By Derek Britton, Solution Marketing Director at Micro Focus
Since the Enron scandal and in the recent period of economic austerity, the public has borne witness to unprecedented scrutiny into industrial-scale problems. High profile banking outages – such as those reported at Santander, Barclays and HSBC in May this year – LIBOR rigging, PPI mis-selling and insider trading have fuelled widespread criticism of the financial industry. This scrutiny, together with new legislative changes, has resulted in an array of new compliance measures such as ISO27002, Basel III, FACTA and SEPA.
In order to support compliance requirements, banks need to change and update their core business applications through software development and testing. Yet related challenges including; missing code documentation, a widening coding skills gap and data privacy risks have led to a melting pot of complexity that has seen banks increase spend simply to ‘keep the IT maintenance lights on.’ JP Morgan recently announced that in order to support compliance demands it had grown its IT spend by 27 percent since 2011.
In a climate of shrinking IT budgets leaders need a new approach to compliance that will drive efficiencies and reduce cost in order to future proof the business. This approach should include the use of automated application understanding, software development and test data software so that banks can find the right code, fix and test it quickly and efficiently, without exposing sensitive employee information.
Going beyond simply ‘keeping the lights on’
The burden of the existing day-to-day IT workload has never been greater, and continues to grow. Spending on basic maintenance and compliance does little to really move the business forward, yet it consumes the vast majority of IT budget. Tech-savvy consumers are demanding cloud, mobile and new IT architecture and this new generation of customer is forcing banks to look hard at their IT strategy and how to reduce expenditure on maintenance so that they can invest in innovation.
However, reducing IT spend on compliance is difficult. The legal imperatives and regulations facing the banking world today are accompanied by unmovable deadlines and threats of punitive measures. HSBC, for example, was forced to a pay a $1.9 billion (£1.2bn) anti-money laundering fine last year. With deadlines usually locked and loaded, associated projects become high priority “must haves” and budget “must spend”
Not complying is not an option, yet updating core applications to ensure compliance presents an array of challenges. So many of the world’s financial transactions are passing, in their billions, through code first devised some thirty years ago, meaning that often:
Application documentation is missing: Understanding where to make changes can be difficult, especially when up-to-date application documentation is missing. This impacts on how quickly developers are able to identify specific areas of code impacted by the compliance change. Add to this the in-house regulations including coding guidelines, standards adherence and quality metrics, and”routine” change projects can become arduous resource-intensive.
Coding skills gap: Developers must rely on the code itself to help them understand where to make their changes. However, many core banking applications are written COBOL, whereas today’s software developer is trained in languages such as C# and Java. IT leaders, often find their skill pool lacking for the task at hand.
Testing can risk divulging personal employee information: A key element in de-risking IT to comply with new regulations is ensuring that applications are released and updated without the introduction of errors. This is fairly well understood in the industry. Less well understood seems to be the fact that using production data to test those applications is a very bad idea indeed. A 2009 survey of over 1,300 US and UK development professionals revealed an overwhelming majority of respondents, including 80% of US respondents, use copies of production data for application testing purposes.
Test data can contain sensitive employee data, such as payroll information, if pulled from company personnel for testing requirements. Personal data leaked through a testing process not only breaches best practice but can represent a very high-profile failure in terms of regulatory compliance.
Find it, fix it and test it – the smart way
Using automation technology can create repeatable, effective steps for updating software when faced with the above challenges, driving efficiencies at every key stage. In doing so, banks are able to create a balance between lights-on and innovation projects, enabling development staff to focus their efforts more efficiently, while fully understanding and managing the impact of the changes they make.
Find It: Embrace change and boost development efficiency
Application understanding technology has been used to great effect on mass change programmes as far back as the year 2000. It has gone from strength to strength, forming the backbone of many organisations’ maintenance activities, including handling the change requests emerging from mandatory regulation. One such example is SEPAi, the Single Euro Payment Area, which becomes a requirement for cross-border trading on February 1st 2014.
This technology helps business analysts’ work with developers to identify and isolate impacted sections of the application portfolio and provide a ‘single source of truth’ for all stakeholders, regardless of role or function. This increased insight impacts positively on risk and productivity, which can be scaled up to support more strategic IT planning and portfolio management initiatives too.
Help in finding where to make changes is also critical. Application understanding technology provides developers with a ‘to do’ list, focusing them on impacted areas and dramatically reducing the learning curve associated with unfamiliar code. From there, the right technology enables developers to get the job done quickly and accurately, avoiding re-work and high-profile system failure.
Fix It: Wipe out the skills gap
The right technology to help the skills gap are based on industry standards like Eclipse and Visual Studio, enabling the broadest possible pool of developers to be highly productive in the shortest possible time, whatever their background – COBOL or C#, mainframe or mobile. These environments bring huge productivity benefits through powerful editing, syntax correction and debugging features, and they present these features in a way that is immediately familiar to new arrivals. It means no matter what the required change, whatever the code, the task becomes straightforward.
Test It: Protect privacy through automated test data management
Effective test data management, including protecting sensitive data through various forms of automated masking, satisfies privacy regulation and removes the risk of personal information falling into the wrong hands when company property is stolen or mislaid.
Some organisations go even further, using those same tools to reduce the size of their data sets while keeping full referential integrity. By using smaller, more precise, and secure test data sets, organisations can run their testing lifecycle in a shorter time, at a higher quality and with a lower cost.
Regulatory Change: A catalyst for innovation
Unless banks adapt their approach to regulation changes it will remain impossible for IT departments to service the needs of the compliance office and still satisfy the business innovation agenda. By introducing appropriate technology and, as Forrester analyst Tom Grant says, automating ‘anything and everything that can conceivably automate,’ organisations can get ahead of the game – not just of compliance, but of their entire ‘lights on’ burden.
If teams use compliance as an opportunity for making improvements to team productivity it can act as a force for good in changing the way things are done. Only then will the CIO finally be able to generate the business growth the company needs and which IT can deliver.
Using AI to combat fraud risk
By Andrew Foster, VP consulting, AppZen
Fraud experts use three factors to explain the motivation for an individual to commit fraud – pressure, opportunity and rationalisation. While the percentage of employees committing fraud is very low, this model, known as the Fraud Triangle, is used to explain what lies behind it for those who do commit it.
Coronavirus has had a huge impact in driving up fraud levels because it has increased all three elements of the Fraud Triangle and has pushed the risk of financial fraud to unprecedented levels.
Many people are clearly now under increased financial pressure. Coupled with this, companies have changed working practices, and cut or furloughed staff, putting traditional controls under intense pressure and creating more opportunities for those few individuals who are now more able to rationalise fraud.
Combatting rising fraud risk
Finance professionals and business managers are clearly facing many challenges in the current climate and fraud mitigation may not be the top priority. Unfortunately, attempted business spend fraud is increasing and will go up in the coming months and years. By taking proactive steps and implementing the right approach it is possible to protect company expenditure and also to save time and money.
At a time when costs are under great strain and adding investigative staff is a hard sell, how can organisations stop would-be fraudsters? It turns out there is some good news. By rethinking controls regimes and mining the data already coursing through existing enterprise systems, businesses can identify, investigate, and remediate potential fraud – and even prevent it in the first place.
AI-powered software developed specifically for finance teams can revolutionise spend and expense management, enabling organisations to quickly and accurately identify spend risks and combat fraud. This approach helps companies rely less on an auditor’s luck in catching a few bad actors and more on a systematic, data-driven and fair approach.
There are four key reasons why AI understands financial documents better than anyone else:
- AI looks at everything: every transaction, every line item.
- AI remembers everything, so it can spot anomalies and duplicates over time.
- AI doesn’t just look at the transactions themselves, but at their context.
- AI is continuously learning from the collective experience, insight, and problem spots from their large
Analysing huge volumes of information without an army of analysts
AI software reads financial documents – like POs, receipts, and contracts – and extracts meaning from all the structured and unstructured data in those documents to identify the problem areas. Because AI can process such a huge volume of transactions, it’s extremely accurate at recognising when something is awry. Most of the time, it isn’t fraud – it’s a duplicate receipt, or someone expensing an out-of-policy item. Regardless, AI systems save finance teams’ time by highlighting only high risk transactions that need review and eliminating the need to spend time spot checking transactions (the majority of which are just fine).
AI systems remember every transaction and document ever processed, which makes catching duplicates over time, across departments, or price or quantity anomalies, straightforward and easy. They will systematically identify which employees are over the policy line; for example, which employees are consistently spending slightly higher than the stipulated meal limit, delivering an objective way to see who is pushing the limit of T&E policy, not being diligent, or even committing fraud.
Using collective market insight
AI software vendors have large numbers of companies using their systems and by collecting information across all their customers they have unrivalled insight into a lot of different kinds of misbehaviour. This enables them to spot trends or common fraudulent behaviours. As their systems learn, they share patterns that represent high risk (without sharing the transaction data) so that all users of their systems can benefit from what they’ve seen and learned from the entire customer base. This increases their effectiveness and accuracy in identifying and stopping expenses fraud.
Of course, in many cases, what’s out-of-policy for one company is in line with policy at another. AI systems combine the benefits of scale with individual controls that let each customer automate their own policies and tailor the risks they care about most by creating custom rules to build their own spend policies, controls and risk levels.
Through an automated, AI-driven approach, finance teams can catch duplicates, stop wasteful or over-the-limit spend, identify data entry typos, find incorrect receipts and block out-of-policy expenses, far more quickly and effectively than any manual process ever could.
In these times where resources are being stretched to the limit and fraud risk is at a record high, streamlining the process and removing error-prone manual tasks gives finance teams far better visibility into patterns of behaviour and spend within an organisation, and eliminates wasteful, fraudulent or out-of-policy spend.
The role of wearables in the future workplace
By Stefan Spendrup, Vice President of Sales Northern and Western Europe at SOTI
With the world having to adapt fast to social distancing, the avoidance of touching surfaces where viruses can be transmitted, and the increased monitoring of healthcare, it’s no wonder that the wearable tech market, which offers solutions to all these dilemmas, is set to grow 137% by 2024.
While the places that we work in have already been disrupted with perspex screens, one-way systems, hand sanitising stations and ‘bubbles’, the next big disruption in the workplace is going to be wearable devices. Statistics show that by connecting workers to one another and to resources, 50% of companies expect to see a boost in productivity. Where will this boost come from? Here are some of the key areas that wearable devices are impacting in the future workplace and the challenges that need to be overcome.
With many medium to large workplaces playing host to hundreds, if not thousands of people, it is an impossible task to keep all touchpoints on doors and barriers clean. At the same time, access must be controlled for safety and security. While electronic passes have existed for a long time, using wearables to grant access can help keep people moving, eradicating the need to touch surfaces and reducing the spread of viruses.
More advanced possibilities include ordering a lift in advance from a smartphone to help ensure a flow of traffic in busy high-rise buildings, booking meeting rooms to aid with test and trace records, and replacing lunch queues with bookable slots.
One of the key indicators of COVID-19, and in fact many transmittable diseases, is a rise in body temperature. Wearables in the workplace can keep track of any changes in people’s vital signs to help identify and isolate members of staff that are unwell, preventing the entire workforce from becoming ill.
Safety and situational awareness
By gaining insights into their business operations in real-time, wearables also allow employers to make smarter decisions and take a more proactive approach to ensure the safety of their employees. Wearable devices can be personalised and configured to a worker’s exact needs and specifications. They can also be equipped with haptic response capabilities that employers can use to inform workers if they are operating in an unsafe manner. After all, one bad twist or bend could result in a workplace injury and take that person out of action.
The data capture capabilities of wearable technology can help determine which tasks workers are performing incorrectly, and which may be contributing to inefficiency or poor performance. Organisations can also produce daily, weekly, monthly and yearly reports/scorecards to track performance and identify trends. This can help in targeting risks and mitigating those risks to decrease the potential for injuries and other safety incidents. This can also help identify high-risk employees and situations so employers can intervene accordingly with additional training or tools, helping to combat injuries, fatigue and lost productivity.
Streamlined processes and increased productivity
Wearable technology will also help organisations increase their efficiency and productivity in several ways. There is a larger demand for products to be made faster and cheaper across industries. Consumers are looking for the easiest and quickest ways to buy products and services. Wearables can help speed up production costs, cut down on operational expenses and alleviate unnecessary strain on workers.
These devices can help automate previously manual processes, help to develop a more hands-free environment, and collect and share data on a local network. For example, leveraging wearable technology to design and test new products in simulated environments can increase design accuracy and enable organisations to identify and rectify any issues before products are released. This also removes the need for physical design prototypes, cutting down on development time and production costs.
Personalised and effective training
Organisations can leverage wearable technology to streamline their training and make it more efficient and tailored to the specific employee receiving the training. Wearable technology also boosts performance, improves employee satisfaction and increases knowledge retention amongst employees. Wearables allow organisations to create immersive task simulations for training purposes. Wearables will take scenario training to an entirely new level by placing employees in simulated situations that closely mimic what a day on the job will truly look like. Instead of watching actors deal with fake situations on a television screen, employees will have the opportunity to work through the scenarios themselves, venture down their decision-making paths and chart their own courses of action. The days of one-dimensional presentations are over as we usher in a new era of interactive training.
Wearables also allow for a more in-depth product knowledge training experience. Rather than asking employees to read various sales sheets, product sheets or corporate brochures, wearables can give employees three-dimensional training on how various products work. They can test out products in real-life scenarios without ever leaving the building. This type of immersive training will ensure employees know everything (specs, benefits, etc.) there is to know about a product and its use cases, helping them sell, advise or troubleshoot products more effectively.
Challenges and concerns related to wearable technology
When implementing wearable technology into an organisation, it is also introducing a new level of data collection and, as a result, a new area of security concern. It becomes increasingly important to protect the device and the data housed within the device from unwanted access, the same way a company would protect employee information, financial records, etc. And security is not the only concern related to new IoT devices. Organisations will need to worry about compliance, management, updates and more.
Having one central platform can help breakdown organisational silos to eliminate downtime, build applications faster, and manage all mobile and IoT devices in one place, including wearable technology. Wearables are already revolutionising the way workers do their jobs, from law enforcement officers using body cams to gather evidence or record their interactions with the public, to hospital workers using wireless pendants to streamline communication and improve the patient experience. COVID-19 is only accelerating this push towards this integration. It is exciting when we look at the potential and possibilities for wearables in the workplace, but organisations that take the time and care to ensure their devices are properly managed, will reap the most benefits.
Endpoint Security Industry: An Overview
Endpoint protection is the practice of stopping unauthorised actors and campaigns from targeting endpoints or access points of end-user computers like desktops, notebooks, and handheld devices. Endpoint security solutions guard against cybersecurity risks to these access points on a network.
From standard antivirus applications, endpoint security has developed to offer robust protection from advanced ransomware and emerging zero-day attacks. Nation-states, organised crime, hacktivists and deliberate and unintentional insider attacks are at risk of organisations of all sizes. Endpoint defence is also seen as the forefront in cybersecurity, which is one of the first locations businesses look to protect their business networks. Digital Audio Workstations [DAWs] Market
Modern EPPs harness the cloud’s ability to manage an ever-growing hazard intelligence database, release bloat endpoints correlated with locally storing all this intelligence, and the maintenance needed to keep these databases up-to-date. It also provides superior speed as well as scalability to access this data in the cloud. The EPP includes a single console for system administrators that is mounted on a network gateway or server that enables cybersecurity experts to centrally monitor the protection of each computer.
An Evolution in Endpoint Security
Over the years, the defence of endpoints has progressed from primitive antiviruses to more sophisticated next-generation antiviruses using advanced technologies, new and improved identification and the response of endpoints, and the OS-Centric Optimistic Security strategy. In a constant basis, it shifts. Network vulnerabilities from yesterday are today’s strengths.
Tomorrow’s vectors of attack will inevitably be defended. And then, it’s off. Yet there has been a step-change in the cybersecurity world. The global pandemic got humanity to fewer than 12 parsecs in the Future of Jobs. In two weeks, strategy plans that were set out to be applied in two years were followed. Attacks grew as the perimeter of the network extended indefinitely. And the CISO obeyed and kept the company secure. To focus on endpoint defence, the cybersecurity world aligns.
Key Components of Endpoint Security
Endpoint encryption and application control, two main components of an efficient endpoint protection solution, are important endpoint security layers that prevent problems such as data leaks from occurring deliberately or accidentally by copying or moving data to removable media devices. Endpoint encryption completely encrypts endpoint data, like notebooks, cell devices, and other endpoints, as well as directories, archives, and portable storage devices, such as CDs and USB drives, for your business.
Application monitoring, a key component of robust endpoint protection initiatives, avoids the operation of unauthorised software on endpoints. Regulation of software addresses the problem of workers installing unauthorised or unsafe software on mobile devices that may build network bugs and result in unauthorised entry.
Endpoint security is handled in the business environment by a central management server that tracks and handles all endpoint connexions to the network. However, security solutions such as antivirus software are monitored and managed at individual endpoints in the consumer environment, without the need for central administration.
The Risks of Endpoint Threats
Security is rapidly changing in today’s mobile world, and endpoints now form a new perimeter, and companies need to secure their data across networks. As companies expand, so do their vulnerabilities, and all businesses must secure endpoints regardless of size or stature. However, there is no apparent, easily guarded line that can hold all the data in and attackers out of the system with the growth in telecommuting, more workers requested or compelled to operate from home, the Internet of Things (IoT), and cloud services.
Endpoint threats help to know what kind of susceptibilities exist to gain an improved understanding of what is required from endpoint protection. A few kinds of attacks that are or are becoming more common are listed below. It is necessary to bear in mind, however, that many more forms of attacks exist and attackers every day learn new methods. Legal ramifications: Infringement of data and loss of personal or confidential information is a serious problem that can lead to considerable legal harm. Reputational damage: Businesses suffering data breaches and cyber-attacks are at risk of adverse public opinion, leading to reduced brand and reputational damage.
A Glance at Importance of Endpoint Security in Today’s World
Endpoint security strategies play a significant role in defending against today’s increasingly advanced cyber threats. Today’s cyber-attacks need a new line of security protection. For a variety of factors, an endpoint defence framework is a critical part of enterprise cybersecurity. First of all, data is often the most important asset a company has in today’s business environment and losing that data or access to that data could put the whole business at risk of insolvency.
Businesses have now had to deal with not only a rising number of endpoints but also an increase in the number of endpoint forms. These variables make it more difficult for enterprise endpoint protection on their own, but they are exacerbated by remote work and BYOD policies that make perimeter security increasingly inadequate and generate vulnerabilities.
The threat landscape is also becoming more complex: hackers are constantly seeking new ways to gain access, steal data or trick employees into distributing confidential data. The endpoint security platforms have become a must-have in terms of protecting modern companies because of the cost of a large-scale breach, cost of transferring resources from business objectives to tackling threats and the actual financial cost of enforcement breaches.
An entry point for threats is given by any computer, such as a tablet, smartphone or laptop. Endpoint security seeks to properly protect any endpoint connecting to a network at these points of entry to block access attempts and other risky activities. The corporate network security perimeter has effectively collapsed as more companies accept activities including BYOD (Bring Your Device) and remote/mobile workers.
The need for effective endpoint protection measures, especially because of the increase in mobile threats, has increased substantially. A centralised security solution is no longer sufficient for today’s ever-shifting and undefinable security limit, with workers relying on mobile devices and laptops to work and connect to business networks. Endpoint security offers a further shield to centralized security controls at the point of entry for some attacks and the point of exit for sensitive information.
Differentiating Endpoint Security from Anti-Virus Software
What separates endpoint protection from popular anti-virus applications is that endpoints are responsible for or more of their protection in the endpoint security framework. This goes against network security, where security measures protect the network as a whole instead of certain computers and servers. Endpoint defence, however, is not carried out exclusively on smartphones.
Common endpoint defence techniques with security tools on a central server or control board and tools on individual devices provide a two-pronged approach. Still, by some definitions, certain simpler types of protection fall under the safety umbrella of the endpoint. That said, modern concepts of endpoint protection typically define more sophisticated methodologies, including intrusion detection and behaviour-blocking elements that either end-users or intruders recognise and block threatening activities and behaviours.
Common Trends in Endpoint Security
Endpoint security trends forecast the future of endpoint threat management and the solution features that we will see in the future in the industry. As trends for the year 2018, several developments have been facing, including machine learning and AI, SaaS-based endpoint defence, layered protection against file-less attacks, putting IoT devices under the protective umbrella, etc.
Today’s methods can achieve better remediation, which ensures that operations such as deleting data, terminating procedures, and rolling back photos of the system can spare IT, employees, the tedium of manually reimaging violated systems.
Endpoint Security Software Features to Look for in 2020
There were 4.1 billion accounts of data threats in the first half of 2019 alone. Therefore, employing an endpoint security framework has become essential for every enterprise. Some of the top endpoint security software features to look for: Securing devices, especially USB ports, generating reports, Device-based and user-based security policies, Application Control, Remote patch installation to quickly fix critical vulnerabilities, Strong secure communication encryption algorithm, Receiving configuration security/status alerts, Browser management
In 2020, companies must secure more ends than ever with the global pandemic COVID-19 requiring more workers to operate remotely. Attackers know that human beings, who now often operate beyond the regulated environment created by office computers and networks, are the weakest link to security. Forced outside of the formal system, individuals are more vulnerable to weaknesses and generate openings for attack.
The Future of Endpoint Security
In 2020 and the near future, enhancing endpoint protection needs to be a top priority. The borderless and non-discriminatory existence of cyber-attacks means that sharing their experiences and working together to defend themselves and the general population is essential for the cybersecurity industry. Endpoint security has grown from modest beginnings of protecting standard PCs to protect complex networks in large enterprises, protecting varied environments like business-issued hardware, programmes for bring-your-own-device (BYOD) and more.
For corporations and private clients, cybersecurity used to be all about protecting the endpoint. Since then, rapid technological growth has forced security firms, such as Bitdefender, to develop new techniques and business strategies that could meet the needs of ever-larger organisations. 86% of all infringements are financially motivated, where risk actors are after financial data, intellectual property, health records, and consumer identities of companies that can be easily sold on the Dark Web.
Cybersecurity has repeatedly become one of the leading anxieties for companies around the world in recent years, and this pattern will worsen in 2020. We expect to see an increase in new specifications as businesses increasingly recover from the current pandemic. The evolution of large-scale breaches symbolises a growing trend in the number and gravity of security breaches. Data breaches frequently disclose confidential information that also puts consumers at risk of identity fraud, damages the reputations of firms, and puts businesses responsible for violations of compliance. Cyber Observer, a comprehensive solution for cybersecurity management and understanding, estimates that by 2021, cybercrime harm is expected to exceed $6 trillion annually.
Security is constantly evolving and there is a possibility that the future might hold much more than what we have seen. We cannot, however, ignore the changes that have been seen from the past several years to where we have gotten to today.
Who We Are
Adroit Market Research is a global business analytics and consulting company. Our target audience is a wide range of corporations, manufacturing companies, product/technology development institutions and industry associations that require understanding of a market’s size, key trends, participants and future outlook of an industry. We intend to become our clients’ knowledge partner and provide them with valuable market insights to help create opportunities that increase their revenues. We follow a code– Explore, Learn and Transform. At our core, we are curious people who love to identify and understand industry patterns, create an insightful study around our findings and churn out money-making roadmaps.
How can businesses celebrate Halloween virtually?
Bring the spooky season to life by virtually gathering the team for fun activities during October. Even though this year’s...
Five key challenges CIOs in insurance will face over the next 12 months
By Andrew Jenkins, Principal in the CIO & Technology Officers Practice at Odgers Berndtson, discusses five challenges CIOs will face as...
Why the future of work hinges on a mutually beneficial employer-employee contract
By Stuart Hearn, CEO and founder of Clear Review, the leader in performance management It feels like there’s been almost continual talk of...
For lenders: 5 reasons for losing a customer
By Matt Cockayne, Chief Commercial Officer at Yapily Businesses of all sizes are battling the ongoing effects caused by the...
Eight Benefits of International Financing
By Luigi Wewege is the Senior Vice President, and Head of Private Banking of Belize based Caye International Bank Lending...
How the UK’s tax system could change to recover from COVID-19
By Finn Houlihan, Director at ATC Tax The economic impact of the COVID-19 pandemic on the British economy continues...
LightArt’s Project Demonstrate What The Future Hold For Real Estate Market
This piece explores how LightArt byTom John Or-Paz seeks to leverage art to improve neighborhoods at scale in the branded...
The digital game plan for CFOs in a post COVID-19 world
By Neil Kinson, Chief of Staff, Redwood Software – explains the digital priorities for CFOs as they prepare for a...
Keynotes Announced: SAP Financial Services Live 2020
We are delighted to announce our Keynote Speakers & Session Titles for the upcoming free to attend digital event for...
Using AI to combat fraud risk
By Andrew Foster, VP consulting, AppZen Fraud experts use three factors to explain the motivation for an individual to commit...