Click here to close now.

SYS-CON MEDIA Authors: VictorOps Blog, Tim Hinds, Mike Kavis, Peter Silva, Glenn Rossman

Blog Feed Post

Riskskill Predicts That Government Cuts And Rapid Mobile Growth Will Drive Business Risks Throughout 2014

Business risk consultancy Riskskill (www.riskskill.com) has highlighted what it sees as the main areas of business risk in 2014. Advances in mobile and payment technology predominate globally, along with a retrenchment of government strategy in the UK. Their research suggests that key areas of risk growth in 2014 include:

1. Fraud Risks
In 2014 fraud risks are likely to be the major contender for exposing many businesses to significant risk as the closure of the government's National Fraud Authority (NFA) could, some feel, be seen by fraudsters as a huge victory for the bad guys. The NFA was set up to consolidate and focus upon the handling and approach of combatting fraud and also to direct the strategic elements of the attack on the fraudster. The NFA objectives were previously diluted from eight to three, with the more 'strategic issues' removed. Now its remaining operational functions have been atomized into several government silos.

On the commercial side, payment markets will continue to evolve very quickly this year. New payment systems and software solutions are appearing daily. Many of these do not put in place effective authentication, security, standards or best practice systems. Often, this is because these have yet to be created in a market that is changing so rapidly. New mobile payment and wallet solutions are being developed with the backing of 'big' funding and strong marketing campaigns. Only a few of these will win through though. Many will fail, either commercially or because of serious 'fraud attacks' that exploit the lack of authentication.

2. Identity Validation / Authentication
Who am I dealing with? This will become an increasingly important 'risk related' question in 2014 for businesses and consumers alike and it is very much linked into the whole 'mobile' market evolution. Anti Money Laundering legislation, whether it is in the UK or across the EU, requires that one properly identifies who we are doing business with, know what our customers do, regularly check, watch and look for unusual transactions that might be illegal, and report anything suspect.

There are though several weaknesses in this area. For example, some small operators of 'new' payment solutions think that they are excluded from these requirements. There are also some insurance company policy sellers, who are playing catch up and often who do not check identities. Then there is the public who are increasingly becoming payment providers as they buy and sell more on-line. Whereas one used to know who one was dealing with for financial transactions (as it used to be only one's banks, card companies and utilities that one dealt with) it can now potentially be almost anyone, anywhere in the world.

As a consequence, identity, identity validation and data certainty will all move up the risk hierarchy and as a result so will the level of importance placed on these areas by businesses in 2014. These risks will be amplified greatly or those organisations that do not understand the issues or address them properly.

3. Big-Data Losses
With such problems increasingly arising where our personal data is held and managed by more and more people, often across the web, a new generation of customers are very open about their data and therein are disclosing everything about their finances. They are very keen to become users of the new mobile breed of financial products, which will increasingly present greater opportunities for identity theft and data compromises. With numerous high profile data breaches losing millions of customer data records including payment details in 2013, one can see that more of these types of losses will be incurred over the coming year. Thankfully, the PCI DSS initiatives have helped to protect payments but there are too many people now handling our data. Some observers feel that there is not a comprehensive and pervasive enough solution to protect us. H M Government should be setting the strategy here, but do they have right 'body' with the appropriate level of oversight to understand the threat now that the NFA has been disbanded?

4. Protection For Multiple Channels
The proliferation of new wallets, payment instruments, mobile devices, payment applications and standards being developed means that for businesses to keep up, they need to evolve new protections, controls, and security that are consistent across multiple channels simultaneously - what one might call 'unified protection'. As ever, the security and controls side of things will often lag behind; so businesses must ensure that these developments are carried out fully and that they are free from short-cuts as these will lead to problems later.

One of the major areas of attack expected is a fresh onslaught of new viruses. With such new threats as Cryptolocker, and other such plagues landing on business of all sizes, there is a risk that this kind of attack could reach epidemic levels in 2014. Even the smallest firms must ensure that they update virus and anti-malware software regularly, maintain strong back-up regimes and avoid clicking on any suspicious links. If these dangers move closer to mobile payments, it could threaten the momentum of the mobile sector evolution especially where authentication is often far less effective than it could or should be.

5. Silo Mentality Causing Corporate Ineffectiveness in Combatting Risk
Borne out of the desire to conduct business correctly, increasingly complicated silo structures have grown up in the corporate world, with many differing and sometimes potentially conflicting interests. Often large businesses in particular, introduce several highly ineffective theoretical layers of risk management protection that often keep the business too busy and too slow to do the real work required to tackle the challenges that organisations face.

Instead, businesses should be fighting hard to define clear risk management direction, together with business goals that incorporate risk thinking and risk/loss targets. Collaboration is the key here. It facilitates speed of decision-making, clear and assertive action-taking and an understanding of the business drivers. It also enables the ability to act, invest and change the business as required which are key to controlling risks.

Says Bill Trueman CEO of Riskskill's parent company UKFraud, "The whole area of risk management is an on-going challenge to maintain and manage controls and processes in business. Losses tend only to be managed in a panic when they happen, but are generally predictable and avoidable. Equally, management should be able to move and act quickly and effectively to change the business and to react to attacks. Problems generally occur because the controls, measurements, or IT security technologies have lapsed over time. With the exception of fraud losses, things do not take us by surprise. Even with fraud, most of the losses are completely preventable and something that can be planned for.

"In 2014 it is going to become easier for things to go wrong. As we enter the year with FTSE / S&P highs and increasing employment rates, the evident green shoots of recovery will see system controls and financial prudence starting to relax. This will encourage both internal and external attacks on a business and upon individuals alike. Greedy crooks, will take these more relaxed opportunities and exploit them fully. The opening of new product and sales channels such as mobile payment will inevitably mean that there will be gaps and new risks that are opened up. The risk management challenges in addressing these will probably predominate in 2014."

About Riskskill (www.riskskill.com)
Part of the acclaimed UKFraud operation, Riskskill delivers 'total risk' strategies, direction, risk assessments for major corporations, solving problems and engineering bespoke risk reduction solutions in organisational, management, financial control and IT.

Specialists at Riskskill cause losses to reduce by €-$-£ millions each year, when they carry out assessments, analyse areas where organisations are at risk and put in corrective plans in area that include: fraud, credit risks, counterparty or partner risks, cybercrime exposures, bad debt management, and the oversight and control of other write-offs along with compliance penalties and legal-case losses. Having identified specific areas of risk, Riskskill supports businesses with change plans. Plans are backed by comprehensive executive mentoring and support, coaching, training and staff mentoring programmes, which target the engineering of ground-up (but also top-down) solutions throughout a client's organisation, people, processes, management and systems.

For Further Information please contact:

Bill Trueman
Riskskill
+44 20 8133 7575
[email protected]

Or

Leigh Richards
The Right Image
+44 844 561 7586
+44 7758 372527
[email protected]

Source: RealWire

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

Latest Stories
VictorOps is making on-call suck less with the only collaborative alert management platform on the market. With easy on-call scheduling management, a real-time incident timeline that gives you contextual relevance around your alerts and powerful reporting features that make post-mortems more effective, VictorOps helps your IT/DevOps team solve problems faster.
Skeuomorphism usually means retaining existing design cues in something new that doesn’t actually need them. However, the concept of skeuomorphism can be thought of as relating more broadly to applying existing patterns to new technologies that, in fact, cry out for new approaches. In his session at DevOps Summit, Gordon Haff, Senior Cloud Strategy Marketing and Evangelism Manager at Red Hat, will discuss why containers should be paired with new architectural practices such as microservices ra...
Roberto Medrano, Executive Vice President at SOA Software, had reached 30,000 page views on his home page - http://RobertoMedrano.SYS-CON.com/ - on the SYS-CON family of online magazines, which includes Cloud Computing Journal, Internet of Things Journal, Big Data Journal, and SOA World Magazine. He is a recognized executive in the information technology fields of SOA, internet security, governance, and compliance. He has extensive experience with both start-ups and large companies, having been ...
The industrial software market has treated data with the mentality of “collect everything now, worry about how to use it later.” We now find ourselves buried in data, with the pervasive connectivity of the (Industrial) Internet of Things only piling on more numbers. There’s too much data and not enough information. In his session at @ThingsExpo, Bob Gates, Global Marketing Director, GE’s Intelligent Platforms business, to discuss how realizing the power of IoT, software developers are now focu...
Operational Hadoop and the Lambda Architecture for Streaming Data Apache Hadoop is emerging as a distributed platform for handling large and fast incoming streams of data. Predictive maintenance, supply chain optimization, and Internet-of-Things analysis are examples where Hadoop provides the scalable storage, processing, and analytics platform to gain meaningful insights from granular data that is typically only valuable from a large-scale, aggregate view. One architecture useful for capturing...
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes ...
DevOps is about increasing efficiency, but nothing is more inefficient than building the same application twice. However, this is a routine occurrence with enterprise applications that need both a rich desktop web interface and strong mobile support. With recent technological advances from Isomorphic Software and others, it is now feasible to create a rich desktop and tuned mobile experience with a single codebase, without compromising performance or usability.
SYS-CON Events announced today Arista Networks will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Arista Networks was founded to deliver software-driven cloud networking solutions for large data center and computing environments. Arista’s award-winning 10/40/100GbE switches redefine scalability, robustness, and price-performance, with over 3,000 customers and more than three million cloud networking ports depl...
Application metrics, logs, and business KPIs are a goldmine. It’s easy to get started with the ELK stack (Elasticsearch, Logstash and Kibana) – you can see lots of people coming up with impressive dashboards, in less than a day, with no previous experience. Going from proof-of-concept to production tends to be a bit more difficult, unfortunately, and it tends to gobble up our attention, time, and money. In his session at DevOps Summit, Otis Gospodnetić, co-author of Lucene in Action and founder...
The speed of software changes in growing and large scale rapid-paced DevOps environments presents a challenge for continuous testing. Many organizations struggle to get this right. Practices that work for small scale continuous testing may not be sufficient as the requirements grow. In his session at DevOps Summit, Marc Hornbeek, Sr. Solutions Architect of DevOps continuous test solutions at Spirent Communications, will explain the best practices of continuous testing at high scale, which is r...
SYS-CON Events announced today that Open Data Centers (ODC), a carrier-neutral colocation provider, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Open Data Centers is a carrier-neutral data center operator in New Jersey and New York City offering alternative connectivity options for carriers, service providers and enterprise customers.
Thanks to Docker, it becomes very easy to leverage containers to build, ship, and run any Linux application on any kind of infrastructure. Docker is particularly helpful for microservice architectures because their successful implementation relies on a fast, efficient deployment mechanism – which is precisely one of the features of Docker. Microservice architectures are therefore becoming more popular, and are increasingly seen as an interesting option even for smaller projects, instead of bein...
Security can create serious friction for DevOps processes. We've come up with an approach to alleviate the friction and provide security value to DevOps teams. In her session at DevOps Summit, Shannon Lietz, Senior Manager of DevSecOps at Intuit, will discuss how DevSecOps got started and how it has evolved. Shannon Lietz has over two decades of experience pursuing next generation security solutions. She is currently the DevSecOps Leader for Intuit where she is responsible for setting and driv...
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @Things...
In his session at DevOps Summit, Tapabrata Pal, Director of Enterprise Architecture at Capital One, will tell a story about how Capital One has embraced Agile and DevOps Security practices across the Enterprise – driven by Enterprise Architecture; bringing in Development, Operations and Information Security organizations together. Capital Ones DevOpsSec practice is based upon three "pillars" – Shift-Left, Automate Everything, Dashboard Everything. Within about three years, from 100% waterfall, C...