Business
Why you don’t need to break the bank to achieve good security?

By Andy Miles, CEO atThinkMarble
With a seemingly endless succession of major breaches making the headlines and increased regulatory demands from the newly enforceable GDPR, cyber security has swiftly become one of the leading priorities for most organisations. Leading analyst house Gartner has predicted that worldwide spending on security will increase by eight percent this year, to reach a global value of £71.71bn by the end of 2018.
Few organisations feel the pressure of investing in security more keenly than those in the financial services sector.
Financial information is one of the most widely sought-after datasets among criminals, with the financial industry used to adhering to strict regulations long before the GPDR came into being. Consequently, the financial sector has the second highest investment in security in the UK.
With seemingly large budgets to play with, there is a trend for most of the investment in cyber security to be drawn towards whatever the newest and shiniest technology solution on the market happens to be. There are some extremely impressive solutions on the market and incredible developments being made in fields such as artificial intelligence, which appear to offer a nirvana like state of security at the push of a button. But throwing money at it isn’t going to solve the problem. In fact, it is a serious mistake to think of security as a purely technology-based issue that can be solved simply by investing in more technology.
Instead,a strong security stance requires the trinity of People, Process and Technology (PPT) to work effectively and efficiently together. A security vulnerability can appear in any element of the business and a holistic approach that covers all employees and operations is vital for a good defensive strategy.
People

Andy Miles
When you hear the word ‘vulnerability’, the natural assumption is that of a software or hardware vulnerability, a glitch in the system that is negatively impacting the performance of the affected solution. But what if it is the people within the organisation that are, in fact, increasing the risk to the business?The human element of an organisation is often seen as the weakest link by cyber criminals, and many attack tactics have been developed specifically to take advantage of employees. Phishing emails in particular have become the de facto delivery tool for most attacks, with 91 percent of successful breaches beginning with a spear phishing email, according to research from multiple sources.
A good email security awareness and training solution can help to address this threat, but it’s also imperative that employees are made aware of the risks and are trained to spot signs of phishing and other social engineering techniques aiming to deceive them. Simulating a phishing attack against your workforce can be a good way of raising awareness, and all staff should be trained in the right processes if they suspect an attack.
Aside from training around specific threats, firms should seek to foster a cyber security culture in the workplace, with individuals taking their responsibility to reduce threats seriously. This approach starts from the top, and business owners should take responsibility and dedicate at least an hour every month to cyber security. Whether this is getting in some reading or attending a seminar, it is important for decision makers to understand the latest threats and developments and be seen to be leading by example.
Process
Alongside the awareness and engagement of the workforce, the organisation also needs to ensure it has the right processes in place to ensure its security is robust. This is particularly important for financial organisations where activity is centred around large sums of money and sensitive personal and financial data. Any activity involving at-risk data or transactions should be governed by strict processes to minimise the risk of an attacker exploiting the system through social engineering or malware. Ideally, organisations should be conducting a 360° review on a weekly basis not only to identify key data and Intellectual Property (IP), but also the procedures and practices associated with keeping this information secure.
For example, implementing two-factor authentication (2FA) for processes such as authorising high-level payments or sharing sensitive data. 2FA uses a separate communication channel, such as a mobile number or even biometrics, to verify user identity, making it much more difficult for an imposter to trick their way into acquiring data or payments.
As well as the day-to-day working practices of employees, implementing good processes around key, and somewhat basic, IT functions like patching and updating software will also go a long way in preventing attacks. The majority of malware utilises old exploits that have been patched by software vendors, so ensuring systems are up-to-date will help mitigate this risk.
Ideally, an organisation should be constantly updating its systems, and should consider automating this process to reduce the manual, time intensive nature of this activity. At a minimum, all organisations, not just financial institutions, should be keeping up with the monthly ‘Patch Tuesday’ release from Microsoft, which delivers the latest essential patches.
Technology
Finally, people and processes must of course be coupled with good technology. Companies should at the very least be equipped with solutions to facilitate threat detection and vulnerability scanning and should be performing regular penetration tests on their systems.
The technology aspect goes beyond simply which solutions to purchase however, and security should be ingrained in every investment the company makes at a design level. For example, if the company is considering taking on a new cloud platform, security should be the priority. Factors such as the provider’s security policies, data storage location and use of 2FA need to be considered on equal measure with the service’s functionality.
With a security strategy that centres on PPT, financial organisations can minimise the risks to the funds and data they hold without investing ever-increasing amounts to chase the latest solution to hit the market.
Business
British Airways owner IAG boosts liquidity by 2.45 billion pounds

LONDON (Reuters) – British Airways owner IAG raised total liquidity by 2.45 billion pounds ($3.4 billion), through a loan and deferred pension contributions, and said it continued to explore other debt opportunities to improve its finances.
IAG said that in order to clinch the deferral of 450 million pounds worth of pension deficit contributions due between October 2020 and September 2021, BA agreed not to pay any dividends to parent company IAG before the end of 2023.
Like all airlines, IAG has been burning through cash after close to a 12-month period with minimal revenues. It scrapped its dividend last April, and then in October raised 2.74 billion euros from shareholders to help it survive.
Countries around the world have tightened travel restrictions over the last two months in response to new variants of the coronavirus and it is unclear when travel will restart, putting further pressure on airline finances.
“In addition to these arrangements, IAG continues to explore other debt initiatives to improve further its liquidity,” said IAG, which also owns the airlines Iberia and Vueling in Spain and Ireland’s Aer Lingus, in a statement on Monday.
BA said it reached final agreement for a new 2 billion pound loan 5-year loan, which is partially guaranteed by Britain through its UK Export Finance unit, and would draw down the facility by the end of this month.
That facility was secured in December and also includes restrictions on BA making dividend payments to IAG.
Pension trustees also agreed to BA deferring monthly contributions of 37.5 million pounds, in a deal which included putting up property assets as security, and a suspension of dividends to parent company IAG until the end of 2023.
BA is IAG’s biggest and most profitable airline and the pause in dividends from it means it could be years before IAG shareholders see payments again.
That is unlikely to be a surprise for shareholders, given new debts taken on by the airline group, and the fact that travel is not expected to reach 2019 levels until 2024.
($1 = 0.7148 pounds)
(Reporting by Sarah Young, editing by Estelle Shirbon)
Business
Canada’s GardaWorld to not raise bid for UK security firm G4S further

(Reuters) – Canada’s GardaWorld said on Monday it would not raise its offer for Britain’s G4S Plc further, appearing to leave the way clear for the higher bid lodged by rival Allied Universal to succeed after regulators ordered an auction to conclude the battle over the world’s largest security services company.
Allied has already bid 245 pence per share for G4S, whereas GardaWorld said that its earlier 235 pence offer was final and that it would not overpay. G4s stock closed at 269 pence on Friday.
G4S, which employs more than half a million people in 90 countries, did not immediately respond to a Reuters request for comment, while Allied was not available to respond outside of business hours.
“A successful integration of G4S, a 530,000-employee platform operating in 85 countries will require sizeable resources; addressing its issues will require greater investment and without satisfactory engagement from G4S we have been unable to complete our due diligence,” GardaWorld Chief Executive Officer Stephan Crétier said.
“There are better and less risky opportunities available to GardaWorld.”
Britain’s takeover regulator had stepped in to help resolve the battle for G4S by giving the North American bidders until Feb. 20 to make their final offers or go head-to-head in an auction starting Monday.
The move came after the suitors repeatedly extended their offer deadlines for G4S without making their offers final, thereby leaving room for revised bids.
(Reporting by Muvija M and Yadarisa Shabong in Bengaluru; Editing by Rashmi Aich)
Business
Rio Tinto executives say goodbye to 2020 with chunky payouts

MELBOURNE (Reuters) – Three Rio Tinto executives forced to leave the company after the destruction of sacred rock shelters at Juukan Gorge in Western Australia all closed off the year with substantial payouts, Rio’s annual report released on Monday showed.
Chief Executive Jean-Sébastien Jacques, who stepped down from his role at the end of 2020, received total remuneration of 13.3 million pounds ($18.6 million) under Australian accounting rules, up from 7.1 million pounds a year earlier.
Despite the loss of about 2.7 million pounds in awards following a board review into the blast, the sum, which includes the value of share awards that have not yet vested, was boosted by Rio Tinto’s strong share price performance.
Jacques and two other executives left Rio after the company determined their positions had become untenable after a backlash against a board review that originally imposed only financial penalties for the destruction of the sacred sites.
Rio Tinto’s remuneration committee, led by non-executive director Sam Laidlaw, granted “eligible” leaver status to the three executives, meaning they avoided stiffer financial penalties for the incident.
“In making the eligible leaver determination the Board fully recognised the gravity of the destruction at Juukan Gorge but was mindful that the three executives did not deliberately cause the events to happen, they did not do anything unlawful, nor did they engage in fraudulent or dishonest behaviour or wilfully neglect their duties,” it said in the annual report.
Rio’s iron ore head, Chris Salisbury, who stepped down in September, received total remuneration of A$6.7 million ($5.3 million) including termination benefits and unvested share awards, from A$2.9 million in 2019. Salisbury lost a A$1.1 million short-term incentive.
Head of Corporate Affairs Simone Niven forfeited 525,000 pounds in short-term incentives but received 5.1 million pounds, including 1.1 million pounds in termination benefits and unvested share awards.
Independent Rio Tinto Director Michael L’Estrange, who lead the initial board review, had a 46% increase in fees and salary. His total remuneration rose to A$227,000 from A$201,000.
Chairman Simon Thompson was paid 939,000 pounds, up from 934,000 pounds the year before.
($1 = 1.2695 Australian dollars)
($1 = 0.7136 pounds)
(Reporting by Melanie Burton; editing by Richard Pullin)