|By RealWire News Distribution||
|January 22, 2014 09:16 PM EST||
Business risk consultancy Riskskill (www.riskskill.com) has highlighted what it sees as the main areas of business risk in 2014. Advances in mobile and payment technology predominate globally, along with a retrenchment of government strategy in the UK. Their research suggests that key areas of risk growth in 2014 include:
1. Fraud Risks
In 2014 fraud risks are likely to be the major contender for exposing many businesses to significant risk as the closure of the government's National Fraud Authority (NFA) could, some feel, be seen by fraudsters as a huge victory for the bad guys. The NFA was set up to consolidate and focus upon the handling and approach of combatting fraud and also to direct the strategic elements of the attack on the fraudster. The NFA objectives were previously diluted from eight to three, with the more 'strategic issues' removed. Now its remaining operational functions have been atomized into several government silos.
On the commercial side, payment markets will continue to evolve very quickly this year. New payment systems and software solutions are appearing daily. Many of these do not put in place effective authentication, security, standards or best practice systems. Often, this is because these have yet to be created in a market that is changing so rapidly. New mobile payment and wallet solutions are being developed with the backing of 'big' funding and strong marketing campaigns. Only a few of these will win through though. Many will fail, either commercially or because of serious 'fraud attacks' that exploit the lack of authentication.
2. Identity Validation / Authentication
Who am I dealing with? This will become an increasingly important 'risk related' question in 2014 for businesses and consumers alike and it is very much linked into the whole 'mobile' market evolution. Anti Money Laundering legislation, whether it is in the UK or across the EU, requires that one properly identifies who we are doing business with, know what our customers do, regularly check, watch and look for unusual transactions that might be illegal, and report anything suspect.
There are though several weaknesses in this area. For example, some small operators of 'new' payment solutions think that they are excluded from these requirements. There are also some insurance company policy sellers, who are playing catch up and often who do not check identities. Then there is the public who are increasingly becoming payment providers as they buy and sell more on-line. Whereas one used to know who one was dealing with for financial transactions (as it used to be only one's banks, card companies and utilities that one dealt with) it can now potentially be almost anyone, anywhere in the world.
As a consequence, identity, identity validation and data certainty will all move up the risk hierarchy and as a result so will the level of importance placed on these areas by businesses in 2014. These risks will be amplified greatly or those organisations that do not understand the issues or address them properly.
3. Big-Data Losses
With such problems increasingly arising where our personal data is held and managed by more and more people, often across the web, a new generation of customers are very open about their data and therein are disclosing everything about their finances. They are very keen to become users of the new mobile breed of financial products, which will increasingly present greater opportunities for identity theft and data compromises. With numerous high profile data breaches losing millions of customer data records including payment details in 2013, one can see that more of these types of losses will be incurred over the coming year. Thankfully, the PCI DSS initiatives have helped to protect payments but there are too many people now handling our data. Some observers feel that there is not a comprehensive and pervasive enough solution to protect us. H M Government should be setting the strategy here, but do they have right 'body' with the appropriate level of oversight to understand the threat now that the NFA has been disbanded?
4. Protection For Multiple Channels
The proliferation of new wallets, payment instruments, mobile devices, payment applications and standards being developed means that for businesses to keep up, they need to evolve new protections, controls, and security that are consistent across multiple channels simultaneously - what one might call 'unified protection'. As ever, the security and controls side of things will often lag behind; so businesses must ensure that these developments are carried out fully and that they are free from short-cuts as these will lead to problems later.
One of the major areas of attack expected is a fresh onslaught of new viruses. With such new threats as Cryptolocker, and other such plagues landing on business of all sizes, there is a risk that this kind of attack could reach epidemic levels in 2014. Even the smallest firms must ensure that they update virus and anti-malware software regularly, maintain strong back-up regimes and avoid clicking on any suspicious links. If these dangers move closer to mobile payments, it could threaten the momentum of the mobile sector evolution especially where authentication is often far less effective than it could or should be.
5. Silo Mentality Causing Corporate Ineffectiveness in Combatting Risk
Borne out of the desire to conduct business correctly, increasingly complicated silo structures have grown up in the corporate world, with many differing and sometimes potentially conflicting interests. Often large businesses in particular, introduce several highly ineffective theoretical layers of risk management protection that often keep the business too busy and too slow to do the real work required to tackle the challenges that organisations face.
Instead, businesses should be fighting hard to define clear risk management direction, together with business goals that incorporate risk thinking and risk/loss targets. Collaboration is the key here. It facilitates speed of decision-making, clear and assertive action-taking and an understanding of the business drivers. It also enables the ability to act, invest and change the business as required which are key to controlling risks.
Says Bill Trueman CEO of Riskskill's parent company UKFraud, "The whole area of risk management is an on-going challenge to maintain and manage controls and processes in business. Losses tend only to be managed in a panic when they happen, but are generally predictable and avoidable. Equally, management should be able to move and act quickly and effectively to change the business and to react to attacks. Problems generally occur because the controls, measurements, or IT security technologies have lapsed over time. With the exception of fraud losses, things do not take us by surprise. Even with fraud, most of the losses are completely preventable and something that can be planned for.
"In 2014 it is going to become easier for things to go wrong. As we enter the year with FTSE / S&P highs and increasing employment rates, the evident green shoots of recovery will see system controls and financial prudence starting to relax. This will encourage both internal and external attacks on a business and upon individuals alike. Greedy crooks, will take these more relaxed opportunities and exploit them fully. The opening of new product and sales channels such as mobile payment will inevitably mean that there will be gaps and new risks that are opened up. The risk management challenges in addressing these will probably predominate in 2014."
About Riskskill (www.riskskill.com)
Part of the acclaimed UKFraud operation, Riskskill delivers 'total risk' strategies, direction, risk assessments for major corporations, solving problems and engineering bespoke risk reduction solutions in organisational, management, financial control and IT.
Specialists at Riskskill cause losses to reduce by €-$-£ millions each year, when they carry out assessments, analyse areas where organisations are at risk and put in corrective plans in area that include: fraud, credit risks, counterparty or partner risks, cybercrime exposures, bad debt management, and the oversight and control of other write-offs along with compliance penalties and legal-case losses. Having identified specific areas of risk, Riskskill supports businesses with change plans. Plans are backed by comprehensive executive mentoring and support, coaching, training and staff mentoring programmes, which target the engineering of ground-up (but also top-down) solutions throughout a client's organisation, people, processes, management and systems.
For Further Information please contact:
+44 20 8133 7575
The Right Image
+44 844 561 7586
+44 7758 372527
An entirely new security model is needed for the Internet of Things, or is it? Can we save some old and tested controls for this new and different environment? In his session at @ThingsExpo, New York's at the Javits Center, Davi Ottenheimer, EMC Senior Director of Trust, reviewed hands-on lessons with IoT devices and reveal a new risk balance you might not expect. Davi Ottenheimer, EMC Senior Director of Trust, has more than nineteen years' experience managing global security operations and asse...
Dec. 25, 2014 03:00 AM EST Reads: 2,215
DevOps is all about agility. However, you don't want to be on a high-speed bus to nowhere. The right DevOps approach controls velocity with a tight feedback loop that not only consists of operational data but also incorporates business context. With a business context in the decision making, the right business priorities are incorporated, which results in a higher value creation. In his session at DevOps Summit, Todd Rader, Solutions Architect at AppDynamics, discussed key monitoring techniques...
Dec. 25, 2014 03:00 AM EST Reads: 1,726
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at @ThingsExpo, Robin Raymond, Chief Architect...
Dec. 25, 2014 02:30 AM EST Reads: 2,083
What do a firewall and a fortress have in common? They are no longer strong enough to protect the valuables housed inside. Like the walls of an old fortress, the cracks in the firewall are allowing the bad guys to slip in - unannounced and unnoticed. By the time these thieves get in, the damage is already done and the network is already compromised. Intellectual property is easily slipped out the back door leaving no trace of forced entry. If we want to reign in on these cybercriminals, it's hig...
Dec. 25, 2014 02:00 AM EST Reads: 1,626
The definition of IoT is not new, in fact it’s been around for over a decade. What has changed is the public's awareness that the technology we use on a daily basis has caught up on the vision of an always on, always connected world. If you look into the details of what comprises the IoT, you’ll see that it includes everything from cloud computing, Big Data analytics, “Things,” Web communication, applications, network, storage, etc. It is essentially including everything connected online from ha...
Dec. 25, 2014 02:00 AM EST Reads: 2,135
The 3rd International @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to th...
Dec. 25, 2014 02:00 AM EST Reads: 2,605
We are reaching the end of the beginning with WebRTC, and real systems using this technology have begun to appear. One challenge that faces every WebRTC deployment (in some form or another) is identity management. For example, if you have an existing service – possibly built on a variety of different PaaS/SaaS offerings – and you want to add real-time communications you are faced with a challenge relating to user management, authentication, authorization, and validation. Service providers will w...
Dec. 25, 2014 01:00 AM EST Reads: 1,799
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Dec. 25, 2014 01:00 AM EST Reads: 2,034
SYS-CON Media announced that Centrify, a provider of unified identity management across cloud, mobile and data center environments that delivers single sign-on (SSO) for users and a simplified identity infrastructure for IT, has launched an ad campaign on Cloud Computing Journal. The ads focus on security: how an organization can successfully control privilege for all of the organization’s identities to mitigate identity-related risk without slowing down the business, and how Centrify provides ...
Dec. 25, 2014 01:00 AM EST Reads: 1,653
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, discussed how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money!
Dec. 25, 2014 01:00 AM EST Reads: 1,929
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series dat...
Dec. 25, 2014 12:00 AM EST Reads: 2,088
In her General Session at 15th Cloud Expo, Anne Plese, Senior Consultant, Cloud Product Marketing, at Verizon Enterprise, focused on finding the right mix of renting vs. buying Oracle capacity to scale to meet business demands, and offer validated Oracle database TCO models for Oracle development and testing environments. Anne Plese is a marketing and technology enthusiast/realist with over 19+ years in high tech. At Verizon Enterprise, she focuses on driving growth for the Verizon Cloud platfo...
Dec. 25, 2014 12:00 AM EST Reads: 2,347
Lori MacVittie is responsible for education and evangelism of application services available across F5's entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senio...
Dec. 24, 2014 09:00 PM EST Reads: 1,226
15th Cloud Expo, which took place Nov. 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA, expanded the conference content of @ThingsExpo, Big Data Expo, and DevOps Summit to include two developer events. IBM held a Bluemix Developer Playground on November 5 and ElasticBox held a Hackathon on November 6. Both events took place on the expo floor. The Bluemix Developer Playground, for developers of all levels, highlighted the ease of use of Bluemix, its services and functionalit...
Dec. 24, 2014 06:30 PM EST Reads: 1,922
SYS-CON Media announced today that Skytap blog on "DevOps Journal" exceeded 84,000 story reads. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. DevOps Journal brings valuable information to DevOps professionals who are transforming the way enterprise IT is done. Noel Wurst is the managing content editor at Skytap. Skytap provides SaaS-based dev/test environments to the enterprise. Skytap solution removes the inefficiencies and constraints that comp...
Dec. 24, 2014 05:00 PM EST Reads: 1,321