Connect with us

Technology

RISE OF THE MACHINES: BOOSTING ONLINE SECURITY WITH MACHINE LEARNING

Published

on

RISE OF THE MACHINES: BOOSTING ONLINE SECURITY WITH MACHINE LEARNING

By Barry Shteiman, Director of Threat Research at Exabeam 

Security has always been paramount in the banking and finance industry, but these days the most potent threats aren’t the kind that come through the bank’s front door wearing a mask, they are the virtual ones hiding on the IT network or buried inside fraudulent emails. For the security analysts tasked with protecting their institutions against these threats, it’s a daunting prospect.

 It seems like only yesterday that the biggest cyber threats facing many financial institutions were viruses and SQL injections. However, the last decade has seen the cyber landscape change dramatically for the worse when it comes to the volume and variety of threats faced. While the attacks mentioned above had the power to cause significant damage to any organisation, they were also quite easy for any seasoned security analyst to spot. By contrast, many of the most dangerous threats today are specifically designed to fly under the radar, remaining undetected for months or even years, while infecting numerous machines and accounts in the victim’s network.

 Understanding ‘normal’ user behaviour holds the key to modern threat detection 

Many organisations build profiles of normal user behaviour to help them identify potential cyber threats. They do this through the creation of Incident Response (IR) units, where security analysts trawl through large amounts of data in order to understand events that have taken place and make judgements based on the behaviour of those involved. This process typically encompasses detailed analysis of IP addresses used before, during and after an incident, account details and workstations involved etc. As a result, it can take days or weeks to manually analyse each incident and make a final decision. 

To alleviate the manual workload, automation of certain processes is used. It can take various forms, but typical examples are scripts that automate data collection and signatures to detect certain types of attacks. In more recent years, there has also been a rise in the use of event correlation to help uncover well-defined, network-based attacks. An example of this could be an employee logging on from home over the organisation’s VPN, but also using their security badge to enter company property around the same time. Event correlation technology can notify analysts that either the same person is in two places at once, or a potential security incident is taking place. 

Big data presents big challenges 

Unfortunately, for a while it’s been apparent that existing security and intelligence practices are struggling to keep up with the fast-changing cyber security landscape. Without a doubt, data volume is the main driver behind this negative trend. In the modern banking environment, it’s not uncommon for a large financial institution to collect more than 300 terabytes of data per day as a result of larger, more sophisticated data collection activities. To cope with such high volumes, often only 30 days’ worth of data is kept at any time. The thinking being that any more will overwhelm reporting systems. However, as a result, it makes effective security investigations very difficult to conduct over any period longer than this. 

At the same time, the volume of data coming in makes it much harder for IR analysts to quickly identify important trends and correlate them against normal behaviour baselines. The only real way to combat this is to hire more personnel, but even if there were a surplus of security experts out there (which there isn’t), the reality is few institutions have the finances to keep hiring indefinitely. In short, IR teams are simply too overwhelmed to understand where the next threat might be coming from. 

Machines can play a major role in threat detection (but they aren’t a silver bullet) 

While the threat landscape has become more challenging, machines have also become a lot smarter. Recent developments in AI and machine learning have been met with significant hype within the security industry. Unfortunately, many technology vendors haven’t helped themselves with the way they’ve positioned new products and services, resulting in confusion in the market. When customers hear a vendor urging them to “pour data” into their machine learning based analytics engine, they expect magical results. In reality, it simply doesn’t work like that.

 However, that’s not to say these new technologies don’t have a significant role to play. Understanding normal behaviour is one area where artificial intelligence and machine learning can be extremely effective. For example, there are now algorithms that can create context by connecting events into coherent user sessions. Combining these algorithms with statistical analysis can answer a huge range of questions incredibly quickly, such as: ‘is this person an admin?’, ‘is this a real user or a service account?’, or ‘does this activity deviate from this user’s peer group’s activity?’. 

Finding a happy medium 

When faced with the double threat of growing data volumes and more complex online threats, the best solution is to use machine intelligence to augment human intelligence, not replace it. An effective machine-based analytics system can ingest new data, identify irregularities in user activity and stitch together timelines in minutes, saving security analysts weeks at a time. Analysts can then use the machine-generated data to quickly spot any deviations from a user’s normal behaviour. Machines can also be used to automatically assign points against anomalous user behaviour based on their baseline ‘normal’ activity, helping to greatly reduce false positives and alert fatigue.

 Advances in machine learning don’t spell the end for the traditional security team. Far from it. Rather, they exist to make the job of threat detection and data security easier, but only if a happy medium can be found between man and machine.

Technology

The FIVE ways to ensure cyber security this 2021

Published

on

The FIVE ways to ensure cyber security this 2021 1

Web hosting experts Fasthosts give their top five tips for keeping customers secure in 2021

The pandemic has allowed the UK’s e-commerce sector to hit a record number of online sales in 13 years1. So, with more online shoppers than ever before, how can we promise customers online security for a better 2021?

Web hosting experts Fasthosts.co.uk have comprised a list of top tips which will optimise user experience, ensure online security, and protect websites from unauthorised access as we enter the new year.

Fasthosts has pulled together the top five tips for ensuring cyber security and how you can implement them in 2021.

Limit User Access and Restrict Admin Privileges

Ensure cyber security by simply limiting those who can access sensitive information. The more users with the capacity to enter off-limits areas, the greater the likely hood of a cyber-criminal breaching your system.

Through limiting user access, you’re immediately reducing the risk of an online assault on your web space. A hierarchal structure means only those who necessitate access to personal, password, and payment data have the permissions to go ahead and do so.

The framework for a restricted admin website can be as intricate as necessary depending on your needs, but it can also be as simple as creating two different site formats which split up administrators and standard users.

Abide by Best Practice Security Standards

When protecting customer data it’s crucial that you adhere to universal security standards and attain all up-to-date certifications.

Encrypting data transferred between servers is one of the first steps in creating a secure online environment. Secure Sockets Layer (SSL) is a protocol that codes information through 256-bit encryption, making it all but impossible to translate should it be intercepted by a malignant third party. SSL certification also presents your website as legitimacy by proving its safety with a padlock in the address bar and the letters ‘https://’ at the beginning rather than ‘http://’.

If you’re processing payments, you should be following the standards laid out by the Payment Card Industry (PCI). The PCI offers advice on the areas that require particular care, including sensitive authentication data (CAV2, CVC2, CVV2, CID, PINs, PIN blocks, and magnetic stripe data) and a user’s financial information (card number, cardholder name, expiration data, and service code).

You’ll need to complete a self-assessment exam to double-check what level of compliance you’re currently working at and how you can further improve online security.

Constantly Monitor User Activity

Establishing a system that allows you to keep tabs on activity and rapidly respond to suspicious on-site movements is one of the most effective ways of preserving cyber security. By enforcing a framework like this- often referred to as cyber monitoring – it becomes easier to uncover security weak spots, identify common user practices which don’t raise concern, and identify the behaviours of malicious intent.

It’s important to perform regular testing across all of your protective systems. This makes sure your site isn’t open to a to silent attack and puts your security methods into practice.

Encouraging a Strong Password is Crucial

It doesn’t matter how flashy or intricate your security software is, if a user is using a feeble password, your system is left open for opportunist hackers to invade. Passwords that are most easily guessed often include predictable patterns or personal information such as names, birthdays, childhood pets, or popular sports teams.

By making it compulsory to sign up with a more encrypted password, ideally containing at least one random number, capital letter and special character, you’re doing all you can as a responsible website owner to ensure the safety of both your users and customers. Similarly, encouraging users to often update their password helps reduce the potential of hackers accessing sensitive information.

If users are opposed by having to remember a complex password, offer a password manager that keeps track of any changes.

Implement a 2 Factor Authentication

Implement a two-factor authentication. Even if an unwelcome user somehow guesses a user’s password, the intrusion is made very difficult with the additional protective layer.

Two-factor authentication is really simple to use, you send a user a randomised code as an SMS or notification after they’ve entered their correct password. Only after entering the code when prompted will they then be permitted to access the site. Enabling two-factor authentication requires very little effort on a user’s part, but it’s a double-barrelled security measure that makes ensuring the safety of personal and payment data a lot more efficient.

Cyber security is crucial in delivering a reliable website, whether for your customers or administrators. For the full article please visit https://www.fasthosts.co.uk/blog/five-ways-to-ensure-cyber-security-in-2021/

Continue Reading

Technology

Holding Cloud To Account, How Cloud Adds Up In Financial Services

Published

on

Trends influencing the 2020 data storage landscape includeAI, mass adoption of hybrid cloud, object storage at the edge, and cybersecurity

By Dom Poloniecki, General Manager, Western Europe and Sub-Saharan Africa at Nutanix

Cloud computing and the deployment of increasingly cloud-native technologies is happening across every industry vertical. Even in industries where a degree of previous inertia existed such as legal and finance, the drive to cloud flexibility and scalability has become a primary driver for the technology fabric that firms in these markets run on.

As traditionalist operations in the legal trade start to undergo increasing levels of digital transformation, the weighty behemoth systems running financial institutions are also now being carefully and strategically replaced by more efficient, more flexible and more cost effective cloud installations. Now a proud owner of its sub-sector label and hashtag, FinTech is the new financial IT… and FinTech was born on the cloud.

As part of the Third Annual Enterprise Cloud Index report by Nutanix, a specific analysis of the 3,400 IT decision-makers questioned is now dedicated to examining how financial services organisations are using cloud technologies. Looking at the key data points related to Financial Services, we can start to understand the implementation, workload separation and (in most cases still, as of 2020) the migration issues that these firms are experiencing.

In the world of Financial Services cloud computing, the importance of an integrated and intelligently managed hybrid framework can not be overstated. Financial operations can of course draw upon the resource backbone of public cloud for their foundational operational technology requirements. However, they often still need to run a carefully deployed private cloud footprint commensurate with the privacy and security needs of any organisation operating in the financial sector.

The central importance of hybrid

Hybrid cloud and the use of Hyperconverged Infrastructure (HCI) is therefore a key cornerstone for Financial Services hybrid cloud development. This is the route to a cohesively managed hybrid cloud environment, where workloads are optimised according to the security, performance and compliance needs arising from the use case of the data and applications at hand.

The Nutanix Enterprise Cloud Index findings back this reality up and show that the majority (86%) of financial services respondents identify hybrid private/public cloud as the ideal IT operating model for their organisation. So much momentum is there now in this space that financial services companies are running more applications in private clouds than most other industries polled. Their reported usage of private cloud (39%) outpaces all other industries except for IT, tech and telecoms (40%).

As a further validating and driving factor here, HCI is the lower substrate technology behind the big public cloud offerings from Amazon, Google and Microsoft. So HCI and the wider hybrid approach is no longer perceived as ‘just’ a route to cost savings, which perhaps it was as recently as half a decade ago; it now represents an important enabling and facilitating technology to reduce complexity and increase scalability. In the hybrid cloud world where cost is no longer the main driver for cloud implementation, we can say that we have moved on to a point where we identify the ability to ‘achieve business outcomes’ as the primary driver.

HCI for modernised financial challengers

Given the growth of so-called ‘challenger banks’ shaking up financial services with new online services, extended customer loyalty offers driven through dedicated mobile banking applications and other fast-moving business models, traditional financial institutions have realised that they need to become altogether more agile.

Adopting hybrid cloud in Financial Services allows even older and more established firms to build scalable and easily managed private clouds as part of a hybrid cloud model. This scalability can be engineered for rapid growth when and where it happens, but it is also scalability that enables financial organisations to rein in compute resources serving banking products that have proved to be end-of-life and ultimately laid dormant or retired.

It’s important to remember that, as powerful as it is, cloud can still be a complex consideration, especially when aggressively deployed in an essentially hybrid mix of public and private cloud instances. The Enterprise Cloud Index found that for every aggressive hybrid design being deployed, there is an equally aggressive drive to deploy Hyperconverged Infrastructure (HCI).

This is because HCI helps accelerate cloud adoption by sharply reducing the time it takes to build the software-defined infrastructure necessary to support private cloud. It also supports the rapid capacity expansion that enables the scalability benefits of cloud technology. Nearly 50% of the financial sector respondents said they’ve either fully deployed HCI or are in the process of doing so. Another 38% said they will be deploying HCI within the next 12 to 24 months.

It is difficult not to mention the impact and legacy of 2020 and the global pandemic on the financial services technology market space. More than three quarters (78%) of financial services respondents said Covid-19 has caused IT to be viewed more strategically in their organisations. In addition, 50% of financial services respondents said they increased their investment in hybrid cloud as a direct result of the pandemic.

Choice: from the bank teller to the backbone

The key point we keep coming back to here is choice. As financial institutions will be working to offer corporate and individual customers the widest choice of products and services, so too will they need to gain choice of operational compute fabric in the shape of the cloud deployments that they do actually make. More specifically, it’s about these Financial Services businesses having the flexibility to concentrate on the delivery of strategic business outcomes quickly, easily and – crucially – without the need to keep within the limitations of a particular supporting IT model.

As previous Nutanix surveys have shown, companies consistently express a desire for the ability to run workloads in the infrastructure best suited to them, based on a variety of criteria. Be that wanting to enhance security; rapidly on-board new apps during takeovers and acquisitions; reach new markets with different compliance needs and so on.

Over the next five years, financial services organisations expect a significant drop of 13 percentage points in their use of non-cloud-enabled datacentre technology, taking them down to less than 1% penetration. As in almost all aspects of life, some products, tools and processes that we took as standard parts of the way the world works are eventually superseded.

Nobody uses a ‘flatbed slider’ paper-slip credit card reader anymore to take a payment – and nobody will use non-cloud financial services IT functions in the very near future. There may be a few archaic legacy hangers-on, but they’ll be nothing more than the exception that proves the rule. Hybrid cloud for our Financial Services’ future? That’ll do nicely.

Continue Reading

Technology

First of a kind Virtual Coffee Machine app with social meeting moments to support workforce wellbeing in a remote workplace

Published

on

First of a kind Virtual Coffee Machine app with social meeting moments to support workforce wellbeing in a remote workplace 2

Powell Software’s first in a series of wellbeing technology innovations help remote employees socially connect with colleagues and keep the workplace culture alive

As the third UK lockdown continues and many countries worldwide face severe restrictions, Powell Software, a global organisation creating digital solutions and tools for the digital workplace, has launched the first of its kind Virtual Coffee Machine, an application within Microsoft Teams to ensure employees stay better connected, positively engaged and take regular breaks while working from home.

With employee wellbeing at the top of the global workforce agenda for 2021, Powell’s Virtual Coffee Machine app positively connects employees through virtual chats to maintain a culture of togetherness, even when apart.

Replacing the absence of the in-person coffee catch up, HR can swiftly set up a Virtual Coffee Machine break within any Teams channel, encouraging employees to take regular short breaks while inspiring networking and socialising between colleagues.

Matthieu Silbermann, Chief Product Officer at Powell Software said: “The effects of the Pandemic have reshaped the Digital Workplace and research has found that three quarters of employers intend to shift some employees to remote work permanently. However, with one in five remote employees naming loneliness as their top complaint regarding work from home, reinforcing togetherness needs to be a top priority.”

Take a virtual coffee

HR can set up a Virtual Coffee Machine meeting within any Teams channel defining time, frequency and date, and number of people. The app then uses an algorithm that collects data from employees registered in Powell Teams, automatically comparing outlook calendars and generating meeting invites based on the criteria of the meeting. For example, if the Virtual Coffee Machine meeting criteria was set at a maximum of five people and ten people are available to join then two meeting invitations would be sent.

Virtual Coffee Machine consciously avoids one to one or full team meetings, focusing on creating intimate, short social breaks where employees can take time out to engage with colleagues in a positive digital space.  Colleagues can also ‘travel’ to differently located virtual offices across their organisation to meet colleagues for a coffee break in different virtual buildings.

Employees are unaware of who else will join the group until the event, to encourage different team members to meet, chat and get to know each other. The app automatically books an agenda and also suggests ice breakers like ‘what was the last film you saw or book’?

If a team member does not want to or cannot join a Virtual Coffee Meeting, they simply decline the meeting invitation.

Silbermann continues: “Powell Software is passionate about connecting employees to their organisation and to each other, ensuring that they have a positive and stimulating experience at work, every day. Remote workers need to be connected, they need to feel part of the company, the culture and feel able to socialise in the hybrid or remote workplace.

“Powell’s new Virtual Coffee Machine app is all about the employee. We all miss the little social moments at the office, whether they be at the coffee machine or the cold water fountain. Coffee Machine allows us to progressively see our workplaces positively come to life again in a virtual way, promoting connectivity, collaboration and employee wellbeing. It’s part of a bigger goal and series of initiatives to bring the virtual building to life.”

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

Sterling rises above $1.37 for first time since 2018; UK inflation rises 3 Sterling rises above $1.37 for first time since 2018; UK inflation rises 4
Finance45 mins ago

Sterling rises above $1.37 for first time since 2018; UK inflation rises

By Elizabeth Howcroft LONDON (Reuters) – A combination of heightened risk appetite in global markets and UK-specific optimism lifted the...

Euro sinks amid broader risk rally against dollar 5 Euro sinks amid broader risk rally against dollar 6
Finance47 mins ago

Euro sinks amid broader risk rally against dollar

By Ritvik Carvalho LONDON (Reuters) – The euro struggled to join a broader risk rally against the dollar on Wednesday...

Bank of England adapts bank stress test for pandemic era 7 Bank of England adapts bank stress test for pandemic era 8
Banking50 mins ago

Bank of England adapts bank stress test for pandemic era

By Huw Jones LONDON (Reuters) – The Bank of England’s health check on banks this year will seek to ensure...

Britain to publish new weekly consumer spending data 9 Britain to publish new weekly consumer spending data 10
Finance52 mins ago

Britain to publish new weekly consumer spending data

LONDON (Reuters) – Britain’s statistics office said it would publish new weekly consumer spending data from Thursday, based on credit...

Mercedes unveils electric compact SUV in bid to outdo Tesla 11 Mercedes unveils electric compact SUV in bid to outdo Tesla 12
Business1 hour ago

Mercedes unveils electric compact SUV in bid to outdo Tesla

By Nick Carey (Reuters) – Daimler AG’s Mercedes-Benz on Wednesday unveiled the EQA, a new electric compact SUV as part...

England soccer star Rashford nets younger buyers for Burberry 13 England soccer star Rashford nets younger buyers for Burberry 14
Top Stories2 hours ago

England soccer star Rashford nets younger buyers for Burberry

By Sarah Young LONDON (Reuters) – Burberry stuck to its full-year goals on Wednesday after a media campaign fronted by...

Wetherspoon shares higher after raising cash at top end of expectations 15 Wetherspoon shares higher after raising cash at top end of expectations 16
Business2 hours ago

Wetherspoon shares higher after raising cash at top end of expectations

(Reuters) – Britain’s Wetherspoon priced its sale of 93.7 million pounds ($127.92 million) worth of new shares at the top...

UK regulator slams waiting times, patient records at trans clinic 17 UK regulator slams waiting times, patient records at trans clinic 18
Business2 hours ago

UK regulator slams waiting times, patient records at trans clinic

By Rachel Savage LONDON (Thomson Reuters Foundation) – England’s only youth gender identity clinic faced criticism on Wednesday from the...

Kenya slum dwellers battle COVID-19 downturn with virtual currency 19 Kenya slum dwellers battle COVID-19 downturn with virtual currency 20
Finance2 hours ago

Kenya slum dwellers battle COVID-19 downturn with virtual currency

By Kagondu Njagi NAIROBI (Thomson Reuters Foundation) – Sitting on a low bench at her shop in a Nairobi slum,...

Bank of England adapts bank stress test for pandemic era 21 Bank of England adapts bank stress test for pandemic era 22
Finance2 hours ago

Bank of England adapts bank stress test for pandemic era

By Huw Jones LONDON (Reuters) – The Bank of England said on Wednesday the aim of its banking stress test...

Newsletters with Secrets & Analysis. Subscribe Now