Connect with us

Technology

How financial institutions can keep data safer

Published

on

How financial institutions can keep data safer

By Matt Lock, Technical Director at Varonis

Matt Lock

Matt Lock

The financial sector is a prime target for threat actors looking to make money by infiltrating corporate networks to steal data or insider information or install ransomware. Not only could this result in the loss of data, funds and reputation, but it could also land the concerned institution with a large fine from regulators.In 2018 the FCA issued fines totalling more than £60 million, a sizeable proportion of which was due to data breaches.

Unfortunately, many banks and financial institutions are making life easier for those wishing to steal critical information from them simply as a result of poor cyber security practices. This often comes down to how security risks are prioritised within the business,which is the responsibility of the C-suite. They must understand and keep up to date on the latest threats and the tactics cybercriminals use. This will help inform the appropriate allocation of budgets and resources in line with the level of risk.

Reduce exposed data

Some of the biggest risk factors that financial institutions face is unmanaged access to data and storing too much unused and unnecessary data on their networks.

For instance, in one organisation we discovered a payroll file open to the entire company. Even the receptionist on the front desk could easily access confidential payroll files through her account.

This company isn’t alone. Varonis research found that the average organisation operating in the financial industry leaves one in five (21 percent) of its sensitive files and folders exposed.On average, financial institutions had 352,700 unprotected, sensitive files accessible to anyone on the corporate system.

This is a concern for a number of reasons. Firstly, unrestricted access to files means that anyone in an organisation can view and alter files regardless of their job role,whether they genuinely need access or not.For example, should a temporary consultant be able to access and change a client’s personally identifiable information (PII)?As such, if any unauthorised changes are made to a file, or it is leaked outside the organisation, there is little insight as to how this happened or who is responsible.

Secondly, if a threat actor does manage to infiltrate a corporate network, they will have unfettered access to any data that is not restricted. The implication is that hundreds,or even thousands,of files could be quickly and easily stolen before an information security team is even aware there is an unauthorised person on the system.Permissive access can have significant implications if an organisation falls victim to ransomware; if the individual that is compromised has global access rights, all the data that they can access will be encrypted.

To reduce exposure and keep these files and folders safe, financial institutions need to operate a policy of “least privilege”, where employees only have access to the data needed to carry out their roles. Measures for implementing a least privilege approach to information security include: removing global access to data; ensuring that all data has an owner or steward and regularly re-certifying access to reflect role changes or staff leaving.

Automation plays a key role in enforcing least privilege as it can be used to discover those accounts that have access to information they do not need for their job role.

Crack down on overdue passwords

When looking to protect access to data through login details, setting expiry dates for passwords is essential, as this forces users to create new ones on a regular basis. If there is no end date, threat actors have longer to figure out what a particular password is, and it gives them unlimited time once they are in a corporate network.Creating an end date for passwords also means that it is less likely that the credentials of someone who has left the company will still be valid and provide a threat actor with a way into a network. Yet despite the clear benefits, our research found that 38 percent of users had passwords that never expire.

Remove stale data

Another significant issue affecting the security of organisations is data that is out of date, no longer in use or just generally redundant, known as stale data.Holding on to that data unnecessarily simply creates more challenges, not only security risks but also management and storage costs.

Our research discovered that more than half (53 percent) of all data in a company is stale, and nearly nine out of 10 (87 percent) companies have more than 1,000 stale files – seven out of 10 (71 percent) have upward of 5,000.

Financial organisations need to know exactly what data they have on their corporate networks and where it is. This is not only beneficial for security issues, but it can also help improve the overall business. For starters, the less data an organisation has to keep, the less it needs to spend on storage. Then there are Data Subject Access Requests (DSARs), which enable individuals to request any information that a company holds on them and how it is being used. Under the GDPR the timeframe for responding to these requests has been reduced from 40 days to a calendar month and organisations can no longer charge a fee.Financial institutions need to know what and where this information is if they are to have any chance of responding to the DSAR within the time limit.

Regain control

To take back control of their data, financial institutions need to conduct a complete analysis of all the folders and files on their corporate networks down to granular detail. This must highlight data that is stale and enable an organisation to either delete it from the system or archive it. The analysis should also identify who has access to which files and folders to allow permissions to be changed so that they are only accessible to those that need them for their work,based upon the least privilege approach.

Protecting data should the top business priority for the C-suite of financial institutions. Doing so not only protects the integrity of customers’ data but also guards the business from reputational damage, the potential loss of income, and the risks of hefty fines.

Technology

How to Build an AI Strategy that Works

Published

on

How to Build an AI Strategy that Works 1

By Michael Chalmers, MD EMEA at Contino

Six steps to boosting digital transformation through AI

In the age of artificial intelligence, the way we interact with brands and go about our work and daily lives has changed. No longer blithe buzzwords, AI tools and algorithms are solving real business problems, streamlining operations, boosting productivity, improving customer experience, and creating opportunities for advantage in a competitive marketplace.

However, many businesses struggle to unlock the full benefits that come with its adoption across the whole organisation. Making the most of AI requires a strategic focus, alignment with the specific operating model of the business, and a plan to implement it in a way that delivers real value.

Not all AI strategies are equal. To be successful, businesses need to set out how the technology will achieve objectives and identify the specific assets and case uses that will set them apart from competitors. The process of creating and delivering a successful AI strategy includes the following six essential elements that will help to bake in business success.

  1. Start with your vision and objective

One slip-up companies often make when developing an AI strategy is a failure to match the vision to the execution. Almost inevitably, this results in disjointed and complicated AI programmes that can take years to consolidate. Choosing an AI solution based on defined business objectives established at the start of a project reduces the risk of delay and failure.

As with any project or initiative, it’s crucial to align your corporate strategy with measurable goals and objectives to guide your AI deployment. Once a strategy is set and proven, its much quicker and easier to roll it out across divisions and product teams, maximising its benefits.

  1. Build a multi-disciplinary team 

AI is not an island. Multi-disciplinary teams are best placed to assess how the AI strategy can optimally serve their individual needs. Insights and inputs from web design, R&D and engineering will together ensure your plan hits objectives for key internal stakeholders.

It’s also important to recognise that with the best will and effort, the strategy might not be the perfect one first time around. Being prepared to iterate and flex the approach is a significant success factor. By fostering a culture of experimentation, your team will locate the right AI assets to form your unique competitive edge.

  1. Be selective about the problems you fix first

Selecting ‘lighthouse’ projects based on their overall goals and importance, size, likely duration, and data quality allow you to demonstrate the tangible benefits in a relatively short space of time. Not all problems can be fixed by AI, of course. But by identifying and addressing issues quickly and effectively, you can create beacons of AI capability that inspire others across the organisation.

Lighthouse projects should aim to be delivered in under eight weeks, instead of eight months. They will provide an immediate and tangible benefit for the business and your customers to be replicated elsewhere. These small wins sow the seeds of transformation that swell from the ground up, empowering small teams to grow in competency, autonomy and relatedness.

  1. Put the customer first, and measure accordingly

Customer-centricity is one of the most popular topics among today’s business leaders. Traditionally, businesses were much more product-centric than customer-centric. Somebody built products and then customers were found. Now, the customer is, and should be, at the heart of everything businesses do.

By taking a customer-centric approach, you will find that business drivers determine many technology decisions.  When creating your AI strategy, create customer centric KPIs that align with the overall corporate objectives and continually measure product execution backwards through the value chain.

  1. Share skills and expertise at scale through an ‘AI community of practice’

The journey to business-wide AI adoption is iterative and continuous. Upon successful completion of a product, the team should evolve into what’s known as an ‘AI community of practice’, which will foster AI innovation and upskill future AI teams.

In the world of rapid AI product iterations, best practices and automation are more relevant than ever. Data science is about repeatable experimentation and measured results. Suppose your AI processes can’t be repeated, and production is being done manually. In that case, data science has been reduced to a data hobby.

  1. Don’t fear failure: deploying AI is a continuous journey 

The formula for successful enterprise-wide AI adoption is nurture the idea, plan, prove, improve and then scale. Mistakes will be made, and lessons learned. This is a completely normal – and valuable – part of the process.

Lighthouse projects need to be proven to work, processes need to be streamlined and teams need to upskill. Businesses need a culture of learning and continuous improvement with people at the centre, through shorter cycles, to drive real transformation.

An experimental culture and continuous improvement, through shorter cycles, can drive real transformation. A successful AI strategy acts as a continually evolving roadmap across the different business functions (people, processes and technology) to ensure your chosen solutions are working towards your business objectives. In short, let your business goals guide your AI transformation, not the other way around.

Continue Reading

Technology

Iron Mountain releases 7-steps to ensure digitisation delivers long-term benefits

Published

on

Iron Mountain releases 7-steps to ensure digitisation delivers long-term benefits 2

Iron Mountain has released practical guidance to help businesses future-proof their digital journeys. The guidance is part of new research that found that 57% of European enterprise plan to revert new digital processes back to manual solutions post-pandemic.

The research revealed that 93% of respondents have accelerated digitisation during COVID-19 and 86% believe this gives them a competitive edge. However, the majority (57%) fear these changes will be short-lived and their companies will revert to original means of access post-pandemic.

“With 80% still reliant on physical data to do their job, now is a critical time to implement more robust, digital methods of accessing physical storage,” said Stuart Bernard, VP of Digital Solutions at Iron Mountain. “Doing so can enhance efficiency and deliver ROI by unlocking new value in stored data through the use of technology to mine, review and extract insight.”

Why revert?

When COVID-19 hit, companies had to think fast and adapt. Digital solutions were often taken as off-the-shelf, quick fixes – rarely the most economical or effective. But they are delivering benefits – those surveyed reported productivity gains (27%), saving time (20%), enhancing data quality (13%) and cutting costs (12%).

So what now?

The Iron Mountain study includes guidance for how to turn quick-fixes into sustained, long-term solutions. The seven-steps are designed to help businesses future-proof their digital journeys and maximize value from physical storage:

1)     Gather insights: The COVID-19 pandemic allowed organisations to test and learn. Companies should ensure these insights are fed into developing more robust solutions.

2)     Use governance as intelligence: Information governance and compliance are fundamental to data handling. But frameworks aren’t just a set of rules, they hold valuable insights that can be turned into actionable intelligence. Explore your framework to extract learnings.

3)     Understand your risk profile: A key early step is to analyse where you are most vulnerable. With data in motion and people working remotely, which records are at risk? What could be moved into the cloud? Are your vendors resilient?

4)     Focus where you will achieve greatest impact: To prioritise successfully, you need to know where you will achieve the largest impact. This involves looking beyond initial set-up costs towards the holistic benefits of digitisation, including reducing time spent on manual scanning, and the risk of compliance violations.

5)     Reach out and collaborate: We are all in this together. Your IT, security, compliance and facility management teams are all facing the same challenges. Ensure you collaborate across functions to develop robust, integrated solutions.

6)     Find a provider who can relate to your digital journey: For companies that still rely heavily on analogue solutions, digitisation can be daunting and risky. It pays to find a vendor who has been on the same journey, understands your paper processes and can guide you through the digital world.

7)     Prioritise and evolve communication and training programmes: To reap the full rewards from any digitisation initiative, thorough and continuous communication and training is critical. Encouragingly, our survey found that 81% of data handlers have received training to work digitally which is an excellent step in the right direction, but consider teams beyond data handling to truly succeed.

The research was commissioned by Iron Mountain in collaboration with Censuswide. It surveyed 1,000 data handlers among the EMEA region. It found that the departments that have digitised more due to COVID-19 include IT support (40%), customer relationship management (36%), and team resource planning (34%).

Continue Reading

Technology

3D Secure: Why are fraudsters still slipping through the net?

Published

on

3D Secure: Why are fraudsters still slipping through the net? 3

By Tim Ayling, VP EMEA, buguroo

There is a constant tension between keeping online payments secure, and offering an easy and frictionless user experience. Digital transformation – especially accelerated by the global pandemic – leaves consumers expecting online services to be seamless. Customers are even liable to abandon a process altogether if they encounter a hurdle.

Financial regulation and security protocols exist to help ensure that a balance is maintained between offering customers this frictionless experience, and keeping them and their funds safe from fraud attacks.

What is 3D Secure?

3D Secure is one such protocol. This payer authentication system is designed to keep card-not-present (CNP) ecommerce payments secure against online fraud. The card issuer uses 3D Secure when a card is used to pay for something online, authenticating the customer’s identity based on personal identifiers, such as the three-digit CVV code on the back of a card, as well as the device they’re using to make the payment and their geolocation or IP address.

3D Secure is important because although transactions can be accepted or denied based on the level of risk, it’s not always as clear as ‘risky’ or ‘not risky’. A small number of transactions will have an undetermined or questionable level of risk attached to them. For example, if a legitimate customer appears to be using a new device to buy goods online, or appears to be attempting to make the transaction from an irregular location. In these instances, 3D Secure provides a step-up authentication, such as asking for a one-time password (OTP).

Getting the right balance

3D Secure is a helpful protocol for card issuers, as it allows banks to comply with Strong Customer Authentication as required by EU financial regulation PSD2 as well as increase security for transactions with a higher level of risk – thereby better filtering the genuine cardholders from fraudsters.

Tim Ayling

Tim Ayling

This means that the customers themselves are better protected against fraud, and the extra security helps preserve their trust in the bank to be able to keep their money safe. At the same time, the number of legitimate customers who have their transactions denied is minimised, improving the customer’s online experience.

So why are fraudsters still slipping through the net?

Fraudsters are used to adapting to security protocols designed to stop them, and 3D Secure is no exception. The step-up authentication that is required by 3D Secure in the instance of a questionable transaction often takes the form of an OTP, a password or secret answer known only by the bank and the customer. However, there are various ways that fraudsters have devised to steal this information.

The most common way to steal passwords is through phishing attacks, where fraudsters pretend to be legitimate brands, such as banks themselves, in order to dupe customers into giving away sensitive information. Fraudsters can even replace the pop-up windows that appear to legitimate customers in the case of stepped-up authentication with their own browser windows disguised as the bank’s. Unwitting customers then enter the password or OTP and effectively hand it straight over to the fraudsters.

Even when an OTP is sent directly to a customer’s phone, fraudsters have found a way to intercept this information. They do this through something called a ‘SIM swap scam’, where they impersonate their victim and manage to get the legitimate cardholder’s number switched onto a different SIM card that they own, thereby receiving the genuine OTP in the cardholder’s place.

This is especially an issue for card issuers when taking into account the liability shift that is attached to using 3D Secure. When a transaction is authenticated using 3D Secure, the liability moves to lie with the card issuer, not the vendor or retailer. If money leaves a customer’s account and the transaction was verified by 3D Secure, but the customer says they did not authorise the transaction, the card provider becomes liable for any refunds.

How AI and Behavioral Biometrics can be used to plug the gap

Banks need to find a way to accurately block fraudsters while allowing genuine customers to complete online payments. AI can be used alongside behavioural biometrics as an additional layer of security to cover the gaps in security through continuous authentication of the customer.

Behavioural biometrics can collect and analyse data from thousands of parameters around user behaviour such as their typing speed and dynamics, or the trajectory on which they move the mouse, throughout the entire online session. AI processes are used to dynamically compare this analysis against the user’s usual online profile to identify even the smallest of anomalies, as well as against profiles of known fraudsters and typical fraudster behaviour. AI then delivers a risk score based on this information to banks in real time, enabling them to root out and block the fraudulent transactions.

As this authentication occurs invisibly, the AI technology can recognise if the customer is who they say they are – and that it isn’t a fraudster trying to input a genuine OTP they have managed to steal through phishing or SIM swapping – without adding any additional friction.

Card issuers cannot decline all questionable transactions without losing customers, while approving them without additional checks poses security issues that can result in financial losses as well as losses in customer trust. Behavioural biometrics is a foundational technology that can work simultaneously to 3D Secure to keep customers’ online payments safe from fraud while maintaining a frictionless experience and minimising the risk of chargeback liability for banks.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Motivate Your Management Team 4 Motivate Your Management Team 5
Business7 hours ago

Motivate Your Management Team

A management team, typically a group of people at the top level of management in an organization, is a team...

The Income Approach Vs Real Estate Valuation 6 The Income Approach Vs Real Estate Valuation 7
Business7 hours ago

The Income Approach Vs Real Estate Valuation

The Income approach is only one of three main classifications of methodologies, commonly referred to as valuation approaches. It’s particularly...

How To Create A Leadership Philosophy 8 How To Create A Leadership Philosophy 9
Business7 hours ago

How To Create A Leadership Philosophy

A leadership philosophy describes an individual’s values, beliefs and principles that they use to guide a business or organization. Your...

How to Build an AI Strategy that Works 10 How to Build an AI Strategy that Works 11
Technology8 hours ago

How to Build an AI Strategy that Works

By Michael Chalmers, MD EMEA at Contino Six steps to boosting digital transformation through AI In the age of artificial...

Leumi UK appoints Guy Brocklehurst to property finance team as Relationship Manager  12 Leumi UK appoints Guy Brocklehurst to property finance team as Relationship Manager  13
Business9 hours ago

Leumi UK appoints Guy Brocklehurst to property finance team as Relationship Manager 

Multi-specialist bank announces the appointment of Guy Brocklehurst to its property finance team Guy Brocklehurst has joined London-based Leumi UK...

Three times as many SMEs are satisfied than dissatisfied with COVID-19 support from their bank or building society 14 Three times as many SMEs are satisfied than dissatisfied with COVID-19 support from their bank or building society 15
Banking9 hours ago

Three times as many SMEs are satisfied than dissatisfied with COVID-19 support from their bank or building society

More SMEs are satisfied (38%) than dissatisfied (13%) with their COVID-19 banking support Decline in SMEs using personal current accounts...

Tax administrations around the world were already going digital. The pandemic has only accelerated the trend. 16 Tax administrations around the world were already going digital. The pandemic has only accelerated the trend. 17
Finance1 day ago

Tax administrations around the world were already going digital. The pandemic has only accelerated the trend.

By Emine Constantin, Global Head of Accoutning and Tax at TMF Group. Why do tax administrations choose to go digital?...

Time for financial institutions to Take Back Control of market data costs 18 Time for financial institutions to Take Back Control of market data costs 19
Top Stories1 day ago

Time for financial institutions to Take Back Control of market data costs

By Yann Bloch, Vice President of Product Management at NeoXam Brexit may well be just around the corner, but it is...

An outlook on equities and bonds 20 An outlook on equities and bonds 21
Investing1 day ago

An outlook on equities and bonds

By Rupert Thompson, Chief Investment Officer at Kingswood The equity market rally paused last week with global equities little changed...

Optimising tax reclaim through tech: What wealth managers need to know in trying times 22 Optimising tax reclaim through tech: What wealth managers need to know in trying times 23
Investing1 day ago

Optimising tax reclaim through tech: What wealth managers need to know in trying times

By Christophe Lapaire, Head Advanced Tax Services, Swiss Stock Exchange This has been a year of trials: first, a global...

Newsletters with Secrets & Analysis. Subscribe Now