Tag Archives: Risk Management

HID Global “brings trust” to online and mobile banking in face of cyber threat

As consumers embrace the convenience of online and mobile banking at both traditional and the latest all-digital financial institutions, it has become an increasingly difficult challenge to combat cyber security threats while complying with regulatory data protection mandates. Trusted identity solutions specialist HID Global has solved those challenges for several banks as part of their digital transformation initiatives.

“Our solutions protect data and transactions while delivering a seamless experience for the consumer as well as maximum flexibility for banks,” explained Brad Jarvis, vice-president and managing director of identity and access management solutions at HID Global. “This includes the option of cloud-based authentication services that remove the complexity of providing multifactor authentication to a growing and diverse user population, while also offering the convenience and efficiency of centralised regulatory compliance audits.”

Challenging issues

As a business, HID Global is helping to address some of the most challenging of mobile banking issues. For example, a retail bank in Egypt has improved compliance and reduced fraud and operational costs thanks to an HID Trusted Transactions solution. This is pre-integrated with Temenos digital front office and core banking products.

In addition, a Swiss wealth management group is using the solution, along with the HID ActivID Authentication Server, to optimise flexibility while protecting mobile banking transactions and securing corporate data, applications and systems.

Further, two banks in Eastern Europe and the UK are using the solution for quick and easy compliance with Second Payment Services Directive (ie PSD2) regulations.

Even with financial institutions returning to (almost) normal operating hours, many believe digital banking will grow in importance as part of ensuring business continuity and supporting customers who prefer not to visit their local branch during the ongoing health crisis. According to a McKinsey & Company report, the use of digital channels has grown in Europe by up to 20% during the COVID-19 pandemic.

DigitalBanking

Adoption of digital banking

“In just a couple of months, customers’ adoption of digital banking has leapt forward by a couple of years,” suggests the document. “Our most recent customer survey showed a 10% to 20% rise in digital banking use across Europe in April. Many Italian banks are striving to enable every single one of their customers to use digital banking. Such a jump in adoption opens the door for banks to turn digital channels into real sales channels, not just convenient self-service tools.”

HID Global’s complete HID Trusted Transactions offer for end users in the banking and finance sector includes the HID Authentication platform delivered either as a server or service, plus a choice of hardware tokens or the HID Approve multi-factor authentication solution with mobile push notification capabilities and the HID Risk Management Solution – Threat and Fraud Detection.

The comprehensive offer from the business delivers risk-based adaptive authentication, threat detection and transaction signing.

*Click here for more information about HID’s advanced multi-factor authentication solutions for the banking sector

Leave a comment

Filed under Security Matters

96% of UK organisations experience at least one business-impacting cyber attack in past 12 months

Tenable Inc, the cyber exposure company, has published the results of a global industry study of business and security executives that reveals the majority of UK organisations (96% of those surveyed, in fact) have experienced a business-impacting cyber attack in the past 12 months.

The data is drawn from ‘The Rise of the Business-Aligned Security Executive’, a commissioned study of more than 800 global business and cyber security leaders, including 103 respondents from the UK. The survey was conducted by Forrester Consulting on behalf of Tenable.

As cyber criminals continue their relentless attacks, 63% of respondents in the UK have witnessed a dramatic increase in the number of business-impacting cyber episodes over the past two years. Unfortunately, these attacks had damaging effects, with organisations reporting loss of employee data (44%), financial loss or theft (36%) and customer attrition (34%). Some 65% of security leaders in the UK say these attacks also involved operational technology.

Business leaders want a clear picture of how at risk they are and how that risk is changing as they plan and execute business strategies. Only four out of every ten local security leaders say they can answer the fundamental question: “How secure, or at risk, are we?” with a high level of confidence, despite the prevalence of business-impacting cyber attacks.

CyberAttack

Global respondents

Looking at global respondents, fewer than 50% of security leaders said they are framing cyber security threats within the context of a specific business risk. For example, although 96% of respondents had developed response strategies to the COVID-19 pandemic, 75% of business and security leaders admitted their response strategies were only “somewhat” aligned.

Organisations with security and business leaders who are aligned in measuring and managing cyber security as a strategic business risk deliver demonstrable results. Compared to their siloed peers, business-aligned security leaders are:

*Eight times more likely to be highly confident in their ability to report on their organisations’ level of security or risk

*90% are very or completely confident in their ability to demonstrate that cyber security investments are positively impacting business performance compared with 55% of their siloed counterparts

85% have metrics to track cyber security RoI and impact on business performance versus just 25% of their siloed peers

Business-aligned leaders

Those organisations with business-aligned cyber security leaders are also:

*Three times more likely to ensure cyber security objectives are in lock step with business priorities

*Three times more likely to have an holistic understanding of their organisation’s entire attack surface

Three times more likely to use a combination of asset criticality and vulnerability data when prioritising remediation efforts

“In the future, there will be two kinds of CISO — those who align themselves directly with the business and everyone else,” said Renaud Deraison, CTO and co-founder at Tenable. “The only way to thrive in this era of digital acceleration is to bring cyber into every business question, decision and investment. We firmly believe this particular study shows that forward-leaning organisations view cyber security strategy as essential to innovation and that, when security and the business work hand-in-glove, the results can be transformational.”

Leave a comment

Filed under Security Matters

CHAS makes three key appointments designed to strengthen operations

Supply chain risk management expert CHAS (the Contractors Health and Safety Assessment Scheme) has appointed Alex Minett as head of products and markets and Elaine Bailey and Peter Hepworth, both of whom become non-executive directors at the trusted Health and Safety compliance advisor.

CHASLogo

Alex Minett brings in-depth knowledge of the SHEQ sector in the UK and internationally from a contracting and consulting perspective having established SHEQ strategies for multiple businesses (including blue chip companies) across diverse sectors.

He also has extensive knowledge of construction Best Practice and compliance having worked for 20 years in the construction sector, including on iconic projects such as the London 2012 Olympic and Paralympic Games and the Battersea Power Station where he advised on safety measures for the demolition and re-erection of the four iconic chimneys.

In addition, Minett was responsible for establishing the initial SHEQ strategy for Transport for Wales and supported the procurement team within the wider provision of the multi-billion pound franchise with pre-qualification of the bids.

AlexMinettCHAS (1)

Alex Minett

Further afield, Minett worked closely with the World Bank and other funders on one of the world’s largest solar farms in Benban and initiated a zero harm approach to safety at the Facebook Data Centre in Lulea. He was also responsible for embedding safe working practices for the construction and delivery of the Saudi Aramco Petroleum Polytechnic in Saudi Arabia.

Now, Minett has overall responsibility for all of the CHAS products both current and new and is closely involved in the strategic position of CHAS within the marketplace and identifying opportunities for growth.

CHAS managing director Ian McKinnon stated: “Alex is an excellent addition to the CHAS team and we’re delighted to have him on board. His insight and experience will be invaluable as we continue to expand our service offer.”

Minett himself commented: “I’m excited to be joining CHAS at a time of marked growth for the organisation. As the founder of contractor prequalification, CHAS enjoys a first class reputation and I’m looking forward to helping build on this as the business evolves and grows.”

Extensive experience

Elaine Bailey became a non-executive director at CHAS with effect from Wednesday 1 July. Bailey has worked extensively across the construction, criminal justice, Government services and housing sectors in the private, public and not for profit sectors and brings 15 years of executive Board experience to the role.

From 2014 to 2019, Bailey served as CEO of London-based Housing Association The Hyde Group where, as well as significantly improving financial and operating performance, she drove a major change programme designed to simplify, automate and improve service delivery.

Bailey also sits on the Industry Safety Steering Group chaired by Dame Judith Hackitt which is charged with scrutinising proposals and progress towards culture change within the construction industry following the tragic Grenfell Tower fire.

ElaineBaileyCHAS

Elaine Bailey

Previously, Bailey held senior positions at FTSE 250 outsourcer Serco and is a trustee of Catch 22 and the Greenslade Family Foundation, as well as a Board member of the Andium Housing Association.

Speaking about Bailey’s appointment, Ian McKinnon stated: “Elaine’s successes at The Hyde Group, along with her knowledge and experience of good governance, make her an excellent addition to the CHAS Board. We also welcome Elaine’s commitment to driving cultural change within the construction industry following the Grenfell Tower tragedy through her work as part of Dame Judith Hackitt’s Steering Group.”

Bailey responded: “I’m delighted to be joining an organisation which plays a key role in improving occupational Health and Safety performance in UK workplaces. I’m looking forward to working with CHAS to continue to raise Health and Safety standards right across the UK.”

Digital transformation

Peter Hepworth formerly oversaw a portfolio of businesses while serving as executive officer of the Professional Services division at Capita plc, where his achievements included rationalising 14 separate learning businesses into one organisation and executing the digital transformations of Constructionline and Parking Eye.

He simultaneously served as CEO of AXELOS.com, a joint venture between Capita and the Cabinet Office and the publisher of global Best Practice guidance for IT, project and risk management. In fact, Hepworth was responsible for founding the operation in 2013. He grew the business internationally, expanding the product range and launching a cyber resilience portfolio while regularly liaising at ministerial level. Hepworth also transitioned AXELOS to become a Content-as-a-Service subscription model.

Previously, Hepworth served as managing director of Activision Blizzard UK where he was responsible for transitioning the business to meet the digital future. He has also held senior positions at L’Oréal, Sara Lee and BDO Stoy Hayward. His additional board experience includes having served as a non-executive director of The Fire Service College, Fera Science and eve Sleep. Hepworth is a Chartered Accountant by background.

PeterHepworthCHAS

Peter Hepworth

“We’re very happy to welcome Peter to the CHAS Board,” enthused Ian McKinnon. “He brings a wealth of experience in digital transformation which will prove invaluable as we continue to navigate the challenges and opportunities of the digital age.”

Hepworth informed Security Matters: “I’m excited to be joining the Board of CHAS as it continues its strong growth trajectory. The company has an excellent reputation with an impressive portfolio of digital products and services that can help businesses transform their risk management processes. I’m delighted to have this opportunity to support the further success of both CHAS and its extensive customer base.”

Leave a comment

Filed under Security Matters

CHAS makes it easy to locate COVID-19 secure contractors

CHAS, the supply chain risk management expert, has added a Statement of Best Practice (COVID-19) to its member-focused packages designed to assist anyone who engages contractors in immediately identifying whether or not they are COVID-19 secure.

Organisations have had to rapidly adapt their working practices to operate safely during the Coronavirus outbreak and CHAS’ Statement of Best Practice (COVID-19) helps to verify that these adjustments have been made in line with latest Government and sector-issued guidelines.

COVID19

In order for a contractor to qualify as COVID-19 secure they must confirm (and, where appropriate, evidence) that they have taken three key actions which include:

  • Producing and putting into place COVID-19 specific risk assessments, method statements and controls 
  • Sharing the risk assessment with staff (and online for organisations with over 50 employees)
  • Displaying a notice to confirm they have complied with Government guidance

Construction-related businesses must also indicate that they are following COVID-19 Secure Site Operating Procedures as detailed by the Construction Leadership Council.

For contractors to comply, they simply need to login to the contractor portal and upload and submit evidence to show they meet the requirements. Meanwhile, CHAS clients log on to the CHAS Client Portal and they can instantly see whether a contractor has completed the Statement of Best Practice (COVID-19).

For those organisations who are not already CHAS clients, it is quick, easy and completely free to register and includes a range of business benefits, from the ability to easily source compliant contractors by trade and region from a database of over 50 0000 through to the availability of dedicated business services.

CHAS managing director Ian McKinnon informed Security Matters: “We recognise that organisations are looking for reassurance that everyone within their supply chain is operating to the required COVID-19 secure standards, but we also know that it’s extremely difficult for organisations to perform these checks independently, and particularly so while running on skeleton staff. The Statement of Best Practice (COVID-19) makes it easy for CHAS contractors to qualify for work while affording CHAS clients immediate visibility of a contractor’s COVID-19 secure status.”

Leave a comment

Filed under Security Matters

“Cyber attack fears delaying business innovation” reveals HackerOne survey

A survey conducted by HackerOne has revealed that IT projects are being stifled due to security concerns. More than 80% of UK CISOs and CTOs who were interviewed revealed software IT projects have been hindered due to concerns over inevitable security issues. 90% also agreed that software vulnerabilities pose a significant risk to their organisation.

“Organisations need to find a balance between driving innovation and keeping data safe,” said Laurie Mercer, security engineer at HackerOne. “It’s not surprising that fear around cyber security is hindering this, but by moving beyond traditional cyber security strategies, businesses can start to feel empowered. When I started writing code, new releases of software would take six months to develop and test. Today, new software is released every hour. This new pace of innovation poses a problem for security teams but, by implementing a strategy that supports continuous security, businesses can ensure they’re on alert for any vulnerabilities that software might have. The key is to ensure that security is constantly evolving.”

CISOCIOCyberAttack

Manpower and budgets are also a key concern for security professionals, with 63% believing security team resources are not able to keep up with the pace of development. Lack of budget and other resources including skill sets were also cited as key barriers to creating a well-rounded cyber security strategy by over a third of respondents.

Despite the significant number of concerns around vulnerabilities and limited resources, the survey highlighted that 62% would rather accept the risk of software vulnerabilities than invite unknown hackers to find them, while 63% say they’re only comfortable accepting bug submissions from vetted hackers.

A HackerOne customer and CISO of an international health and beauty retailer said: “I understand first-hand the nature of remaining cautious. As we all know, though, traditional cyber security methods alone are not sufficient. CISOs find themselves in a tricky position, needing to embrace innovation, but while ultimately remaining responsible for cyber security. The security landscape is ever evolving so we need to approach defensive strategies in the same way. By working with ethical hackers, it gives organisations the freedom to work on new projects, spin-up new applications and try different ways of working, while at the same time there’s peace of mind that continuous and ongoing testing is taking place. With ethical hacking, these vulnerabilities can be fixed immediately.”

The research was conducted by Opinion Matters and included input from 200 UK CISOs and CTOs. The findings revealed what CISOs believe to be the biggest risks to businesses, which areas are hindering growth and what kind of technology respondents are likely to implement in order to overcome these challenges.

Leave a comment

Filed under Risk Xtra

Institute of Risk Management pledges commitment to Armed Forces community by signing Armed Forces Covenant

Senior members of the Institute of Risk Management (IRM) recently gathered at a co-signing ceremony for the Armed Force’s Covenant at Horseguards Parade in London. The signing was between the IRM and the Greater London Reserve Force’s and Cadet’s Association (GLRFCA).

Guests included IRM Board members. There were also representatives present from the Kent Army Cadet Force including Lieutenant Colonel Simon Dean OBE, Deputy Commandant Major Richard Phillips and Regimental Sergeant Major Pete Barnes. SO1 Lieutenant Colonel David Utting (head of engagement for the British Army) was also present and gave a brief message on partnering with defence.

The signing between the IRM and GLRFCA signifies an ongoing commitment to service leavers and personnel as laid out in the pledge.

IRMAFC1

Socrates Coudounaris CFIRM (left), chairman of the IRM, and SO1 Lieutenant Colonel David Utting (head of engagement for the British Army)

Socrates Coudounaris CFIRM, chairman of the IRM, said: “It was a great privilege to be here today to co-sign the Armed Forces Covenant. It’s vitally important that the Armed Forces and businesses are mutually engaged. This signifies a wider pledge by the IRM to increase the risk management profession’s visibility to ex-military personnel. We provide accessible and relevant training and qualifications that will help ex-Armed Forces personnel in making the transition to the business world.”

IRMAFC2

Lieutenant Colonel Simon Dean OBE and Captain Vicky Robinson (country PR for the Kent Army Cadet Force and head of marketing and communications at the IRM)

Coudounaris added: “Many of the skills learned by services personnel naturally cross over into the world of risk management and we’re keen to ensure these skills are recognised and that we can help support individuals’ lifelong learning and career transition where possible.”

Drew Jeacock, head of engagement for the GLRFCA, stated: “The Government is committed to supporting the Armed Forces community by working with a range of partners who’ve signed the Armed Forces Covenant. It’s a national responsibility involving Government, businesses, local authorities, charities and the public. Demonstrating commitment to the Armed Forces family is a significant gesture and I hope that the IRM will embrace the intent and values that we hold close to our core. We value the IRM’s support.”

*The IRM supports Captain Victoria Robinson, the organisation’s head of marketing and communications, who’s also the county PR officer for the Kent Army Cadet Force, with leave for annual camp and other cadet-related activities

Leave a comment

Filed under Risk Xtra

Frontline Security Solutions wins first RoSPA Gold Award for Occupational Health and Safety

Frontline Security Solutions has received its first Gold Award from the Royal Society for the Prevention of Accidents (RoSPA), winning in its first year of entering. RoSPA Gold Award winners are recognised for achieving a high level of performance while demonstrating well-developed occupational Health and Safety management systems and culture, an outstanding control of risk and low levels of error, harm and loss.

Frontline Security Solutions is part of Chubb, which itself is a part of Carrier, a leading global provider of innovative HVAC, refrigeration, fire, security and building automation technologies.

Nichola Maher, EH&S manager at Frontline Security Solutions, told Risk Xtra: “Frontline has a robust, people-centric ethic. We’re delighted to receive our first ROSPA accolade, and particularly so as it’s a Gold Award.”

FrontlineROSPA2019

Simon Trundley, project manager for Frontline Security Solutions who collected the award, added: “By demonstrating the robust Health and Safety practices we have in place, we’re helping to ensure that all staff feel safe at work, which gives them more confidence to carry out their roles and responsibilities. It’s an honour to receive such an important award for and on behalf of Frontline Security Solutions.”

By attaining a RoSPA Award, an organisation is acknowledged for its commitment to maintaining a well-balanced approach towards Health and Safety management, as well as demonstrating superior practices in areas such as leadership and workplace contribution.

Leave a comment

Filed under Risk Xtra

Cyber security firm Foregenix scoops Queen’s Award for Enterprise

A cyber security firm has picked up the Queen’s Award for Enterprise. Foregenix, which celebrates its 10th Anniversary this month, received the award for its work in international trade and is believed to be the first cyber security consultancy with a determined focus on protecting the payment and finance industries to pick up the accolade.

Headquartered in the UK, Foregenix has generated around 60% of its revenue from international sales over the past four years, helped by new offices in Boston servicing North America, Frankfurt, Europe, Sydney, Australasia and São Paulo, Brazil and a new base in Singapore in 2019.

Foregenix offers a range of services including managed detection and response, digital forensics, compliance and risk. It’s one of the leading certification companies for payment systems on PCI point-to-point encryption and an authority on ATM ‘cash-out’ attacks.

The Queen’s Award for Enterprise follows on from recognition by The Sunday Times as one of the Top 100 SME exporters in 2017 and 2018.

ForegenixPaulHumpageAndrewHenwoodBenjaminHosack

Left to Right: Paul Humpage, Andrew Henwood and Benjamin Hosack of Foregenix

The Queen’s Awards have recognised the achievements of British businesses since 1965. Around 200 businesses receive the accolade each year.

Co-founder and CTO Andrew Bontoft commented: “It’s testimony to the brilliant work and dedication of our global team that we’ve received this prestigious award. We’re very proud of what the team has achieved and grateful for the recognition this award signifies. We would also like to thank our clients and suppliers for helping us to achieve this honour.”

CEO Andrew Henwood added: “Foregenix aims to protect businesses and organisations from criminals who attempt to endanger people’s livelihoods and futures for their own enrichment. It’s a cause that resonates with our customers. We offer them practical advice and solutions for baked-in security and real risk reduction.”

Leave a comment

Filed under Risk Xtra

Echosec launches security-focused anonymous search tool for The Dark Web

Online data aggregation and information discovery specialist Echosec has introduced Beacon, a search platform for The Dark Web purpose-designed to help discover threats and prevent future attacks.

Beacon is an intelligence tool that helps security teams and public safety professionals alike to find key information from The Dark Web safely through a regular web browser. Previously, the only way to access The Dark Web was through a TOR browser.

The Dark Web is non-indexed and non-secure, yet searching it is crucial for security and public safety organisations as it’s a veritable hotbed for nefarious activity. Beacon provides end users with a single point of entry into The Dark Web and presents critical information in a structured and consistent way.

Organisation of Dark Web data makes analysis of it more efficient and threat intelligence actionable for law enforcement, security and risk managers.

EchosecBeacon

“Beacon helps teams to quickly identify information that can prepare them for the worse case scenario,” said Michael Raypold, CTO at Echosec. “Through Beacon, end users can identify threats quickly and enable efficient issues management.”

A basic Beacon search can provide intelligence on subjects like drug trafficking, the sale of firearms and hacker data. A UK search conducted on 12 April found 14,849 instances of hacker data using the keyword “UK + hacking,” while “UK + credit card” returned 16,600 and “UK + guns” 2,650 results respectively.

More advanced search functions in Beacon have produced thousands of results for information on the sale of identities, e-mail addresses and other personally identifiable information. One excerpt from a credit card search result on a Dark Web site reads: “Hello all clients ! – I’m a hacker, good seller, best tools, sell online 24h. – I want introduce to you my services and sell fresh cvv (visa/master,amex,dis,bin,dob,fullz..) all country, Dumps track 1&2, Account paypal, SMTP, RDP, VPS, Mailers, do WU transfer and Software Bug Transfer Western Union. – I sell cvv Fresh – Fast and Good price.”

Beacon is commercially available and simple and safe to interact with for users of all backgrounds. However, due to the sensitive nature of The Dark Web, Echosec meets with potential customers to review and approve their case before providing access. Echosec also takes steps to ensure that Beacon use is compliant with the current privacy laws and data provider terms.

*More information about Beacon may be found at https://www.echosec.net/darknet/

Leave a comment

Filed under Risk Xtra

BAE Systems launches “major update” to NetReveal platform for financial institutions

The latest version of BAE Systems’ NetReveal platform combines the best of advanced analytics and human expertise to enable financial institutions to effectively combat financial crime and fraud in an environment of rapidly evolving regulatory requirements and changing financial crime patterns.

Faced with increasing transactions, evolving regulations, a growing number of payment channels, customer friction, investigation challenges and strengthening privacy regimes, financial crime and fraud investigators are under pressure to make more confident and intelligence-led decisions and do so at an unprecedented pace.

Built on modernised modular technology, NetReveal addresses these challenges by working smarter and faster and supporting an intelligence-led approach:

Smarter: Profiling and detection against transactional data that commonly takes hours to process is now processed within 30 minutes (on average)

Faster: Advanced analytics with machine learning techniques improve operational performance by driving fewer false positives. Integrated Robotic Process Automation (RPA) means that routine tasks are automated, enabling investigators to focus more on high value strategic investigative work. The Real-Time Detection Engine helps institutions to keep pace with sophisticated criminals across growing digital channels

Intelligence-Led: Entity-based investigations deliver efficiency improvements of 20-30% on average by streamlining multiple detections into a single combined alert dashboard. Interactive lists also provide actionable information to adjudicate alerts effectively

BAESystems

Culmination of major investment

Rob Harrison, head of product and solutions for the financial services sector at BAE Systems Applied Intelligence, said: “This release is the culmination of major investment and engineering development of our financial crime platform and suite of solutions. We’ve focused on providing compliance and fraud teams with the latest advanced analytics, technology advancements and productivity improvements.”

Harrison added: “The latest version of NetReveal combines the best of human expertise and advanced analytics which we believe puts financial institutions in the strongest position possible to address the major market challenges of today, namely regulatory complexity and change, evolving fraud patterns, productivity and efficiency pressures and new risk management approaches.”

Julie Conroy, research director for the Aite Group’s Retail Banking practice, commented: “The use of RPA to improve financial crime operations significantly increases accuracy, reduces operational costs and enhances productivity. Given the growing data challenge, having the ability to advance investigator efficiency by reducing repetitive manual tasks, human error and, by extension, the number of false positives ultimately frees up time to focus on more strategic tasks.”

NetReveal is a single integrated platform for money laundering compliance and fraud prevention, enabling financial institutions to benefit from lower total cost of ownership across their compliance and fraud teams thanks to a single solution.

A comprehensive range of compliance and counter-fraud solutions can be deployed either individually or collectively.

Leave a comment

Filed under Risk Xtra