Day: July 31, 2022

Punit Thakkar, CEO & MD, Shivaami Cloud Solution According to corporate policy and regulatory requirements, 57% of organisations find it difficult to properly protect data in multi-cloud environments. As different environments have different built-in security controls and tools, it’s difficult to achieve consistent protection. With vulnerabilities present and threats waiting to pounce, cloud security challenges are everywhere. According to a report published this year, 27% of companies have had a security incident in their public cloud infrastructure. Cloud providers are under a lot of pressure to add new services and increase uptime as they are notable to understand whether the investment made in security to protect their customers’ assets is at a proper level. Tech-based approach is no longer enough There are several moving parts that facilitate today’s cloud security challenges, but one stands out in particular – human error. It isn’t due to a lack of standards, policies, or procedures, nor is it due to a lack of technical controls. The expected oversights, unsurprising incidents and predictable breaches will continue to occur in Cloud infrastructure. Network hosts, web applications and web service endpoints can all be attacked by virtually anyone on the internet, even in commoditized cloud environments that are assumed to be secure. The enterprises may not be aware of it, particularly if cloud vendors lack the visibility and control required for detection and response. How to overcome and minimize damages resulting by human error? Customers must better employ behavioural analytics with a focus on human trends, patterns, activities and habits to ensure cloud security for the enterprise as online information access behaviour is changing at light speed. User Behaviour Analytics (UBA) solutions analyse patterns of human behaviour and use algorithms and statistical analysis to identify meaningful anomalies that may indicate potential threats. It’s preferable to be proactive rather than reactive in this situation by users testing the cloud environments if allowed to. It is good to atleast request for a copy of the vendors’ most recent security audit and security assessment reports. Behavioural analytics can be used by businesses to create and lay out a standard baseline of expected standard data usage activity. Only then it is possible to set the trap for abnormalities that could indicate malicious intent or a mistake and take up the necessary steps as needed. It’s always a good idea to verify by asking tough questions about the flaws. Only by using such a defensible approach it is possible to successfully address the cloud security challenges that might occur in the future. Cyber security will increasingly require a blended approach of technological safeguards and a focus on the human touch, as it continues to be an extremely complex and multi-layered problem caused by humans. Each of these vulnerabilities has one thing in common i.e. observable and correctable human behaviour. As a result, the cloud security landscape must now become more behavioural-based.  

Nirav Shah, VP and CTO, Forcepoint India Innovation Center Over the last two years, work has transitioned rapidly to remote and hybrid modes. Hackers embraced this move and profited from flaws and vulnerabilities in organisations’ security architecture. In 2021, corporate networks saw a 50% increase in cyber-attacks per week compared to the previous year, for example. Cybercriminals targeting business-critical and sensitive data such as personally identifiable information (PII), intellectual property (IP), and financial data, are keenly aware of how today’s cloud environments can be ideal targets. The way modern organisations operate means that legacy security approaches aren’t good enough. The boundary between an organisation’s network and the outside world is no longer as clearly defined. Data is constantly being shared, stored and accessed from all kinds of locations. With so much happening in cloudbased environments, the way organisations manage their cybersecurity and network security needs to evolve. Zero Trust is one approach that helps them face up to this new reality. Understanding Zero Trust Security Zero Trust is a network security concept based on the idea of ‘never trust, always verify’. No one individual or device in an organisation’s network should be allowed access to documents or data until they have been verified. No one is above this robust authentication and authorisation process, and any device and person must satisfy this whenever they seek access to part of a network or specific files. Part of a Zero Trust philosophy can include UEBA (user and entity behaviour analytics). By continuously monitoring network activity, and how users are interacting with data, a baseline of ‘normal’ activity is established. If there is a sudden change in that behaviour from normal patterns it can be flagged for someone to more closely monitor and increase security provisions as needed. For instance, let us take a scenario where an employee who usually signs in from Mumbai, India, is suddenly attempting to access company data from Istanbul, Turkey. UEBA would identify this abnormality in the employee’s behaviour and flag it. The employee may be served with an authentication challenge to verify their identity, even if their username and password were submitted successfully. Zero Trust takes security a step further from traditional perimeter-based security as it is location-agnostic. Even if attackers gain access to a company’s network, it doesn’t automatically mean all data and applications are up for grabs, because further authentication is required. Many firms allow far too many processes to operate openly on the network, making them easy targets for hackers hunting for enterprise networks with the bare minimum of security. Since the network is accessible for everyone inside the company, anyone can share information, which is concerning. Risks don’t just come from external actors, but insider threats too, as difficult as that may be for an organisation to face up to. A Zero Trust network is flexible enough to accommodate for these realities. How can organisations benefit from Zero Trust The best solution in a world where cybersecurity teams are struggling to keep up with the disparate tools and vendors they are juggling every day is one unified cloud service. This simplifies security, and allows distributed organisations to adapt to a hybrid workforce without putting business resources at risk. Building a zero trust philosophy into the way the corporate network and access management is designed is ideal for this. One of the benefits of this approach is that it reduces the attack surface. With Zero Trust, users connect directly to the apps and resources they need, as opposed to entire networks. A direct connection between users and apps is established, which eliminates the possibility of lateral movement to other services and data. Even if a single device gets infected, it happens in isolation – they aren’t connecting to a VPN which grants them the keys to everything, including other devices. Another important aspect of Zero Trust is that it integrates consistently into the experience users have. If a security tool is too intrusive and disruptive, employees will seek workarounds, which ultimately can open up security blind spots and flaws that cybercriminals can exploit. By operating at a network level, across all documents and data an employee might access, security teams can ensure authentication remains rigorous, without creating risks like shadow IT that come about when ‘official’ means of getting work done is seen as too challenging and convoluted. In a world where hybrid working is the norm, a simplified solution to cybersecurity is the only way business leaders can secure their users and data across all kinds of locations and services. By moving everything to one central platform, teams can ensure one set of policies is applied consistently from one cloud platform. As a business grows, this protection can also be scaled alongside it. Zero Trust is a critical element of the straightforward fix that organisations desperately need to manage their cybersecurity.  

Vishal Singhal, Co-Founder, CellStrat Digital Payments are estimated to grow at a rapid pace to account for more than 70% share of all payments by 2025. The continued innovation and increased performance in digital technology, consumer demand for onetouch payments, policy push towards financial inclusion, desire to marginalize cash, and an exponential rise in digital applications and services are the mega-trends that are driving the Digital Payments revolution. This increase in digital transaction has led to the growth in breach of data in 2021 by 10% YoY, with the average amount of financial damages caused to a record $4.24 million. Fraudsters who obtain this information can carry out various kinds of frauds, ranging from locking the users out of their online accounts to full-blown identity theft. AI is by far the most effective preventive measure against financial fraud, as it can review through huge amounts of data to identify the risk patterns. Suspicious activities and individuals can then be separated for further review to distinguish between actual fraud and false positives. Artificial intelligence is being actively used to reduce the latest financial crime in bonuses from new deposit accounts or credit cards, as well as monthly subscription purchases made online. The Fintech industry is one of the first to embrace data science. It makes extensive use of algorithms to create services that are both faster and more precise than those provided by traditional banking institutions. The payment industry is increasingly being driven by information and data, as technology is the backbone of the Fintech sector, allowing financial institutions to quickly respond to changing customer preferences and emerging trends to drive future growth. The ecosystem, which includes loan issuers, credit card companies, retailers, and insurers, has recognised that big data processing techniques will not only simplify complex tasks like risk management and financial inclusion, but will also enable Fintech players to better serve potential customers. Benefits Fintech industry can reap by using AI: Stronger Security: AI in cyber security comes in the form of chat-bots that convert FAQs into simulated conversations. They have the ability to reset forgotten passwords and grant additional access as required. Artificial intelligence can analyse large amounts of data and improve successively over time using machine learning. Artificial intelligence is being used to identify fraudulent activity, suspicious transactions, and provide a boost to processing sensitive financial documentation, reducing security risk, by being able to discern patterns and suspicious behaviours. Enhancing operations through automation: AI has the ability to generate financial reports much faster and with a lower risk. It has the technological capabilities to provide employees with tracking and automating processes, data entry, fraud and security. It has the ability to watch, learn and verify events for anomalies. Improved customer service: Artificial intelligence has improved customer service, which is one of the most prominent area of fintech. Transactional calls and traditional helplines will become less important as deep learning algorithms and AI’s ability to understand hu man language and formulate convincing responses improve. AI can understand and follow workflows with minimal risk of error or duplicated processes, resulting in significant reductions in manual management. Analytics and insights: AI provides Fintech companies with game-changing insights, which are reliant on collecting and processing client data. Artificial intelligence (AI) solutions are extremely useful for fraud detection and claims management, as the AI tools are used to track behaviour patterns and detect fraud by identifying warning signs. AI systems can adapt and incorporate undiscovered cases into their detection capacities over time with their self-learning abilities. Virtual assistants and chatbots: Fintech firms provide appropriate data and advice for each transaction. Personalization is becoming increasingly important in the fintech sector as the cost of labour in offshore outsourcing and robotics have increased. Chatbots and assistants powered by AI can reduce costs, as text-based personal assistants provide expertise and human-like interaction without having to increase the manpower. Automatic Damage assessments and claims management: Fintech firms provide damage assessment for assets like cars, mobile devices, goggles, shoes, cycles and many other kinds of assets in case of accidents or mishandling. However, it requires lot of manpower and at times logistics costs as well which becomes a huge cost for the customers and companies both. However, computer vision based Artificial Intelligence solutions mitigate the need of manpower involvement and decreases logistics costs to a great level thus benefitting the brands positively on the bottom line while taking the customer service experience too to next levels. As technology continues to rapidly advance, artificial intelligence might be the future of the Fintech industry. The ability to conduct financial transactions without the use of a traditional banking intermediary, technology is no longer centralised to monolithic databases and transaction engines. It is all about giving customers and employees the freedom to work smarter, make better decisions, and focus on what matters most. It is the best time to embrace the potential of AI as the driving force for the growth and development of the Fintech businesses.