By Ian Kilpatrick, EVP Cyber Security Nuvias Group
A recent survey shows 64 percent of organisations have deployed some level of IoT technology, and another 20 percent plan to do so within the next 12 months. This is an astonishing fact when you consider the lack of basic security on these devices, or any established security standards. Many companies are turning a blind eye to security issues, swayed by the potential benefits that IoT can bring.
- IoT – a cybercriminal’s dream
Any device or sensor with an IP address connected to a corporate network is an entry point for hackers and other cybercriminals –like leaving your front door wide open for thieves.
Managing endpoints is already a challenge, but the IoT will usher in a raft of new network-connected devices that threaten to overwhelm the IT department charged with securing them – a thankless task considering the lack of basic safeguards in place on the devices.
Of particular concern is that many IoT devices are not designed to be secured or updated after deployment. Any vulnerabilities discovered post-deployment cannot be protected against in the device, and corrupted devices cannot be cleansed.
- IT or OT
IT professionals are more used to securing PCs, laptops and other devices, but they will now be expected to become experts in areas such as smart lighting, heating and air conditioning systems, security cameras and integrated facilities management systems.
A lack of experience in this Operating Technology (OT) is a cause for concern. It is seen as operational rather than strategic, so deployment and management is often shifted well away from Board awareness and oversight.
Nevertheless, the majority of organisations are deploying IoT technology with minimal regard to the risk profile or the tactical requirements needed to secure them against unforeseen consequences.
- Increase in DDoS attacks
IoT devices are a perfect vehicle for criminals to access a company’s network. 2016’s high-profile Mirai attack used IoT devices to mount wide-scale DDoS attacks that disrupted internet service for more than 900,000 Deutsche Telekom customers in Germany, and infected almost 2,400 TalkTalk routers in the UK.
4…and ransomware attacks
There has been an almost 2000 percent jump in ransomware detections since 2015. In 2017, WannaCry targeted more than 200,000 computers across 150 countries, with damages ranging from hundreds to billions of dollars.
While most ransomware attacks currently infiltrate an organisation via email, IoT presents a new delivery system for both mass and targeted attacks.
- Increasing intensity and sophistication of attacks
The sophistication of attacks targeting organisations is accelerating at an unprecedented rate, with criminals leveraging the disruptive opportunities the IoT brings.
According to Fortinet’s latest Quarterly Threat Landscape report, three of the top twenty attacks identified in Q4 2017 were IoT botnets. But unlike previous attacks, which focused on a single vulnerability, new IoT botnets such as Reaper and Hajime target multiple vulnerabilities simultaneously, which is much harder to combat.
Wi-Fi cameras were targeted by criminals, with more than four times the number of exploit attempts detected over Q3 2017.
- The effects of an attack
The aftermath of a cyberattack can be devastating for any company, leading to huge financial losses, compounded by regulatory fines for data breaches, and plummeting market share or job losses. At best, a company could suffer irreparable reputational damage and loss of customer loyalty.
On top of that, IoT devices have the potential to create organisational and infrastructure risks, and even pose a threat to human life, if attacked. We have already seen the impact of nation-state attack tools being used as nation-state weapons, then getting out and being used in commercial criminal activity.
- Profit over security
It’s crazy to think that devices with the potential to enable so much damage to homes, businesses and even entire cities often lack basic security design, implementation and testing. In the main this is because device manufacturers are pushing through their products to get them to market as quickly as possible, to cash in on the current buzz around IoT.
Lawrence Munro, vice president SpiderLabs at Trustwave agrees IoT manufacturers are sidestepping security fundamentals: “We are seeing lack of familiarity with secure coding concepts resulting in vulnerabilities, some of them a decade old, incorporated into final designs,” he notes.
- Can you see the problem?
Another huge problem is that once a network in attacked, it’s much easier for subsequent attacks to occur.
Yet, recent data shows just half of IT decision makers feel confident they have full visibility and control of all devices with network access. The same percentage believe they have full visibility of the access level of all third parties, who frequently have access to networks; and only 54 percent say they have full visibility and control of all employees.
- Turning a blind eye
Despite security concerns often cited as the number one barrier to greater IoT adoption, Trustwave research shows sixty-one percent of firms who have deployed some level of IoT technology have had to deal with a security incident related to IoT, and 55 percent believe an attack will occur sometime during the next two years. Only 28 percent of organisations surveyed consider that their IoT security strategy is ‘very important’ when compared to other cybersecurity priorities.
- Efforts to standardise
In the UK, the government’s five-year National Cyber Security Programme (NCSP) is looking to work with the IT industry to build security into IoT devices through its ‘Secure by Default’ initiative. The group published a review earlier this month that proposes a draft Code of Practice for IoT manufacturers and developers.
While there seems to be some light at the end of the tunnel, it may not be enough. Regulators won’t force device manufacturers to introduce the necessary security regulations and practices before thousands of businesses fall victim to attacks. Turning a blind eye to the IoT security risks could leave your organisation permanently paralysed.
Bio of author
Ian Kilpatrick, EVP (Executive Vice-President) Cyber Security for Nuvias Group
A leading and influential figure in the IT channel, Ian now heads up the Nuvias Cyber Security Practice. He has overall responsibility for cyber security strategy, as well as being a Nuvias board member. Ian brings many years of channel experience, particularly in security, to Nuvias. He was a founder member of the award-winning Wick Hill Group in the 1970s and thanks to his enthusiasm, motivational abilities and drive, led the company through its successful growth and development, to become a leading, international, value-added distributor, focused on security. Wick Hill was acquired by Nuvias in July 2015.
Ian is a thought leader, with a strong vision of the future in IT, focussing on business needs and benefits, rather than just technology. He is a much published author and a regular speaker at IT events. Before Wick Hill, Ian qualified as an accountant, was financial controller for a Fortune 50 company, and was a partner in a management consultancy.
Lockdown 2.0 – Here’s how to be the best-looking person in the virtual room
suggests “the product you’re creating is not the camera, the lens or a webcam’s clever industrial design. It’s the subject, you, which is just on e part of the entire image they see. You want that image to convey quality, not convenience.”
Technology experts at Reincubate saw an opportunity in the rise of remote-working video calls and developed the app, Camo, to improve the video quality of our webcam calls. As part of this, they consulted the digital photography expert and author, Jeff Carlson, to reveal how we can look our best online.
It’s clear by now that COVID-19 has normalised remote working, but as part of this the importance of video calls has risen exponentially. While we’re all used to seeing the more casual sides of our colleagues (t-shirt and shorts, anyone?), poor webcam quality is slightly less forgivable.
But how can we improve how we look on video? We consulted Jeff Carlson for some top tips– here is what he had to say.
- Improve the picture quality of your call
The better your camera, the higher quality your webcam calls will be. Most webcams (as well as currently being hard to get hold of and expensive), are subpar. A DSLR setup will give you the best picture, but will cost $1,500+. You can also use your iPhone’s amazing camera as a webcam, using the new app from Reincubate, Camo.
Jeff’s comments “The iPhone’s camera system features dedicated coprocessors for evaluating and adjusting the image in real time. Apple has put a tremendous amount of work into its imaging software as a way to compensate for the necessarily small camera sensors. Although it all works in service of creating stills and video, you get the same benefits when using the iPhone as a webcam.”
Aidan Fitzpatrick, CEO of Reincubate explains why the team created Camo, “Earlier this year our team moved to working remotely, and in video calls everyone looked pretty bad, irrespective of whether they were on built-in Mac webcams or third-party ones. Thus began my journey to build Camo: an iPhone has one of the world’s best cameras in it, so could we make it work as a webcam? Category-leading webcams are noticeably worse than an iPhone 7. This makes sense: six weeks of Apple’s R&D spend tops Logitech’s annual gross revenue.”
- Place your camera at eye level
A video call will never quite be the same as a face-to-face conversation, but bringing your camera up to eye level is a good place to start. That can involve putting your laptop on a stand or pile of books, mounting a webcam to the top of your display screen, or even using a tripod to get the perfect position.
Jeff points out, “If the camera is looking down on you, you’ll appear minimized in the frame; if it’s looking up, you’re inviting people to focus on your chin, neck, or nostrils. Most important, positioning the camera off your eye level is a distraction. Look them in the eye, even if they’re miles or continents away.”
Low camera placement from a MacBook
- Make the most of natural lighting
Be aware of the lighting in the room and move yourself to face natural lighting if you can. Positioning the camera so any natural light is behind you takes the light away from your face, which can make it harder to see and read expressions on a call.
Jeff Carlson’s top tip: “If the light from outside is too harsh, diffuse it and create softer shadows by tacking up a white sheet or a stand-alone diffuser over the window.”
Backlit against a window Facing natural light
- Use supplementary lighting like ring lights
The downside to natural lighting is that you’re at the mercy of the elements: if it’s too bright you’ll have the sun in your eyes, if it’s too dark you won’t be well lit.
Jeff recommends adding supplementary lighting if you’re looking to really enhance your video calls. After all, it looks like remote working will be carrying on for quite some time.
“The light can be just as easy as a household or inexpensive work light. Angle the light so it’s bouncing off a wall or the ceiling, depending on your work area, which, again, diffuses the light and makes it more flattering.
Or, for a little money, use a softbox or a shoot-through umbrella with daylight bulbs (5500K temperature), or if space is tight, LED panels. Larger lights are better for distributing illumination– don’t be afraid to get them in close to you. Placement depends on the look you’re going after; start by positioning one at a 45-degree angle in front and to the side of you, which lights most of your face while retaining nice shadow detail.”
In some cases, a ring light may work best. LEDs are arranged in a circle, with space in the middle to put the camera’s lens and get direct illumination from the direction of the camera.
- Centre yourself in the frame
Make sure you’re getting the right angle and that you’re using the frame effectively.
“You should aim for people to see your head and part of your torso, not all the space between your hair and the ceiling. Leave a little space above your head so it’s not cut off, but not enough that someone’s eyes are going to drift there.”
- Be mindful of your backdrop
It’s not always easy to get the quiet space needed for video calls when working from home, but try as best you can to remove anything too distracting from your background.
“Get rid of clutter or anything that’s distracting or unprofessional, because you can bet that will be the second thing the viewers notice after they see you. (The Twitter account @RateMySkypeRoom is an amusing ongoing commentary on the environments people on television are connecting from.)”
A busy background as seen by a webcam
- Make the most of virtual backgrounds
If you’re really struggling with finding a background that looks professional, try using a virtual background.
Jeff suggests: “Some apps can identify your presence in the scene and create a live mask that enables you to use an entirely different image to cover the background. While it’s a fun feature, the quality of the masking is still rudimentary, even with a green screen background that makes this sort of keying more accurate.”
- Be aware of your audio settings
Our laptop webcams, cameras, and mobile phones all include microphones, but if it’s at all possible, use a separate microphone instead.
“That can be an inexpensive lavalier mic, a USB microphone, or a set of iPhone earbuds. You can also get wireless lavalier models if you’re moving around during a call, such as presenting at a whiteboard in the camera’s field of view.
The idea is to get the microphone closer to your mouth so it’s recording what you say, not other sounds or echoes in the room. If you type during meetings, mount the mic on an arm instead of resting it on the same surface as your keyboard.”
- Be wary of video app add-ons
Video apps like Zoom include a ‘Touch up your appearance’ option in the Video settings. This applies a skin-smoothing filter to your face, but more often than not, the end result looks artificially blurry instead of smooth.
“Zoom also includes settings for suppressing persistent and intermittent background noise, and echo cancellation. They’re all set to Auto by default, but you can choose how aggressive or not the feature is.”
- Be the best looking person in the virtual room
What’s important to remember about video calls at this point in time is that most people are new to what is, really, personal broadcasting. That means you can easily get an edge, just by adopting a few suggestions in this article. When your video and audio quality improves, people will take notice.
Bringing finance into the 21st Century – How COVID and collaboration are catalysing digital transformation
By Keith Phillips, CEO of TISATech
If just six or seven months ago someone had told you that in a matter of weeks people around the world would be locked down in their homes, trying to navigate modern work systems from a prehistoric laptop, bickering with family over who’s hogging the Wi-Fi, migrating online to manage all financial services digitally, all while washing their hands every five minutes in fear of a global pandemic… You’d think they had lost their mind. But this very quickly became the reality for huge swathes of the world and we’re about to go through that all over again as the UK government has asked that those who can work from home should.
Unsurprisingly, statistics show that lockdown restrictions introduced by the UK government in March, led to a sharp increase in people adopting digital services. Banks encouraged its customers to log onto online banking, as they limited (and eventually halted) services at branches. This forced many customers online as their primary means of managing personal finances for the first time.
If anyone had doubts before, the Covid-19 pandemic proved to us the importance of well-functioning, effective digital financial services platforms, for both financial institutions and the people using them.
But with this sudden mass online migration, it’s become clear that traditional banks have struggled to keep up with servicing clients virtually. Legacy banking systems have always stilted the digitisation of financial services, but the pandemic thrust this issue into the limelight. Fintech firms, which focus intently on digital and mobile services, knew it was only a matter of time before financial institutions’ reliance was to increase at an unprecedented rate.
For years, fintechs have been called upon by traditional players to find solutions to problems borne from those clunky legacy systems, like manual completion of account changes and money transfers. Now it is the demand for these services to be online coupled with the need for financial services firms to cut costs, since Covid-19 hit the economy.
Covid-19 has catalysed the urgent need to bring digital transformation to a wider pool of financial services businesses. Customers now have even higher expectations of larger institutions, demanding that they keep up with what the younger and more nimble challengers have to offer. Industry leaders realise that they must transform their businesses as soon as possible, by streamlining and digitising operations to compete and, ultimately, improve services for their customers.
The race for digital acceleration began far before the recent pandemic – in fact, following the 2008 financial crisis is likely more accurate. Since the credit crunch, there has been a wave of new fintech firms, full of young, bright techies looking to be the next big thing. Fintechs have marketed themselves hard at big conferences and expos or by hosting ‘hackathons’, trying to prove themselves as the fastest, most innovative or the most vital to the future of the industry.
However, even during this period where accelerating innovation in online financial services and legacy systems is crucial, the conditions brought about by the pandemic have not been conducive to this much-needed transformation.
The second issue, which again was clear far before the pandemic, is that fact that no matter how nimble or clever the fintechs’ solutions are, it is still hard to implement the solutions seamlessly, as the sector is highly fragmented with banks using extremely outdated systems populated with vast amounts of data.
With the significance of the pandemic becoming more and more clear, and the need for better digital products and services becoming more crucial to financial services firms and consumers by the day, the industry has finally come together to provide a solution.
The TISAtech project was launched last month by The Investing and Saving Alliance (TISA), a membership organisation in the UK with more than 200 leading financial institutions as members. TISA asked The Disruption House, a specialist benchmarking and data analytics business, to create a clearing house platform for the industry to help it more effectively integrate new financial technology. The project aims to enhance products and services while reducing friction and ultimately lowering costs which are passed on to the customers.
With nearly 4,000 fintechs from around the world participating, it will be the world’s largest marketplace dedicated to Open Finance, Savings, and Investment.
Not only will it provide a ‘matchmaking’ service between financial institutions an fintechs, it will also host a sandbox environment. Financial institutions can pose real problems with real data and the fintechs are given the space to race to the bottom – to find the most constructive, cost-effective solution.
Yes, there are other marketplaces, but they all seem to struggle to achieve a return on investment. There is a genuine need for the ‘Trivago’ of financial technology – a one stop shop, run by an independent body, which can do more than just matchmaking. It needs to go above and beyond to encompass the sandboxing, assessments, profiling of fintechs to separate the wheat from the chaff, and provide a space for true collaboration.
The pandemic has taught us that we are more effective if we work together. We need mass support and collaboration to find solutions to problems. Businesses and industries are no different. If fintechs and financial institutions can work together, there is a real chance that we can start to lessen the economic hit for many businesses and consumers by lowering costs and streamlining better services and products. And even if it is just making it that little bit easier to manage personal finances from home when fighting with your children for the Wi-Fi, we are making a difference.
What to Know Before You Expand Across Borders
By Sean King, Director of International Tax at McGuire Sponsel
The American retail giant, Target Corporation, has a market cap of $64 billion and access to seemingly limitless resources and advisors. So, when the company engaged in its first global expansion, how could anything possibly go wrong?
Less than two years after opening its first Canadian store in 2013, Target shut down all133 Canadian locations and terminated more than 17,000 Canadian employees.
Expansion of an operation to another country can create unique challenges that may impact the financial viability of the entire enterprise. If Target Corporation can colossally fail in its expansion to Canada, how might Mom ‘N’ Pop LLC fare when expanding into Switzerland, Singapore, or Australia?
Successful global expansion requires an understanding of multilayered taxes, regulatory hurdles, employment laws, and cultural nuances. Fortunately, with the right guidance, global expansion can be both possible and profitable for businesses of any size.
Any company with global ambitions must first consider whether the company’s expansion outside of the U.S. will give rise to a taxable presence in the local country. In the cross-border context, a “permanent establishment” can be created in a local country when the enterprise reaches a certain level of activity, which is problematic because it exposes the U.S. multinational to taxation in the foreign country.
Foreign entity incorporation
To avoid permanent establishment risk, many U.S. multinationals choose to operate overseas through a formal corporate subsidiary, which reduces the company’s foreign income tax exposure, though it may result in an additional level of foreign income tax on the subsidiary’s earnings. In most jurisdictions, multinationals can operate their business in the foreign country as a branch, a pass through (e.g., partnership,) or a corporation.
As a branch, the U.S. multinational does not create a subsidiary in the foreign country. It holds assets, employees, and bank accounts under its own name. With a pass through, the U.S. multinational creates a separate entity in the foreign country that is treated as a partnership under the tax law of the foreign country but not necessarily as a partnership under U.S. tax law.
U.S. multinationals can also create corporate subsidiaries in the foreign country treated as corporations under the tax law of both the foreign country and the U.S., with possibly two levels of income taxation in the foreign country plus U.S. income taxation of earnings repatriated to the U.S. as dividends.
Under U.S. entity classification rules, certain types of entities can “check the box” to elect their classification to be taxed as a corporation with two levels of tax, a partnership with pass-through taxation, or even be disregarded for U.S. federal income tax purposes. The check the box election allows U.S. multinationals to engage in more effective global tax planning.
Toll charges, transfer pricing and treaties
When establishing a foreign corporate subsidiary, the U.S. multinational will likely need to transfer certain assets to the new entity to make it fully operational. However, in many cases, the U.S. multinational cannot perform the transfer without recognizing taxable income. In the international context, the IRS imposes certain outbound “toll charges” on the transfer of appreciated property to a foreign entity, which are usually provided for in IRC Section 367 and subject to various exceptions and nuances.
Instead, the U.S. multinational may prefer to license intellectual property to the foreign subsidiary for a fee rather than transfer the property outright. However, licensing requires the company and foreign subsidiary to adhere to transfer pricing rules, as dictated by IRC Section 482. The U.S. multinational and the foreign subsidiary must interact in an arms-length manner regarding pricing and economic terms. Furthermore, any such arrangement may attract withholding taxes when royalties are paid across a border.
Are you GILTI?
Certain U.S. multinationals opt to focus on deferring the income recognition at the U.S. level. In doing so, they simply leave overseas profits overseas and delay repatriating any of the earnings to the U.S.
Despite the general merits of this form of planning, U.S. multinationals will be subject to certain IRS anti-deferral mechanisms, commonly known as “Subpart F” and GILTI. Essentially, U.S. shareholders of certain foreign corporations are forced to recognize their pro rata share of certain types of income generated by these foreign entities at the time the income is earned instead of waiting until the foreign entity formally repatriates the income to the U.S.
The end goal
Essentially, all effective international tax planning boils down to treasury management. Effective and early tax planning can properly allow a company to better achieve its initial goal: profitability.
If global expansion is on the horizon for your company, consult a licensed professional for advice concerning your specific situation.
The importance of app-based commerce to hospitality in the new normal
By Jeremy Nicholds CEO, Judopay As society adapts to the rapidly changing “new normal” of working and socialising, many businesses...
The Psychology Behind a Strong Security Culture in the Financial Sector
By Javvad Malik, Security Awareness Advocate at KnowBe4 Banks and financial industries are quite literally where the money is, positioning...
How open banking can drive innovation and growth in a post-COVID world
By Billel Ridelle, CEO at Sweep Times are pretty tough for businesses right now. For SMEs in particular, a global financial...
How to use data to protect and power your business
By Dave Parker, Group Head of Data Governance, Arrow Global Employees need to access data to do their jobs. But...
How business leaders can find the right balance between human and bot when investing in AI
By Andrew White is the ANZ Country Manager of business transformation solutions provider, Signavio The digital world moves quickly. From...
Has lockdown marked the end of cash as we know it?
By James Booth, VP of Payment Partnerships EMEA, PPRO Since the start of the pandemic, businesses around the world have...
Lockdown 2.0 – Here’s how to be the best-looking person in the virtual room
By Jeff Carlson, author of The Photographer’s Guide to Luminar 4 and Take Control of Your Digital Photos suggests “the product you’re creating is...
Banks take note: Customers want to pay with points
By Len Covello, Chief Technology Officer of Engage People ‘Pay with Points’ – that is, integrating the ability to pay...
Are you a fighter or a freezer? The 4 “F’s” of Surviving Danger
By Dr.Roger Firestien, Author of Create In a Flash. The fight, flight, freeze survival response – or FFF for short...
Why the FemTech sector might be the sustainability saviour we have been waiting for
By Kristy Chong, CEO & Founder Modibodi ® Taking single use plastics out of circulation is no easy feat, but...