Tag: Financial Services Page 1 of 2

Hackers Have the Financial Sector in their Sights

Hackers Have the Financial Sector in Their Sights

A number of hack-for-hire firms are using the COVID-19 pandemic to infiltrate financial services firms. Defences are not always good enough though.

Two reports this month highlight the problem of a rapidly growing hack-for-hire market which is targeting corporations, government institutions and not-for-profits around the world. It’s a yet another addition in the cyber war powered by highly professional and well-funded criminal organisations – and given the perfect environment by Coronavirus to step up their efforts.

First came a report from Google which identified numerous hack for hire firms, spoofing the World Health Organisation to target business leaders and companies in the US and UK. The report found hundreds of examples of Coronavirus-themed attacks which use WHO branding and encourage individuals to sign up for direct notifications for important announcements. The emails contain a link to an attacker-hosted website that closely mirrors the official WHO site featuring fake login pages, all prompting users to hand over their personal details.

In a blog, Google said:

“Generally, 2020 has been dominated by COVID-19. The pandemic has taken centre stage in people’s everyday lives, in the international news media, and in the world of government-backed hacking.”

Meanwhile, a second report from Citizen Labs highlighted a shadowy hack-for-hire organisation which it termed “Dark Basin” linked to an Indian tech firm, BellTroX InfoTech Services. As well as financial institutions, this group had been targeting rights groups and not-for-profits including Greenpeace, The Rockefeller Family Fund, and the Union of Concerned Scientists as well as a number of organisations involved in the ExxonKnows campaign which asserts that Exxon knowingly hid information about climate change.

Their investigation kicked off in 2017 when a journalist noticed a phishing attack and asked them to investigate. Their study linked the attempts to a network of URL shorteners operated by the group that they came to call Dark Basin. They identified nearly 28,000 additional URLs containing the email addresses of targets around the world. This helped researchers build up a map of who they were targeting and warn some of them.

The evidence linking this group to BellTrox was not hard to find. Employees of BellTrox were found uploading screenshots and taking credit for the attacks on social media. A number of individuals claiming to work for BellTrox could be found on LinkedIn listing services such as email penetration, exploitation and corporate espionage.

Hacking is also becoming an increasingly common occurrence in corporate disputes. The recent case between the Ras Al Khaimah Investment Authority and Farhad Azima included allegations in which Azima claimed RAKIA used the services of hackers to access his emails and leak documents online.

The reports shed light on a world in which hacking is a growth industry backed by well funded and highly professional companies. The underhanded nature of this world makes it extremely difficult to trace responsibility and the current situation makes all companies uniquely vulnerable.

All the sophisticated cyber security technology in the world can be rendered useless by a convincing email. In an environment of high uncertainty in which companies are relying on guidance from trusted organisations such as the WHO, phishing emails can become more effective than ever. All it takes is one click on a malicious link and the hackers are through the defences.

Financial institutions, as always, find themselves in the firing line. If they are breached, they face financial and reputational losses as well as compliance risks.

To counter the attackers, therefore, companies need to get their defences in order, ensure everyone in the organisation is aware of the latest attacks, and that robust measures have been put in place.

The hackers are coming and they have better infrastructure and resources than ever.

Building effective defences will be one of the key challenges of the COVID-19 crisis.

Why third parties present a risk - Waymark Tech blog

Why Third Parties Represent a Risk

With digital technology evolving by the day, more and more financial institutions are turning to third parties to handle an array of business functions. However, this can open up regulatory vulnerabilities which can be easy to miss – as Raphaels Bank discovered to their cost last year.

Third party risk

The FCA issued the bank with separate fines totalling £1,887,252 for failing to manage their outsourcing correctly. In 2015, one of Raphael’s card processor providers suffered a technical incident which caused the complete failure of the authorisation and processing services it provides to Raphael. This meant 5,356 transactions were not authorised at sales terminals.

The FCA investigation found that Raphaels failed to implement adequate processed to enable it to understand and assess the business continuity and disaster recovery arrangements of its provider. In particular, they had not assessed how that provider would support the continued operations of its programmes during a disruptive event.

Back in March, the FCA published new research on cyber resilience in the financial sector which included statements on third parties. Their research stressed the need for businesses to consider the risks and weaknesses of third party systems and resources when assessing their cyber resilience measures.

In January, they also released a paper explaining the implications of operational resilience for firms using third party service providers. We have more details of the FCA’s stance on the Global Regulatory Platform, but the essential message from the FCA is that every firm has the responsibility for managing its third parties. While you might be surrendering control of operations and data, the responsibility rests with you.

That means that if your third party experiences a problem which results in harm to your customers, you may be held accountable for the damage which results.

This has major implications for any company working with third parties, particularly in relation to their exposure to cybercrime. Data obtained last year from accountancy firm RSM under the Freedom of Information Act, found that a fifth of all cyber breaches occurred due to third parties.

Lessons to be learned

The lessons are clear. As a firm, you should monitor all third parties you’re working with. Each one may potentially represent a vulnerability if their processes and systems are not up to scratch.

Extensive due diligence should be conducted before entering into an agreement. You should have a full understanding of what redundancy measures are in place in the event of any disruption of system failure. You should establish how resilient the company is to cyber attacks and what measures are in place if they suffer a breach.

Failure to undertake these precautions will leave you vulnerable to fines from the regulators and in the age of GDPR, these fines can be considerable.

Coronavirus: Regulators Scramble to Prop Up Financial Sector - Waymark Tech Blog

Coronavirus: Regulators Scramble to Prop Up Financial Sector

Financial regulators are formulating plans to cushion the blow of coronavirus including assessing contingency plans, fiscal stimulus and easing the pressure on borrowers.

The arrival of coronavirus has sent tremors through the stock market. Wall Street experienced its worst day since 2008 and the ECB has warned of a collapse on a scale of the financial crisis. It is both a global health and economic crisis and regulators around the world are scrambling to mitigate its impact.

China

In China, which has had more than 80,000 cases and over 3,000 deaths, the virus is already having a major impact on the financial system and regulatory strategy. Until now, the China Banking and Insurance Regulatory Commission, would scale back its war on bad loans.

Under the leadership of Guo Shuqing, the regulator has worked hard to tackle problems caused by bad loans and excessive leverage. He has been extremely successful but that war will have to wait. The regulator has said that new bad loans created during this crisis should not be considered non-performing loans.

Italy

In the second worst hit country, Italy, the focus is also on reducing the pressure on loans. Regulators are planning to introduce a widespread moratorium on debt repayments for consumers and businesses.

The announcement which was made by Italy’s Deputy Economy Minister, Laura Castelli, comes after the entire country was placed under lock down. The Government has also promised to inject €10bn into the economy.

UK

“Keep calm and drink tea” has been the message from the Government who seem happy to “take the virus on the chin”. However, the FCA is taking more proactive action. Earlier in the month, staff worked from home as the city watchdog ran a drill to test its readiness.

The regulator is also focusing on firms’ contingency plans. In an update on its website, the FCA said it was working with the financial services sector, HM Treasury and the Bank of England to review their responses to the virus.

This will include a review of the operational readiness of firms to assess any operational risks to day-to-day operations.

Meanwhile, at his confirmatory hearing for the Bank of England position, outgoing Chief Executive of the FCA, Andrew Bailey, said Coronavirus was the “first most pressing issue we face” and that it was evolving in “unprecedented and unexpected fashions.”

The severity of the situation, he said, suggested that at some point the bank may have to “focus on providing supply chain finance to ensure the shock effects of the virus are not damaging to too many forms of activity and we will have to move quickly to do that.”

That stimulus wasn’t long in coming. Announcing his budget, the Chancellor, Rishi Sunak, announced a stimulus package totalling £30bn including £7bn for businesses and families and £5bn for the NHS. There will also be changes to sick pay regulations with statutory pay available from day one of self-isolation.

USA

Regulators in the States have called on banks to ensure customers and members who are affected by the virus get the funding they need. In a joint statement, multiple agencies including the FDIC, Consumer Financial Protection Bureau, the Conference of State Bank Supervisors, the Federal Reserve, National Credit Union Administration and Office of the Comptroller of the Currency, said they would provide regulatory assistance to financial institutions, under their supervision, in meeting their financial needs.

EU

The ECB’s Christine Lagarde has called for more coordinated action between European states on the crisis. Speaking by video to European leaders, she warned that without urgent action the virus could cause an economic collapse on the scale of 2008.

The EU is also considering using flexibilities in its state aid rules which are allowed in exceptional circumstances. Officials are drafting a list of targeted options which members could support those states hardest hit by the coronavirus.

Among the schemes which may require state aid clearance from the commission are discounted government loans, tax credits, or deferral of tax payments.

Improving Culture in Financial Services

As the FCA submits its discussion paper on transforming culture, how can regulators move business culture in the direction it wants?

Big business – especially the financial services – has a big problem: trust. As story after story appears in the press about poor culture, the sector needs to get a grip. The question is how. To answer that question the FCA has released a discussion paper entitled transforming culture. Drawing on input from experts, academics and thought-leaders from around the world, it presents the regulator’s own roadmap for the future.

Read More

The Key Conduct Challenges Confronting Financial Services Firms

Concluding our series reflecting on Megan Butler’s speech to the FT Investment Managers Summit, we examine the key conduct challenges confronting corporations.

As we were writing this, the fallout of the Carillion collapse was unfolding live on the news websites. With each day – even hour – it seems we’re treated to fresh and even more disturbing revelations. The response from the public seems to be a roll of the eyes at another corporation found to be failing in its duty.

Read More

What business activities might undermine good conduct in your firm?

In this 6th post in our series reflecting on Megan Butler’s speech to the FT Investment Managers Summit, we look at what factors might undermine good conduct in your firm.

Well placed intentions are laudable, but what happens if your day to day operations work against it?

Read More

How does your Board get an Oversight of Conduct in your Organisation?

In this 5th post in our series of blogs on the FCA’s increasing focus on corporate conduct, we look at how boards can get an oversight of conduct.

It’s a problem we often see in business. A corporation establishes a clear set of corporate guidelines but fails to follow them throughout the company. The problem – for all their good intentions the board fails to monitor compliance at the coal-face.

Read More

What support does your firm provide to help staff improve conduct?

In this 4th post in our series reflecting on Megan Butler’s speech to the FT Investment Managers Summit, we look at what support your firm provides to help staff improve conduct.

Ensuring good conduct across a corporation is essential.  Once you’ve established a strategy for good corporate conduct, how do you make sure that everyone across the organisation sticks to it?

Read More

How can you encourage all staff to take responsibility for managing conduct?

In this third post in our series reflecting on Megan Butler’s speech to the FT Investment Managers Summit, we look at how you can encourage all staff to take responsibility for managing conduct.

Risk management is suddenly flying up the corporate agenda. As regulators increase their expectations, the financial services are responding. Even so, many firms still have a gap in understanding between the executives in the boardroom and the professionals at the coal face. That’s a major problem because as Megan Butler of the FCA said back in September, the landscape is evolving fast.

Read More

What proactive steps do you take to identify conduct risks in your business?

As the second post in our series of seven blogs on the FCA’s increasing focus on corporate conduct we look at what steps a business can take to identify conduct risks.

Many years ago, Donald Rumsfeld attracted widespread derision for his speech about ‘known unknown’ and ‘unknown unknowns’. It was clumsy, perhaps, but he was onto something. In the business world there are many things we don’t know. Some we’re aware of, but others would take us completely by surprise. The same is true in the regulatory environment.

Read More

Page 1 of 2

Powered by WordPress & Theme by Anders Norén