Throughout the entire month of January, The Fintech Times will be exploring every dimension of one of the industry’s most pressing topics: cybersecurity.
The cyber industry is ripe with innovation, working to keep up and provide solutions to new threats. Businesses, in particular, need to be particularly on guard, often due to the amount of customer data they hold.
Here we spoke to several cybersecurity experts to find more about innovation in business security.
Elad Sherf, Global Head of Defence at Performanta believes compliance is key when considering business security.
He said: “Innovation in cybersecurity is always seen as a move away from regular compliance measures in favour of more stringent security practices. While security beyond compliance is important, compliance itself is still crucial.
“For business security, innovation needs to start with the training and education of staff. Awareness around cybersecurity needs to be absorbed like a culture within an organisation. Mastering this is at the very heart of innovating for business security.
“As leader, the responsibility is on you. Constantly ask how you can be creative for cybersecurity measures to work even better and invest in people and the right suppliers to lead the way. By building out a security function, your innovation lies in the robust security strategy you put in place.
“Ultimately, great detection and response to attacks is the main aim for business security. Any innovative strategy needs to have this in mind above all else.”
For the CEO & co-founder of Ondato, Liudas Kanapienis, digital transformation is still a sticking point for many businesses.
“You might reasonably think most organisations have digital transformation done and dusted by now, he said. “But it seems old habits die hard – 82% of companies are still heavily dependent on old-fashioned paper-based processes.
“That’s because real digital transformation is actually pretty complex. It involves two different things: digitalisation of business services – to serve customers remotely – and digital transformation of the business – reworking current processes with current or emerging technologies.
“Think of it like this – if something goes wrong, does your customer still need to drive to the bank and fill out forms? If that’s a yes, transformation is still a work in progress.
“Reluctance to ditch the status quo is especially common in large financial institutions, where safety is the name of the game. If a system works, even if it’s outdated, they might prefer to cling to it rather than move forwards.
“There is no point innovating just because everyone else is doing it, but how can you tell if a change is needed? Here are five questions to find out whether digital transformation should still be on your agenda:
“Are your current processes inefficient? According to the Project Management Institute, global organisations waste approximately $3 million every minute due to poor project performance.
“Are you making best use of current technologies? Everyone agrees email is faster than fax. What about other areas?
“Do you look innovative to your customers? Look beyond your immediate competitors to see if anyone has already solved the challenges you’re experiencing.
“Are you leveraging data effectively? Use it and test whether you notice improvements. If you find something that works, scale-up.
“Are you still doing things other people do better? There are plenty of service providers offering fully-fledged suites that solve particular business problems that you might have.
“As these questions show, while digital transformation is more complex than just serving customers remotely, it’s not some far distant land that we can never reach. And the rewards justify the effort. Going digital makes your day-to-day processes more effective, and increased profits and revenue growth soon follow.
“There’s been major progress, of course. Many businesses were surprised to discover just how agile they could be, faced with the choice of stopping business operations altogether during the pandemic or finding ways to work digitally and remotely.
“To be clear, serving your customer remotely doesn‘t mean that you‘ve achieved digital transformation.”
The threat of ransomware
Sebastian Nölting, CEO of RNT Rausch, said “In October for the European Cybersecurity Month, the European Agency for Cybersecurity (ENISA) published its annual report on the state of the cybersecurity threat landscape. For 2020 and 2021, ransomware was determined as being the prime threat, particularly daunting as the average ransomware fee has doubled. I don´t think I am going out on a limb by saying 2022 will see this prolific threat manifesting and accelerating even more and companies should treat this as a question of when, not if, to prepare accordingly.
“There are many ways to build defences against ransomware, such as sensitisation and training of staff on phishing, firewalls and malware protection that build shields against ransomware. However, if these fail, and many times they do, your last line of defence is immutable storage. It is my conviction that the new imperative must be that immutable storage needs to be added to the storage and server portfolio of any company that values its data – and I know of no company that can function without access to its data.
“How you secure your data is a key factor on how much of an impact a security breach has on your business and valuable assets. Immutable means unchangeable: a hacker cannot modify, encrypt, or delete your backup files, even with full access to your backup server. If your data can’t be manipulated, it can’t be encrypted by ransomware, thereby neutralising the threat and equally reducing your downtime as a company.
“As one can imagine, securing data immutably is more expensive. However, in the case of ransomware, basing your decisions on a zero-trust policy, securing your backups on tape drives in air-gapped vaults or the immutable storage options offered by the main cloud providers (or some newer options which I won’t address here) can simply eliminate having to choose between paying a ransom or staying in business.”
No need for innovation?
James Bore, the Director of Bores Consultancy, believes that “innovation isn’t really what we need in cybersecurity for business.”
He continued: “The vast majority of incidents and attacks are a result of failures to apply principles and models which we have had at our fingertips for decades, such as least privilege, minimum function, asset management, and security by design. Adding shinier and shinier technology on top does nothing to fix the broken foundation sitting beneath it all, except to keep organisations distracted from fundamental problems.”
The CEO of Hicomply, Edwin Bartlett’s thoughts line up with this somewhat, as he thinks business security is often an afterthought. He said:
“The heavily regulated financial sector controlling the bulk of our economy’s asset base led to early and much-needed technology innovations such as contactless payments and online banking. However, the impact of this technology adoption on business security was often an afterthought and, in many cases, hasn’t caught up.
“On top of this, the industry is becoming much more decentralised, so we’re in a position now where multiple challenger banks and payment gateways, such as Stripe, have opened up the market. Obviously, this is great for the industry and the consumer, but also creates many more touchpoints and more opportunities for business security issues to be exposed and exploited. This is where innovation in finance has actually created a challenge!
“There is currently a lot of innovation in banking governance, with tech such as blockchain being used to allow identity verification between two organisations. However, for business security, the next big opportunity for innovation should be internal and much more around the people, the processes and how they operate. Many organisations have yet to adopt a robust information security framework, as it’s seen as being costly and time-consuming.
“Innovation in resolving this challenge has been rapid over the last twelve months, allowing a key step to be made around how businesses posture themselves and get their full organisations to buy into and enact their security processes, rather than a singular department or person responsible for the full organisation – a largely impossible task.
“For example, financial sector and fintech firms have many digital assets that need protecting, whether that’s IP, computers, networks, or customer personal data. Consider undertaking a thorough risk assessment of the business to identify whether these assets are secure and identify vulnerabilities and areas that need to be improved. It’s an area ripe for innovation in business security, where you can better predict and understand what’s likely to happen, using AI technology to predict those possible risks.
“In line with this, AI can be used to understand what’s most likely to go wrong from a business security perspective. Doing so will allow organisations to predict and prevent security incidents using predictive risk assessment.”