Ian Kilpatrick, EVP (Executive Vice-President) Cyber Security for Nuvias Group, looks at the rapidly changing security scenario faced by companies
- Security blossoms in the boardroom
Sadly, security breaches will continue to be a regular occurrence and organisations will struggle to deal with them. New security challenges will abound and these will grab attention in the boardroom. Senior management is increasingly focusing on security issues and recognising them as a core business risk, rather than the responsibility of the IT department alone. The coming year will see further commitment from the boardroom to ensure that organisations are protected.
- Ransomware has not gone away
Too much money is being made from ransomware for it to disappear – it won’t. According to Cyber Security Ventures, global ransomware damage costs for 2017 will exceed US$ 5 billion, with the average amount paid in ransom among office workers around US$ 1400. Companies can help prevent ransomware by tracking everything coming in and out of the network and running AV solutions with anti- ransomware protection. And, of course, you should do regular backups to a structured plan, based around your own business requirements – and make sure you test the plans.
- IoT – a security time-bomb
IoT is a rapidly growing phenomenon which will accelerate, as both consumers and businesses opt for the convenience and benefits that IoT brings. However, manufacturers are not yet routinely building security into IoT devices and we will see further problems generated through the use of insecure IoT. IoT is a major threat and possibly the biggest threat to businesses in the coming years. Unfortunately, it is not easy, and in some cases impossible, to bolt on security as an afterthought with IoT, and many organisations will find it challenging to deal with the consequences of such breaches. As IoT cascades through organisations’ infrastructures, it is likely to become the ultimate Trojan horse.
- More from the Shadow Brokers
The Shadow Brokers, a hacker group which stole hacking tools from the American National Security Agency (NSA), created havoc in 2017 with the Wannacry ransomware episode. The group has already stated that it will soon release newer NSA hacking tools, with targets that might include vulnerabilities in Windows 10.
There will certainly be further episodes from them, so patch management, security and regular backups will be more crucial than ever. A major target of these hackers is the data that organisations hold, including PII (Personally Identifiable Information) and corporate data, so protecting the data ‘crown jewels’ inside the network will become ever more crucial.
- GDPR – have most businesses missed the point?
Most organisations are missing the main point about GDPR. It is about identifying, protecting and managing PII – any information that could potentially identify a specific individual. This will become more important and there will be considerable focus on identifying, securing and, where required, deleting PII held on networks.
- GDPR Blackmail – the new ransomware?
Unfortunately, GDPR will give a great opportunity to criminals, hackers, disgruntled staff and anyone who might want to do an organisation harm. They simply have to ask you to identify what data you hold on them, ask for it to be erased, and ask for proof that it has been done. If you can’t comply, they can threaten to go public – exposing you to the risk of huge fines – unless you pay them money. Watch out for that one!
- DDoS on the rise
It is now possible for anyone to ‘rent’ a DDoS attack on the internet. For as little as US$ 5, you can actually pay someone to do the attack for you! https://securelist.com/the-cost-of-launching-a-ddos-attack/77784/. This is just one of the reasons DDoS threats will continue to escalate, alongside the cost of dealing with them. The dangers of DDoS for smaller companies are that it will leave them unable to do business. For larger organisations, DDoS attacks can overwhelm systems. Remember that DDoS is significantly under-reported, as no-one wants to admit they have been under attack!
- Cloud insecurity – it’s up to you
Problems with cloud insecurity will continue to grow as users put more and more data on the cloud, without, in many cases, properly working out how to secure it. It is not the cloud providers’ responsibility to secure the information – it is down to the user. GDPR makes it even more important to ensure that PII stored in the cloud is properly protected. Failure to do so could bring serious financial consequences.
- The insider threat
Historically, insider threats have been underestimated, yet they were still a primary cause of security incidents in 2017. The causes may be malicious actions by staff or simply poor staff cyber-hygiene – i.e. staff not using the appropriate behaviour required to ensure online “health.” There will be growth in cyber education, coupled with more testing, measuring and monitoring of staff behaviour. This increasingly involves training and automated testing, such as simulated phishing and social engineering attacks.
- Time to ditch those simple passwords
Simple passwords will be even more highlighted as an insecure ‘secure’ method of access. Once a password is compromised, then all other sites with that same user password are also vulnerable. As staff often use the same passwords for business as they use personally, businesses are left vulnerable. While complex passwords do have a superficial attraction, there are many challenges around that approach and multi-factor authentication is a vastly superior method of access.
Bio of author
Ian Kilpatrick, EVP (Executive Vice-President) Cyber Security for Nuvias Group
A leading and influential figure in the IT channel, Ian now heads up the Nuvias Cyber Security Practice. He has overall responsibility for cyber security strategy, as well as being a Nuvias board member. Ian brings many years of channel experience, particularly in security, to Nuvias. He was a founder member of the award-winning Wick Hill Group in the 1970s and thanks to his enthusiasm, motivational abilities and drive, led the company through its successful growth and development, to become a leading, international, value-added distributor, focused on security. Wick Hill was acquired by Nuvias in July 2015.
Ian is a thought leader, with a strong vision of the future in IT, focussing on business needs and benefits, rather than just technology. He is a much published author and a regular speaker at IT events. Before Wick Hill, Ian qualified as an accountant, was financial controller for a Fortune 50 company, and was a partner in a management consultancy.
Using payments to streamline everyday transport
By Venceslas Cartier, Global Head of Transportation & Smart Mobility at Ingenico Enterprise Retail
Once upon a time the only way to get from A to B on public transport was with cash – and likely a pre-paid ticket bought from a physical office. Nowadays, thanks to technological developments, options range from contactless and mobile payments, to in-app tickets and more. As payment methods advance, consumers and merchants are naturally moving towards Mobility as a Service (MaaS) systems, integrating various forms of transport services into a single mobility service, accessible on demand.
This move towards MaaS does not only streamline the consumer experience, it has other positive impacts too. Incentivising public transport use reduces environmental pollution, improves mental wellbeing by reducing travel-related stress, and aids productivity by freeing up time otherwise spent driving. With this in mind, let’s take a look at the current trends affecting the transport sector, as well as how payments can optimise transportation for both operators and consumers alike.
Optimising transport with payments
The payment process is integral to any service. A payment service provider (PSP) can provide a range of key benefits to operators by proving a gateway to the transportation open payment ecosystem, and ensuring they meet objectives in 3 key areas.
- Environmentally, by reducing the use of personal cars and alleviating pollution and congestion.
- Societally, making urban mobility more inclusive in terms of improving access to all areas and for all socioeconomic classes.
- Economically, by optimising investment in eco-structure and fostering financial transactions, therefore improving the wealth of the city.
Payments professionals’ expertise and technological solutions can make payments easy again for transport operators. They can provide a range of options so that the customer can choose which one is right for them, leveraging the capabilities of the mobility services’ infrastructure (contactless, mobile wallets, P2P, closed-loop, QR code, and blockchain).
Furthermore, they can help promote inclusion and sustainable urban development. For example, methods such as prepaid virtual cards, or mobility accounts linked to a prepaid account can reduce the risks of excluding the unbanked. The environmental impact per kilometre can also be reduced, along with the use of vehicles with lower emissions per person per kilometre.
Finally, PSPs can put merchants’ minds at ease, providing payment liability, allowing aggregation of all due amounts from all mobility service providers, and collecting payments in one single transaction from users while dispatching revenue between mobility service providers.
COVID-19’s disruption to the travel industry cannot be overlooked. In fact, research suggests that public transit ridership is down 70% across the globe since the onset of the virus, longer distance travel has seen reductions of up to 90%, and payment by cash has seen a 60% drop.
Being realistic, these behavioural shifts are unlikely to revert anytime soon, so it’s important for merchants to keep this in mind when thinking about payment methods. More than 70% of consumers and travellers say they are likely to avoid the use of cash over the next six months. As a result, more than 40 countries have already raised their contactless payment threshold, further helping consumers to avoid contact with frequently touched pin pads.
However, the pandemic has only accelerated the way things were heading already and highlighted the benefits. Within the context of the pandemic, transportation needs to reinvent itself and adapt its processes to suit the shift in commuter habits that we’ve already seen and will continue to see in the future.
Other trends to keep an eye on
Contactless has been steadily growing on the transport scene, as have mobile payments and in-app purchases. In fact, the recent move to mobile and online ticketing is the most promising method so far, having seen significant growth in the last few years and having been accelerated by COVID-19 as discussed above. Once consumers move to these easy, convenient, and seamless methods, it’s rare that they revert – so it’s a good idea for operators to think how they can cater to these preferences.
Speed and convenience are a must for busy travellers – but not at the expense of data security. Finding the right payments partner is therefore crucial so operators can safeguard their customers’ personal data, while also keeping on top of other security regulations/features such as P2P encryption, PCI certification, and tokenisation.
Next steps for operators
Public transport is essential for many peoples’ everyday lives – COVID-19 or no COVID-19. As such, mobility service providers can make a great difference to their service and operations by implementing the right solutions.
Grey skies ahead – Malta prepares for a gloomy 2021 if they can’t tackle financial crime
By Dhanum Nursigadoo, ComplyAdvantage
With the summer drawing to a close, many countries who rely significantly on warm weather tourism will be assessing the impact of Covid-19. Being a small island in the middle of the Mediterranean you would expect Malta to be taking a significant economical hit – just like we are seeing in other popular European holiday destinations – but this doesn’t take into account the strength of the Maltese economy.
Emerging from the eurozone crisis with one of the most dynamic economies strategically positioned between three continents, Malta has had one of the lowest unemployment rates in the EU and has recently seen its GDP growth expand year-on-year. But perhaps the most important aspect of the Maltese economy has been its attraction for foreign businesses with only a 5% tax on profits. It is no secret that Malta is a tax haven, probably one of the most effective tax havens in the world.
But you can’t pick and choose who takes shelter, and it’s no secret that money launderers have been taking advantage of the regulatory landscape in this archipelago.
The conditions of a tax haven suit criminal enterprises, who can take advantage of the opaque environment and blend their illegal activities with the same operations enjoyed by high net worth individuals and corporations who are looking to reduce their tax bill. And last year Malta’s keenness for secrecy and avoidance resulted in a damning report by Moneyval – the Council of Europe’s Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) body – which found that while the nation had made some efforts to curb money laundering there was still much to be desired in order to bring the tax haven up to standard. Overall, they were of the opinion that Malta viewed combating money laundering as a non-priority and this resulted in branding Malta with low to partial ratings for 30 out of the 40 Financial Action Task Force (FATF) recommendations.
The findings of the report were stated to have the potential to “create within the wider public the perception that there may exist a culture of inactivity or impunity”. This follows on from a series of international high-profile stories regarding Malta and financial crime. Most shocking was the murder of journalist Daphne Caruana Galizia – who investigated corruption and money laundering in her native country – and was killed by a car-bomb three years ago leading to international outrage and condemnation.
Now Malta is in a race against time to turn their reputation around or they will suffer genuine consequences. The FATF have threatened to place Malta on a “greylist” of high-risk jurisdictions unless they have shown a genuine commitment to combatting financial crime and implemented the recommendations of the Moneyval report. If they fail, this would make Malta the first EU country to make the list and join others such as Panama, Syria and Zimbabwe.
The pandemic has actually given Malta more time to meet these obligations, and it has been widely reported that an initial summer deadline has now been moved to October due to the widespread disruption.
As we head into the autumn, there are signs that Malta has begun to take action. The Malta Financial Services Authority (MFSA) has created and established an empowered AML now headed up by Anthony Eddington, formerly of the UK’s Financial Conduct Authority and who has previous experience of tackling anti-financial crime at Deutsche Bank. This team has already begun working closely with international experts, specifically partners in the US through the US embassy in Malta and the United States Commodities Futures Trading Commission (CFTC). In May this collaboration led to 25 new cases focused on money laundering in particular, and with plans to increase standard inspections and on-site investigations into businesses in Malta, it appears there is a change to the country’s priorities.
Importantly, the report highlighted a problem for countries that choose to become tax havens. In some cases it was not that the Maltese authorities deliberately turned a blind-eye, but simply that they did not have the necessary knowledge to effectively tackle financial crime in the first place. Law enforcement appeared unable to even recognise when crime was occurring.
But this blurring of financial compliance will not help businesses if Malta does indeed become “greylisted” this year. While not as devastating as being blacklisted (the two occupants of this list are Iran and North Korea) there are significant detrimental effects to being put on the FATF greylist. Although this signals that the country is committed to developing AML/CFT plans (unlike the blacklist) it still sends out a warning signal to the world that this is a high-risk area, with the country in question subject to increased monitoring and potential sanctions from the IMF and the World Bank. Make no mistake, being put on the greylist will be catastrophic for Malta’s economy.
It remains to be seen how the work to avoid such a calamity will affect Malta’s tax haven status. Perhaps with an increased fight against financial crime there will be less ability to defend one of Europe’s most competitive tax regimes. But if Malta does not show they are genuinely committed to tackling this problem, then the pandemic disruption to the island’s tourism may be minor in comparison to the grey clouds that now approach their shores.
How will the UK prepare a supply chain for the distribution of the Covid-19 vaccines?
By Don Marshall, Marketing role at Exporta.
The challenge of mobilising a supply chain for the introduction of a global and nationwide vaccine will be enormously complex. The process will be costly, and it’s likely the figures will stretch to the hundreds of millions for both the production of the vaccine itself and its distribution across the UK. We must prepare and plan a supply chain strategy to ensure it reaches those most in need in a timely and safe manner.
The task of immunising a whole population is something that has never been planned or likely imagined by anyone within a standard supply chain. A supply chain that goes directly from the manufacturer to the end consumer, or user/ patient in this case, is complex and goes beyond the scope of any single logistics company. It would have to be conceived and delivered via a large joint effort and collaboration between multiple organisations. Effectively distributing the vaccine will depend on the source of manufacture, its storage requirements, and protection of the vaccines from manufacture through to patient administration.
The majority of vaccines require storage within a specific temperature range and need to be handled safely and in hygienic conditions. Depending on where the vaccines are manufactured, the transport legs will vary; if they are coming from overseas, air freight will increase cost and complexity. In addition to supplying the vaccine, syringes, needles and containers also need to be taken into account when preparing the supply chain.
Securing the specific types of boxes or containers i.e. the lidded containers normally used for transporting pharmaceutical products will mean acquiring them from all available stockists and manufacturers. Delivery vehicles would then need to be considered, with temperature-control factored in. The medical supply chain can inform their approach to distribution by assessing data from previous supply chains, and how large quantities of vaccines have been sent out in the past. Collating successful vaccine delivery examples from other parts of the world would be advantageous here, the more we can do to prepare for a logistical challenge of this magnitude, the better.
The distribution of this COVID vaccine will be unique in its scale and for that reason, additional supply chains will need to be mobilised. Apart from medical supply chains, those best suited for this type of transportation are the fresh/frozen food industries and supermarkets. I would mobilise these businesses to assist with the vaccine’s distribution wherever possible and use their car parks and facilities for the temporary medical centres needed to administer the vaccine to the public.
Using the food industry and supermarket networks would leave the current pharmaceutical supply chains intact for health services, pharmacies and the NHS. It would protect those vital services and continue to serve communities across the UK. Inevitably, it would place a short term strain on food supply chains, but these are supply chains that are well-equipped and versed in coping with excess demand i.e. the spike endured from the brief spell of public panic buying at the start of the crisis. With adequate resourcing and planning, I believe the UK supply chain can and will handle this challenge.
Reconnecting the retail brain: learning from the octopus
By John Malpass, Retail Consultancy Practice Lead at Teradata An octopus has nine brains: one for each tentacle and plus one at...
How robotic technology will disrupt the manufacturing industry
By Marga Hoek, author of The Trillion Dollar Shift Robotics technology has the potential to disrupt industries across all sectors...
RPA, the software robots that finance and banking professionals need to hear about.
By Rory Gray, Vice President of Sales at leading software automation firm, UiPath, explains what role Robotic Process Automation (RPA)...
The rise of nomadic work: how to turn your remote team into a creative force
By Paige Erickson, EMEA MD, Workfront During the first stage of the lockdown in the spring, almost half of Brits...
The value of digital identity in payments
By Vince Graziani, CEO, IDEX Biometrics ASA In ever more challenging times, the payments industry needs to maintain trust by...
Consumers in the COVID era can learn to embrace strong customer authentication
By Ed Whitehead, Signifyd managing director, EMEA The changes that COVID-19 has caused in rapid succession make it hard to...
How NatWest used social media to better target its communications
By DuBose Cole, Head of Strategy, VaynerMedia London For banks, it is imperative to reach their existing – and potential...
It’s time to press ‘reset’ on travel and expense processes
By Rudy Daniello, EVP of Corporations, Amadeus Travel & Expenses(T&E) is a large spend category for companies across the globe....
Covid-19 and the rise of remote payment fraud: how do we catch a digital thief?
By Evgenia Loginova, co-founder and co-CEO of Radar Payments Covid -19 is finding different ways to hurt our finances –...
Effective financial planning will secure businesses a certain future
By Simon Bittlestone, CEO of financial analytics company Metapraxis 2020 has been an unpredictable year, bringing further volatility to already...