporting such as CSSF,  FINMA, AnaCredit for EBA, MAS 610 for Singapore, and CRR2- and BCBS-driven requirements including ICAAP and ILAAP for FMA.

The high-performance, fully integrated, data-driven platform will enable VP Bank to manage an array of risk and regulatory mandates on a single platform, with full transparency across all processes from ingestion, calculation, reconciliation, and validation to submission. VP Bank will use the platform strategically to further data harmonization, streamline processes, enhance automation, bolster internal controls, and strengthen risk and regulatory reporting across the enterprise.

“Selecting AxiomSL will enhance the value of our investment in regulatory technology, optimize efficiency, and deliver business insights,” stated Robert Kilga, Head of Group Financial Management & Reporting, VP Bank. “With AxiomSL’s single platform, we can ingest data in its native format from multiple sources thus creating synergies between capital, liquidity, and other business functions enterprise-wide,” he continued. “AxiomSL’s system provides intuitive, hands-on transparency into all processes from inception to filing, enhancing our confidence in the data integrity and auditability of our reporting, and enabling us to meet ever-changing regulatory requirements”.

“We are thrilled that VP Bank, such a well-respected institution, has joined our esteemed user community in the DACH region and globally,” said Claudia Thurner, EMEA General Manager, AxiomSL. “In these times of global uncertainty, complying with a wide range of regulatory and risk requirements across jurisdictions is more complex, data intensive, and time sensitive than ever. Financial institutions require a reliable technology partner who can provide global coverage while understanding the intricacies of local and regional regulatory demands,” Thurner continued. “Our industry and technical expertise will enable VP Bank to streamline their processes, scale faster, and adapt swiftly and confidently to change. We look forward to a strong and strategic collaboration with VP Bank in support of their vision and growth journey”.

With the upcoming Basel IV-driven expansion, financial institutions like VP Bank are faced with the next generation of capital requirements that can easily overwhelm systems if they lack the data transparency, proper methodologies and controls to perform calculations accurately across all risk types. These calculations may have a profound effect on the banks’ portfolio management and even the entire business model.

To address these challenges, AxiomSL’s Basel Capital Solution incorporates a flexible data dictionary architecture, seamless calculation updates, full drilldown to data and processes, transparency into model calculations, and dynamic data lineage. In addition, AxiomSL’s regulatory experts provide VP Bank with a highly efficient change-management mechanism that enables them to be current with all Basel-driven changes.

Continue Reading

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Hybrid Cloud Application Delivery in Financial Services 4 Hybrid Cloud Application Delivery in Financial Services 5
Technology3 mins ago

Hybrid Cloud Application Delivery in Financial Services

How are Financial Services Firms Addressing the Requirements of Digital Transformation, Security, and Compliance? By Adrian Taylor, Regional VP of...

How we as female entrepreneurs can inspire and educate the next generation of female leaders 6 How we as female entrepreneurs can inspire and educate the next generation of female leaders 7
Business15 mins ago

How we as female entrepreneurs can inspire and educate the next generation of female leaders

By Vaishali Shah, serial entrepreneur. There is tremendous enthusiasm and aspiration amongst the next generation of women who are passionate...

Digital collaboration: Shaping the Future of Finance 8 Digital collaboration: Shaping the Future of Finance 9
Top Stories22 hours ago

Digital collaboration: Shaping the Future of Finance

By Ryan Lester, Senior Director of Customer Experience Technologies at LogMeIn With heightened economic uncertainty and increased customer expectation becoming...

The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk    10 The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk    11
Business22 hours ago

The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk   

Research by Egress reveals organisations suffer outbound email data breaches approximately every 12 working hours  Egress, the leading provider of human layer data security solutions, today released their 2020 Outbound Email Data...

Regulating innovation: the biggest challenge in payments 12 Regulating innovation: the biggest challenge in payments 13
Finance23 hours ago

Regulating innovation: the biggest challenge in payments

By Fady Abdel-Nour, Global Head of M&A and Investments, PayU Over the course of the last six months, the payments...

Investors remain worried about COVID, but positive towards stamp duty holiday 14 Investors remain worried about COVID, but positive towards stamp duty holiday 15
Investing23 hours ago

Investors remain worried about COVID, but positive towards stamp duty holiday

By Jamie Johnson, CEO of FJP Investment The journey back to economic normality will be strenuous. COVID-19 has imbued many...

Creating a culture of cybersecurity in Financial Services 16 Creating a culture of cybersecurity in Financial Services 17
Technology23 hours ago

Creating a culture of cybersecurity in Financial Services

By Martin Landless, Vice President for Europe at LogRhythm As the financial services sector increasingly moves online and reaps the...

How the financial sector can keep newly acquired customers returning time and time again 18 How the financial sector can keep newly acquired customers returning time and time again 19
Finance23 hours ago

How the financial sector can keep newly acquired customers returning time and time again

By Dicken Doe from Foolproof, a Zensar company Covid-19 has changed the financial lives of millions; what worked for people...

Creating an engaging email marketing campaign that avoids the junk folder 20 Creating an engaging email marketing campaign that avoids the junk folder 21
Business23 hours ago

Creating an engaging email marketing campaign that avoids the junk folder

By David Wharram, CEO of Coast Digital With more than 280 billion emails sent every day, email marketing is a...

Cloud in Banking: An Opportunity That Can’t be Ignored 22 Cloud in Banking: An Opportunity That Can’t be Ignored 23
Banking24 hours ago

Cloud in Banking: An Opportunity That Can’t be Ignored

By David Rimmer, Research Associate at Leading Edge Forum Originally offered as a better way to build IT systems, cloud...

Newsletters with Secrets & Analysis. Subscribe Now