Connect with us

Technology

The need to reset and reinforce security posture will be 2021’s key themes, says Infosecurity Europe’s leader community 

Published

on

The need to reset and reinforce security posture will be 2021’s key themes, says Infosecurity Europe’s leader community  1

Speed of change means threat landscape could outrun cybersecurity defences – with insider threats and ransomware presenting greatest risk 

Richmond, Surrey, UK, 0900 hours, 10 December 2020 – 2021 will be a year for organisations to reset, and to fortify their cybersecurity resilience, according to Infosecurity Europe’s community of security leaders. Europe’s number one information security event asked its network of CISOs and analysts to comment on the major trends and changes they foresee shaping the next 12 months. Overall, they expect companies to focus on consolidating and reinforcing their security posture as the full consequences of 2020’s rapid changes become apparent.

This is a world that Maxine Holt, Senior Research Director at Omdia, calls “the reset normal”. She says: “From a security perspective, it’s been difficult to maintain pace with the speed of change. COVID-19 accelerated cloud journeys, for instance, and security was at best an afterthought. Security functions applied temporary measures, and they will now peel back the sticking plaster and build more sustainable security for new ways of working. This should include upskilling staff in cloud security expertise, and looking at technology that can prevent, detect and respond to security incidents in these evolved environments.”

The threat landscape will continue to evolve at a speed that outpaces the cybersecurity industry, according to Becky Pinkard, CISO of Aldemore Bank. “I’d like to see companies buckle down on the ‘foundations of security’, moving into an era of never-before-seen strength on the frontline fight against cyber threats,” she says. “However, I predict we’ll see more of the same when it comes to security awareness, patching and risk prioritisation. The industry is maturing, but at a glacial pace. Until we pick up that pace, the current overall defensive posture will persist.”

Troy HuntMicrosoft Regional Director and Founder of Have I Been Pwned, expects the world to wake up to the full impact of “doing a lot more digitally” on exposure to risk. “We’ve adapted and adjusted to being at home more, in terms of new social norms as well as digital norms. We know how to do it. However, we can’t escape the fact that doing so much more online increases the entire attack surface. The volume of data businesses are collecting and digitising has risen, and a lot of this is sitting on someone else’s cloud. We need to work differently, have conversations differently, collect data differently, and secure things differently.”

When it comes to the threats that will come to the fore in 2021, Heidi Shey, Principal Analyst serving Security and Risk Professionals with Forrester Research, believes insider incidents will be an area of increased concern. “Pandemic-related uncertainty and remote work environments have collided to create the ideal conditions,” she explains. “We expect one-third of security breaches will be caused by insider threats in the coming year, up from 25% today. These may be due to accidental or inadvertent data misuse, or malicious intent. As part of their defence, firms should add capabilities for detecting insider threats, and improve the employee experience.”

Maxine Holt anticipates that increasingly demanding and sophisticated ransomware will dominate the threat landscape. “It isn’t new, but it’s really grabbing attention right now,” she points out. “The Manchester United cyberattack is a high-profile example of what many organisations will continue to face – and depending on where the company is registered, they could be caught between a rock and a hard place when it comes to paying ransoms, potentially recovering data, and incurring fines. Compliance and privacy both need to be ramped up.”

Heidi Shey believes that customer and employee privacy will become a strategic business imperative in the next 12 months, as a key part of cyber resilience. “Consumers will increasingly prefer to engage with and entrust their data to ethical businesses, and this will drive firms to embed privacy into the customer experience. We expect regulatory and legal activity related to employee privacy will double, and employee privacy lawsuits will multiply. Companies must take a privacy-by-design approach when handling employee data, including assessing specific privacy and ethical risks, and communicating transparently.”

On the topic of building resilience, Becky Pinkard suggests that the pandemic created a proving ground for companies to evolve their understanding of business continuity and disaster recovery. “2020 forced companies to pay a lot more attention to what services customers need, and what they depend on most – and to evolve and scale digital transformation perhaps faster than they were ready for! In 2021 we’re likely to see companies looking at these exercises in business continuity, testing, poking and prodding them to make sure they’re ready for the next big challenge.”

Infosecurity Europe also probed its leader community on the new technology capabilities companies are likely to take advantage of in the coming year. “We need to start stretching and extending ourselves and understanding areas such as AI, machine learning and quantum computing before they’re upon us,” advises Becky Pinkard. “There was a sense of urgency during COVID-19, with people adopting cloud, for example, under duress…suddenly it was upon us! I hope we all learn from this and become more proactive in exploring capabilities to help us with resilience.”

Heidi Shey predicts that pressure on budgets will lead to an increased uptake of risk quantification technology. “In 2021, CISOs will have to prioritise what they do and where they invest to overcome audit issues, manage risks, and protect the enterprise,” she says. “Risk quantification solutions that provide specific insights into the criticality of assets, as well as the potential impact of an issue in real time with business context, will help security leaders determine what stays, what goes, and where limited increases should go.”

When it comes to innovation, Troy Hunt predicts there will be advances in smarter authentication schemes; but believes passwords will be around for some time yet. “We know we have problems with passwords – but we won’t be getting rid of them this year, or even this decade!” he states. “We’ve had to come up with smarter authentication schemes as the attack surface has grown – and biometrics have allowed us to authenticate in lower friction ways, using face ID and fingerprint readers for example. We’ll see authentication themes continue to get better and better. I’d make a bet with anyone that when we get to 2030 we’ll have more passwords than we do today! But better ways of authentication will mean we don’t have to use them.”

Nicole Mills, Senior Exhibition Director at Infosecurity Group, comments: “We won’t see things return to normal in 2021, but the year will mark the start of the transition back to a more stable way of working and living. The trends that have been accelerated by the pandemic will embed themselves into business and society, and new challenges and threat vectors will become evident. Security and risk professionals must adapt to the new reality, keeping up with the speed of ongoing change, while fortifying their resilience – consolidating and reinforcing their security posture.”

Infosecurity Europe, now in its 25th year, takes place at Olympia, Hammersmith, London, from 8-10 June 2021. It brings together information security professionals attending from every segment of the industry, as well the leading industry suppliers showcasing their products and services, industry analysts, worldwide press and policy experts. Expert practitioners are lined up to take part in the free-to-attend conference, seminar and workshop programme. Find out more at https://www.infosecurityeurope.com 

Technology

Does your institution have operational resilience? Testing cyber resilience may be a good way to find out

Published

on

REMOTE WORKING STRATEGY REQUIRED TO STRENGTHEN CYBER RESILIENCE

By Callum Roxan, Head of Threat Intelligence, F-Secure

If ever 2020 had a lesson, it was that no organization can possibly prepare for every conceivable outcome. Yet building one particular skill will make any crisis easier to handle: operational resilience.

Many financial institutions have already devoted resources to building operational resilience. Unfortunately, this often takes what Miles Celic, Chief Executive Officer of TheCityUK, calls a “near death” experience for this conversion to occur. “Recent years have seen a number of cases of loss of reputation, reduced enterprise value and senior executive casualties from operational incidents that have been badly handled,” he wrote.

But it need not take a disaster to learn this vital lesson.

“Operational resilience means not only planning around specific, identified risks,” Charlotte Gerken, the executive director of the Bank of England, said in a 2017 speech on operational resilience. “We want firms to plan on the assumption that any part of their infrastructure could be impacted, whatever the reason.” Gerken noted that firms that had successfully achieved a level of resilience that survives a crisis had established the necessary mechanisms to bring the business together to respond where and when risks materialised, no matter why or how.

We’ll talk about the bit we know best here; by testing for cyber resilience, a company can do more than prepare for the worst sort of attacks it may face. This process can help any business get a clearer view of how it operates, and how well it is prepared for all kinds of surprises.

Assumptions and the mechanisms they should produce are the best way to prepare for the unknown. But, as the boxer Mike Tyson once said, “Everyone has a plan until they get punched in the mouth.” The aim of cyber resilience is to build an effective security posture that survives that first punch, and the several that are likely to follow. So how can an institution be confident that they’ve achieved genuine operational resilience?

This requires an organization to honestly assess itself through the motto inscribed at the front of the Temple of Delphi: “Know thyself.” And when it comes to cyber security, there is a way for an organization to test just how thoroughly it comprehends its own strengths and weaknesses.

Callum Roxan

Callum Roxan

The Bank of England was the first central bank to help develop the framework for institutions to test the integrity of their systems. CBEST is made up of controlled, bespoke, intelligence-led cyber security tests that replicate behaviours of those threat actors, and often have unforeseen or secondary benefits. Gerken notes that the “firms that did best in the testing tended to be those that really understood their organisations. They understood their own needs, strengths and weaknesses, and reflected this in the way they built resilience.”

In short, testing cyber resilience can provide clear insight into an institution’s operational resilience in general.

Gaining that specific knowledge without a “near-death” experience is obviously a significant win for any establishment. And testing for operational resilience throughout the industry can provide some reminders of the steps every organization should take so that testing provides unique insists about their institution, and not just a checklist of cyber defence basics.

The IIF/McKinsey Cyber Resilience Survey of the financial services industry released in March lasy year provided six sets of immediate actions that institutions could take to improve their cyber security posture. The toplines of these recommendations were:

  1. Do the basics, patch your vulnerabilities.
  2. Review your cloud architecture and security capabilities.
  3. Reduce your supply chain risk.
  4. Practice your incident response and recovery capabilities.
  5. Set aside a specific cyber security budget and prioritise it
  6. Build a skilled talent pool and optimize resources through automation.

But let’s be honest: If simply reading a solid list of recommendations created cyber resilience, cyber criminals would be out of business. Unfortunately, cyber crime as a business is booming and threat actors targeting essential financial institutions through cyber attacks are likely earning billions in the trillion dollar industry of financial crime.A list can’t reveal an institution’s unique weaknesses, those security failings and chokepoints that could shudder operations, not just during a successful cyber attack but during various other crises that challenge their operations. And the failings that lead to flaws in an institution’s cyber defence likely reverberate throughout the organization as liabilities that other crises would likely expose.

The best way to get a sense of operational resilience will always be to simulate the worst that attackers can summon. That’s why the time to test yourself is now, before someone else does.

Continue Reading

Technology

Thomson Reuters to stress AI, machine learning in a post-pandemic world

Published

on

gbaf1news

By Kenneth Li and Nick Zieminski

NEW YORK (Reuters) – Thomson Reuters Corp will streamline technology, close offices and rely more on machines to prepare for a post-pandemic world, the news and information group said on Tuesday, as it reported higher sales and operating profit.

The Toronto-headquartered company will spend $500 million to $600 million over two years to burnish its technology credentials, investing in AI and machine learning to get data faster to professional customers increasingly working from home during the coronavirus crisis.

It will transition from a content provider to a content-driven technology company, and from a holding company to an operational structure.

Thomson Reuters’ New York- and Toronto-listed shares each gained more than 8%.

It aims to cut annual operating expenses by $600 million through eliminating duplicate functions, modernizing and consolidating technology, as well as through attrition and shrinking its real estate footprint. Layoffs are not a focus of the cost cuts and there are no current plans to divest assets as part of this plan, the company said.

“We look at the changing behaviors as a result of COVID … on professionals working from home working remotely being much more reliant on 24-7, digital always-on, sort of real-time always available information, served through software and powered by AI and ML (machine learning),” Chief Executive Steve Hasker said in an interview.

Sales growth is forecast to accelerate in each of the next three years compared with 1.3% reported sales growth for 2020, the company said in its earnings release.

Thomson Reuters, which owns Reuters News, said revenues rose 2% to $1.62 billion, while its operating profit jumped more than 300% to $956 million, reflecting the sale of an investment and other items.

Its three main divisions, Legal Professionals, Tax & Accounting Professionals, and Corporates, all showed higher organic quarterly sales and adjusted profit. As part of the two-year change program, the corporate, legal and tax side will operate more as one customer-facing entity.

Adjusted earnings per share of 54 cents were ahead of the 46 cents expected, based on data from Refinitiv.

The company raised its annual dividend by 10 cents to $1.62 per share.

The Reuters News business showed lower revenue in the fourth quarter. In January, Stephen J. Adler, Reuters’ editor-in-chief for the past decade, said he would retire in April from the world’s largest international news provider.

Thomson Reuters also said its stake in The London Stock Exchange is now worth about $11.2 billion.

The LSE last month completed its $27-billion takeover of data and analytics business Refinitiv, 45%-owned by Thomson Reuters.

(Reporting by Ken Li, writing by Nick Zieminski in New York, editing by Louise Heavens and Jane Merriman)

 

Continue Reading

Technology

Putting data protection back on the financial agenda

Published

on

Putting data protection back on the financial agenda 2

By Wim Stoop, CDP Customer and Product Director, Cloudera

Despite the wave of changes that Brexit has brought financial organisations, from the end of ‘passporting’ to uncertainty over the longer-term equivalence rules, one thing has remained a constant — data privacy regulations are a core responsibility to protect sensitive data and mitigate data breaches. From PSD2 to GDPR, financial institutions need to ensure they are still processing and transferring data in accordance with the industry’s stringent rules and regulations. If not, they risk fines of up to £17.5 million or 4% of their company’s annual global turnover.

As the stakes get higher, the amount of data which financial enterprises are having to deal with is on the rise too. In fact, research by IDC estimated that businesses created and captured 6.4 zettabytes of new data last year alone. This increase in data production has linked to the pandemic and the move to remote working. Replacing face-to-face interactions with online communications has meant that financial businesses suddenly had to cope with a larger amount of data flowing through their networks. In addition, employees working from home are increasingly doing so on potentially unsecured devices, outside of the corporate network, risking exposure and data breaches according to numerous cybersecurity reports.

With an extensive stock of sensitive customer data and so many regulations to keep on top of, remaining compliant can feel overwhelming for financial organisations. However, this shouldn’t be the case. Today we often see businesses trying to retrofit data protection strategies, or take a reactive approach to external forces. Instead, they should be taking a proactive stance on data management. In doing so, security becomes a natural side-effect and financial companies can operate with the assurance that no matter what new regulations come into play, they are compliant. The question is, how to achieve this?

Taking a proactive approach to data privacy

To remain compliant, financial institutions need to get on top of their data. When data is sat in siloes, on legacy systems, it’s inaccessible to all and it becomes a challenge to identify what is sensitive and what isn’t. Poorly managed data can’t be protected and the risk of data breaches increases. By contrast, when properly controlled and stored, it becomes easy to apply data security rules.

From customer names and contact details to transaction records and PINs, financial organisations hold a lot of personal and financial data on customers. However, the trick is understanding that all data holds varying degrees of sensitivity and thus, needs to be managed accordingly. For instance, a customer’s bank account details are more sensitive, compared to their basic personal data, such as name and address, which are usually publicly accessible. By proactively identifying, prioritising and classifying data by its degree of sensitivity, financial companies can apply any and all data protection rules that are necessary, such as restricting certain users from accessing highly confidential information.

Yet, this identification process is often looked at as a reactive measure by many financial businesses. The challenge in proactive data management lies in an organisation’s ability to eliminate the frictions it has in tracking, identifying and classifying information, as opposed to doing so retrospectively. After all, data classification plays a vital role in ensuring data protection is upheld.

A proactive approach is integral to effective data management and governance. The first step in achieving this approach involves creating a data marketplace, or a curated, secured and governed data repository. Having something like a data marketplace in place means that as soon as data enters an organisation, enterprises can determine its degree of sensitivity, how it should be managed, and which analytics need to be run, to extract the most value out of the data.

Once these steps are taken, compliance and data privacy happen almost naturally and become ingrained in the business. When companies are aware of every single piece of data in their possession, they can know exactly how it’s being protected. Such a robust strategy ensures that institutions meet the high standards of trust that their customers have bestowed upon them in protecting their personal data. And, with this level of control, enterprises can avoid data lockout, reduce friction for employees, and optimise the value they unlock from their data. At the same time, they can have the peace of mind that they are compliant and protected.

A business-ready solution for data protection

With so many rules and regulations to keep track of, data protection shouldn’t be another worry to add to the list. Financial companies can maximise the efficacy of their existing security and governance strategies by applying it to all datasets across the enterprise – whether that be on-premise, in the cloud, or a combination of the two. In particular, as a scalable and low-cost solution, organisations are increasingly turning to the cloud for their data management needs. It’s expected that over half (51%) of business data will be stored in the cloud by 2024.

This is where an enterprise data cloud (EDC) really shows it’s worth, allowing financial companies to keep their data protected, compliant, and successfully governed. Simply put, an EDC is a hybrid and multi-cloud platform that harnesses analytics at every stage of the data lifecycle. It enables organisations to extract the true value of their data while still providing a consistent layer of security.

An EDC gives financial businesses a single source of truth, built on technology that operates on any cloud environment and right through to the edge. Armed with an EDC, companies have complete visibility over their data, no matter where it resides in the enterprise or the data lifecycle, easing the task of managing and protecting data. On top of this, an EDC supports a variety of data functions, including the data marketplace, and works to provide control, visibility and examination over data. With all these aspects working together, financial institutions can ensure that all data which passes through their infrastructure and into the data marketplace is efficiently governed and protected.

Bringing technology, people, and process together

Technological solutions, like an EDC, work at their maximum potential when they are in harmony with people and process. But, the triad has been thrown off balance by the rise of remote working and reduction in staff numbers. While all businesses recognise that sensitive data needs to be encrypted and access should be restricted, this has been a difficult feat as employees work from home and use devices outside of the traditional network security parameters. In fact, nearly half (48%) of employees are less likely to follow safe data practices when working from home. This will exponentially increase the risk of data breaches.

In addition, with almost a fifth (18%) of the UK workforce on furlough and team numbers shrinking, companies don’t have the same amount of manpower to validate both the systems being used, as well as the data being run in these systems, to ensure that they are compliant. Within the office environment, organisations were able to create ‘islands of perfect governance’, with all departments being aware of the applications used to manage data and therefore, guaranteeing higher levels of compliance. However, these safety nets have collapsed during home working and it’s become more difficult to ensure the security and privacy of data within an enterprise.

What’s needed here is an overarching framework that provides a standard for data governance. This is enabled by having the right technology solution, a proactive approach to data management and people within a business supporting it from the bottom up in place — forming a triad that works in perfect harmony. A framework such as this also enables enterprises to assess what they need to do to create data protection rules internally that ensure compliance, and allows employees to self-check their data security protocols eliminating any uncertainty about protecting sensitive data.

It is important to remember that the right technology alone won’t make people compliant – whether they are working in an office or remotely. Rather, as pointed out above, it is technology, people, and process, working in sync, that will ensure that regulations are adhered to and data is managed and protected.

Long-lasting success with data protection

With data volumes growing and remote working creating security vulnerabilities, financial businesses need to get on top of their data from the get-go. By proactively identifying sensitive data, accurately securing it, and delivering trusted data to end-users, the right data can be put into the hands of the right people.

Creating a watertight data privacy strategy requires financial organisations to deliver a uniform approach to data management and protection across departments to ensure compliance. In addition, harnessing technology, such as an EDC, will provide visibility and control over sensitive data, enabling financial institutions to unlock real-time insights from their data while still providing a consistent layer of security. With technology, people and process in harmony, enterprises can operate with the confidence that their data is being managed successfully and they are compliant with both existing and new regulations.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

OPEC+ to weigh modest oil output boost at meeting - sources 3 OPEC+ to weigh modest oil output boost at meeting - sources 4
Top Stories2 mins ago

OPEC+ to weigh modest oil output boost at meeting – sources

By Ahmad Ghaddar, Alex Lawler and Olesya Astakhova LONDON/MOSCOW (Reuters) – OPEC+ oil producers will discuss a modest easing of...

Energy, bank stocks drive FTSE 100 higher 5 Energy, bank stocks drive FTSE 100 higher 6
Investing7 mins ago

Energy, bank stocks drive FTSE 100 higher

By Shivani Kumaresan and Amal S (Reuters) – Britain’s main stock index recouped early losses to end Wednesday higher, as...

European shares end higher on upbeat German data 7 European shares end higher on upbeat German data 8
Investing8 mins ago

European shares end higher on upbeat German data

By Shashank Nayar and Ambar Warrick (Reuters) – European shares rose on Wednesday as sectors primed to benefit from economic...

Dollar struggles as Powell stays dovish course; pound, loonie soar 9 Dollar struggles as Powell stays dovish course; pound, loonie soar 10
Trading9 mins ago

Dollar struggles as Powell stays dovish course; pound, loonie soar

By Kate Duguid NEW YORK (Reuters) – The dollar struggled on Wednesday morning as dovish testimony from Fed Chair Jerome...

Running boom to help Puma recover after slow start 12 Running boom to help Puma recover after slow start 13
Business16 mins ago

Running boom to help Puma recover after slow start

By Emma Thomasson BERLIN (Reuters) – German sportswear company Puma expects the financial impact from coronavirus lockdowns to last well...

Reasons Why You Should Be Opening an Offshore Savings Account Today 14 Reasons Why You Should Be Opening an Offshore Savings Account Today 15
Banking3 hours ago

Reasons Why You Should Be Opening an Offshore Savings Account Today

No one has to convince you that savings accounts are a bad idea. As a safe investment, this approach is...

Vodafone's towers arm plans biggest European IPO of 2021 so far 16 Vodafone's towers arm plans biggest European IPO of 2021 so far 17
Investing5 hours ago

Vodafone’s towers arm plans biggest European IPO of 2021 so far

By Paul Sandle and Arno Schuetze LONDON/FRANKFURT (Reuters) – Vantage Towers, the mobile masts company spun out of Vodafone Group,...

UK's Sunak to build bridge to recovery with more spending 18 UK's Sunak to build bridge to recovery with more spending 19
Top Stories5 hours ago

UK’s Sunak to build bridge to recovery with more spending

By William Schomberg LONDON (Reuters) – British finance minister Rishi Sunak will next week promise yet more spending to prop...

Oil rises despite surprise U.S. stock build weighs 20 Oil rises despite surprise U.S. stock build weighs 21
Investing5 hours ago

Oil rises despite surprise U.S. stock build weighs

By Ahmad Ghaddar LONDON (Reuters) – Oil prices firmed on Wednesday amid continued outages in the United States and a...

Sterling touches $1.42, hits highest vs euro in a year 22 Sterling touches $1.42, hits highest vs euro in a year 23
Trading5 hours ago

Sterling touches $1.42, hits highest vs euro in a year

By Ritvik Carvalho LONDON (Reuters) – Sterling hit $1.42 on Wednesday, coming within touching distance of $1.43, while also reaching...

Newsletters with Secrets & Analysis. Subscribe Now