New Articles

How to Make Important Adjustments to Your Payment Strategy

payment

How to Make Important Adjustments to Your Payment Strategy

The first couple of weeks of sheltering in place regulations saw finance and accounts payable organizations scrambling to set up remote operations and get payments out the door. Most were able to accomplish these goals quite well. Now we’ve moved into the next step–establishing efficient workflows and productive practices. It’s still challenging, however. Companies have to find ways to keep people safe while executing paper-based processes that keep their teams office-bound. For example, many companies still have to go into the office to pick up mail, circulate invoices for approval, and prepare checks for mailing.

They also must consider the best way to move forward and develop strategies for managing their teams through economic uncertainty. The Conference Board, a non-partisan economic think tank, recently sketched out three possible scenarios. Their best-case scenario predicts a 3.6% decline in US GDP for 2020, while the worst case would see a 7.4% decline. In other words, nobody knows what the next six to 12 months are going to look like.

That means AP needs to focus on conserving cash while keeping operations moving. They can expect more calls from suppliers since Accounts Receivable teams typically ramp up their efforts in tough times. They need to prioritize payments and capture early pay discounts. Procurement is going to reach out to try and renegotiate prices or terms. Treasury is going to be very interested in the timing of payments and managing working capital. It’s on the AP team’s shoulders to make sure they’re engaging with these teams and coordinating efforts.

At the same time, they’ve got to consider the efficiency and the productivity of their own team as we continue to work remotely. Among other things, that means coming up with a strategy for shifting to electronic payments at scale.

Many organizations have had this goal for a long time, but, depending on the research you look at, around 40 percent of business payments still issue by check. This number is down from a decade ago, but still problematic in a remote work environment. So why don’t businesses pay more of their suppliers electronically? Well, as everyone who rushed to shift suppliers to ACH payments when shelter at home orders took effect has learned, you can’t just flip a switch and move all your suppliers.

It’s easy enough to find a bank to handle ACH transactions for you. It also sounds a lot cheaper upfront than checks—if you only look at transaction processing costs, which are usually well below $1.

But with ACH, you have to enable your suppliers one by one, and then store and update their data securely. That becomes a fixed cost because there’s a constant churn of suppliers and their bank data–changes usually around once every four years per supplier. You should also expect to manage exceptions that arise with ACH file submissions and more nuanced supplier questions.

Thinking ACH is cheap or straightforward is one of the biggest misconceptions holding companies back from paying electronically. That’s not to say you shouldn’t make ACH payments. That said, they should be part of a holistic strategy that addresses the entire payments workflow, encompassing all forms of payment, including international wire payments.

What does that look like?

Card first

If you’re going to reach out to suppliers to enable them for electronic payments, you should first ask them to accept payment by credit card.

Virtual cards–sometimes known as single-use ghost accounts or SUGAs–are not as well-known as they should be in finance and accounting circles. Still, they can be an incredibly valuable part of your payment strategy. Unlike P-cards or company-issued credit cards, virtual cards exist to pay suppliers easily. Each card has a unique number that can only be used by the assigned recipient in the designated amount. That provides AP with substantial control and makes it one of the most secure, fraud-proof payment methods. You also should expect to receive rebates to offset some of your AP costs.

The main challenges are enablement and outreach, which don’t require significant effort on the part of AP teams since virtual card payment and remittance are relatively straightforward for suppliers. All that’s left is to structure your rebate program to support your team’s efforts and then some.

ACH for most

If a supplier declines to accept card, which often happens due to the interchange fee, your second request should be to enable them for ACH. Most vendors will say yes to this; in fact, they’d prefer it to check. Just be sure you have a realistic appreciation of the true ACH payment operating costs, including enablement and data management, as well as fraud support.

Check for holdouts

While the number is dwindling, there are some suppliers with a ride-or-die mentality who won’t accept anything but checks. For these suppliers, an outsourced payment provider can do a print check from an electronic file, so your team doesn’t have to handle all the paper.

Your payment strategy should include automating the payment workflow. Fintech ePayment providers wrap these disparate workflows into one interface so that all AP has to do is click “pay.” Then their payments will issue to their suppliers in the method they elected to receive. Because these platforms are in the cloud, payments can be approved and scheduled remotely, with visibility for multiple team members.

Heightened fraud protection

Your payment strategy should also include fraud protection. The pandemic, the move to remote work, and challenging economic conditions have created a perfect storm for a rise in all types of crime, including payment fraud. It’s essential to have strong internal controls, especially now that sensitive information is residing in your teams’ homes and on their personal networks. Preventing theft is a key component of cash management.

It used to be that organizations mainly worried about check fraud, and that’s still a problem, but it’s reduced quite a bit thanks to controls such as Positive Pay, Positive Payee, and watermarks on checks. So far, there aren’t similar controls for ACH. As businesses have gravitated towards ACH solutions, such payments have become more of a target for fraudsters. That’s a problem because the funds move faster, making it much harder to recover a fraudulent ACH.

Business Email Compromise (BEC) schemes are the most common type of attack. These involve fraudsters masquerading as suppliers, company executives, or other high-ranking personnel, requesting that funds route to a new, fraudulent bank account. We’re already seeing that the pandemic has provided BEC scammers with new material to convince an overwhelmed AP to comply with these requests.

To protect your team, you need a partner who can support your enablement and fraud protection goals, so your team can stay focused on cash management.

Finance and AP have long intended to go electronic, but the transition has been slow. It’s not just the flip of a switch or the sudden addition of a new payment type. Very few businesses realize how strategic the shift is until after they’ve committed to an update. Many companies that don’t plan accordingly have had to revert to check payments when they realized the actual cost and effort it takes to switch suppliers over. Rather than trying to attack a single pain point, you have to address the whole process from top to bottom.

Now we are going to see an acceleration of this shift with the remote workforce and challenging economic conditions. There is a new imperative, and there is also new technology. Interestingly enough, a lot of the fintechs providing B2B payments technology got their start during the great recession, when the financial system collapsed, and cloud technology was being born. These are now mature companies, ready to “cross the chasm” and transition their partners to 100 percent electronic payments.

________________________________________________________________

Derek Halpern is the SVP of Sales for Nvoicepay. He has over 20 years of technology sales and leadership experience, including 16 years in the fintech and payments space. Derek’s previous positions include VP of Sales at Billtrust, an AR automation technology company, and Sales Director at TranZero, a payments company. Previously, Derek co-founded a company called ProService Software, which was sold to Solomon Software. Derek became the Western Region Sales Manager for Solomon following the acquisition. Derek earned a BS in Business Management from Pepperdine University.

Josh Cyphers is the Vice President of Product & Strategy for Nvoicepay. For the past 20 years, Josh has managed successful growth for a variety of companies, from start-ups to Fortune 100 companies. Prior to Nvoicepay, Josh was a Senior Manager and Consultant at Microsoft, Vice President of Finance at Visa, and Business Planning and Analysis Manager at Nike. Josh is a lapsed CPA, and has a BS in Economics from Eastern Oregon University.

data security

Why the Keys to Maintaining Data Security in a Remote Environment are Control and Visibility

Remote workforces are nothing new to most organizations. According to Buffer’s 2019 State of Remote Work report, 44% of respondents noted that at least part of their team was “full-time remote,” and 31% said that everyone on the team works remotely. Further, at the time of the report, 30% of respondents said that their entire company worked remotely. However, the COVID-19 pandemic accelerated the work-from-home model. By March 31, 2020, the percent of users working remotely had increased 15 percentage points since the start of the COVID-19 outbreak. With that in mind, organizations are assessing how they can maintain granular levels of control and visibility when business data is being accessed remotely.

Adopting Contextual Controls to Protect Data

Most organizations already leverage role-based access controls. These controls, which align data access privileges and job function resources, provide a baseline for data governance. However, they often lead to excessive levels of data access and, in turn, produce additional risks. Contextual controls enable an organization to dynamically control access to data during varying contexts of access, often aligning to least privilege best practices. Migrations to cloud applications are largely due to contextual controls being a business requirement, simply because the interconnected applications required a more dynamic approach.

With the move to a remote workforce, organizations need to create more detailed and more dynamic access controls. With attribute-based access controls (ABAC), a company can incorporate additional context such as geolocation, time of day, and IP address to both ensure the appropriate user is accessing the resources and prevent users from having more access than they need. For example, if the organization knows that an employee should be working from Connecticut, ABAC can prevent access to resources if the user’s location is suddenly California – or a foreign country.

Contextual controls provide both the prevention of access policy violations, along with alignment between business requirements and security protocols. Because the organization can limit access according to the principle of least privilege, it reduces the risk of data leakage and financial fraud. Meanwhile, by creating more granular, data-centric access privileges, an organization can ensure that users do not get too much or not enough access – limiting the potential negative effects of restricting access excessively.

User Activity Monitoring for Security and Managing Productivity

Monitoring user access to resources and tracking how users interact with data provides an additional benefit for many organizations as their workforces move towards a remote model. Most organizations recognize the benefit of monitoring user access – but not just instances of logging in and logging out of applications. Understanding data access and usage is now a key requirement when maintaining visibility over business data. Organizations are turning to analytics platforms that both include granular access details, along with a visualization element (for example, SIEM). Data is only as useful as the insights it provides, and rapid aggregation and visualization of user access data is a crucial requirement for data security.

Using “Virtual” Work Hours

Looking at a common security use case, many organizations leverage “virtual” work hours to detect anomalies. For example, an employee usually works between the hours of 8 AM and 6 PM but monitoring and alerting to activity around sensitive data at 3 AM, for instance, can be indicative of unauthorized behavior. This uncharacteristic behavior may be an anomaly, but the organization needs to monitor the user activity more closely. If the user denies accessing the information at 3 AM, then the organization needs to focus its monitoring and have the employee change their password. If the organization detects additional unusual activity, then it may need to review the employee’s activities or investigate a potential data breach.

Monitoring User Productivity

From a workforce management perspective, organizations can leverage these insights to review employee productivity. Two use cases present themselves. First, many organizations have contracts that stipulate late payments incur a late fee. If the organization knows that employees should be processing payments ten days prior to the payment date, then they can leverage these reports to ensure that employees meet their timelines, even from a remote location. Additionally, by tracking resource usage data, organizations can monitor whether workforce members are appropriately prioritizing their workdays. If the employees are only accessing a business application at the end of the month, then they are likely waiting until the last minute to input payment information. Preventing these potential revenue losses or rush projects in other areas by speaking with the employee enables the organization to stay on top of its financials.

Enabling Visibility for Business Applications Has Never Been More Critical

Creating trust within and across distributed workforces ensures productivity. However, continued status update meetings across multiple time zones decrease workforce member efficiency. Organizations already monitor user access to their systems, networks, and applications. As part of a robust security posture, organizations should apply protections at the new perimeter – user identity. Rather than micromanaging employees via emails or chats, managers can gain valuable insight into how users are accessing resources and prioritizing work schedules by reviewing data and resource usage.

In an unprecedented time, companies need to find ways to enable their levels of control and visibility over business data. Whether a business application is on-premise or in the cloud, enhancing these solutions should be a mission-critical objective.

Risks against an organization are prevalent in a remote environment, whether those risks are security-related or employee-related by fraud, theft, and error. The keys to maintaining data security ultimately lie in your ability to provide oversight for your data, and the time to act is now.

_______________________________________________________________

Piyush Pandey, CEO at Appsian (www.appsian.com ) is a technology executive with 18 years of global experience in strategy, sales, mergers & acquisitions, and operations within software companies. Over the last 10 years, he has worked with enterprise software companies including Oracle, Epicor, Concur, Citrix and Microsoft on various transactions. He has held various leadership positions at Procera, Deutsche Bank, Stifel, Wipro Technologies and a wireless startup.

banks

OUT WITH THE OLD: WHY BANKS MUST ADOPT FINANCE TECHNOLOGY TO REMAIN RELEVANT

The term “FinTech” continues to saturate the news and financial institution reporting in recent years. It’s not surprising that streamlining financial services in the age of automation is something traditional banks struggle with adopting as global markets capitalize on technology. The trade sector on a high level is already purging antiquated, traditional processes involving paper, phone calls, Excel spreadsheets and tedious, unreliable methods of tracking and invoicing.

Now that FinTech is part of the bigger financial picture, it only makes sense that more companies in the global trade market are adopting FinTech as the norm rather than an option. This presents its own set of challenges for banks to overcome as much as it presents opportunities in optimization and risk mitigation. FinTech has its own challenges to overcome as well before it can successfully replace the traditional financial processes currently in place.

To understand exactly how FinTech fits into the bigger picture, we must break it down and evaluate all angles. To start, trends in emerging finance technology include variables from governments and dominating players to emerging acquisitions positioning big tech as a disruptor and solution to trade finance. So, what are some of the top emerging trends currently found in the financial technology space? According to experts at Azlo, a no-fee digital banking platform, government regulation will weed out fly-by-night FinTech while ownership of a self-sovereign identity will become more prevalent for risk modeling. Additionally, FAANG companies are currently positioned to become major players in the FinTech space as they continue to raise the bar for consumers and businesses alike.

Azlo also maintains that banks must adopt FinTech and emerging tech to remain a relevant part of the financial industry, warning that if they don’t, European, African and Asian markets, which possess less regulation and oversight, will own the space very soon. Additionally, optics, trust and inevitable obsolescence will ultimately serve as supporting reasons behind the adoption of emerging tech in the banking space in the near future.

From a safety and risk mitigation point of view, cybersecurity requires a sophisticated and advanced system to combat various strategies hackers utilize to disrupt the financial industry. Cybersecurity goes hand-in-hand with the recent surge in FinTech and will present itself as a challenge for financial companies to mitigate. How will this risk impact banks from a cost perspective? Think of it in terms of compliance and regulation. Circling back to Azlo’s expert point that once the government starts implementing harsher regulations, the days of FinTech will take a different stance in the financial industry. An example of this is found in Mexico’s FinTech law that took full effect this year and in the Latin America markets. As noted in a November Nasdaq article: “The goal of the FinTech law was to help bring more people into the formal economy. Additionally, it would help to reduce the amount of cash in circulation, which would cut down on money laundering and corruption as well.”

Nasdaq experts also point out the significant progress FinTech has made within the Mexico and Latin America markets. “In January 2019, Albo raised $7.4 million, sparking a surge in investor interest in Mexican neobanks,” states the article. “In March 2019, Mexican neobank, Fondeadora, announced a $1.5 million round of investment, and in May 2019, Nubank, Brazil’s largest neobank with over 15 million users, announced its plans to expand into Mexico.”

Considering the reputation for cash dependency in Mexico paired with the more than 273 FinTech ventures operating in the country, it’s no surprise that FinTech is disrupting and recreating opportunities for global markets while changing the way cash flow is approached.

FinTech will not necessarily hurt the traditional banking model, as it does offer an automated and sustainable approach for customers while keeping up with what is expected of companies on a cultural scale. To remain relevant, banks should consider what customer generations are emerging while maintaining the changing ecosystem supporting efficiency, sustainability and cost-savings.

Furthermore, FinTech is changing the way investments and lending are assessed. FinTech allows for much larger sets of data, providing a new level of visibility. Possessing the ability to manage multiple information streams that reflect the health of a company is found as an unmatched solution provided by FinTech, according to Azlo. With this information, companies can further evaluate next-step approaches and what actions in place need to be revisited, revamped or completely eliminated. The name of the game is data visibility, folks, and that is exactly what FinTech is doing to redefine how finances are approached.

“FinTechs are relying on different information when underwriting consumers, looking at things traditional banks have never considered and providing more people with access to personal and business capital,” explains Donna Fuscaldo in her blog, “The Rise of Fintech: What You Need to Know & Financial Services Now Offered.”

“Traditional financial institutions may be late to the FinTech party, but they haven’t missed it altogether,” Fuscaldo writes. “Many of them are creating their own services or partnering with established FinTechs to bring services to their clients. It’s happening in every aspect of FinTech from robo advisors with Charles Schwab’s Schwab Intelligent Portfolios to digital payments with Visa’s Visa Pay digital payment service. Even heavy hitters like JPMorgan are turning to FinTech’s data to evaluate applications for loans, and Quicken Loans, the online mortgage lender, launched its Rocket Mortgage app that can churn out mortgage approvals and rejections in minutes. All of this action on the part of the traditional financial services industry make for more choices beyond just the startups.”

With cybersecurity and automation consistently creating new ways for companies to optimize their payments while maximizing data and integration, only time will tell how much regulation global governments will impose and whether that reshapes the FinTech marketplace. One thing is certain: Traditional banking will continue to be challenged to redefine how customers are served, transactions are protected and how the investment and lending sectors approach opportunities throughout the international and domestic markets.

vulnerabilities

Top 4 Teleworking Vulnerabilities (and How to Mitigate Them)

Between social distancing guidelines and stay-at-home orders, it’s clear that we’ll all be spending a lot of time at home.

While many of us might normally work from home a day or two out of each week, few firms are used to having all their staff work from home for weeks at a time. 

This means that many companies have not implemented security measures that are most appropriate for a fully remote team.

To help you make the adjustment, here are some big-ticket vulnerabilities along with recommendations on how to best mitigate them.

1 – Using personal devices

The laptops and desktops your firm owns are secure. They have up-to-date patching and anti-malware. They have simple but important polices like an automatic screen lock. They’re backed up and might even have hard drive encryption and remote wipe capabilities.

Do the personal devices accessing your data even have anti-virus beyond Windows Defender? Are any running Windows 7, which has been out of support for months?

If a vulnerable machine is accessing your firm data, that data becomes vulnerable.

Best practice is to only allow your people to work from firm-owned equipment. If you try purchasing new equipment today, though, you will probably run into significant delays with manufacturing. Your second-best option is to roll out workstation management software to these personal devices. Your IT team can help with this.

2 – Heightened scam activity

Scammers are having a field day with this pandemic. We’re anxious, we’re distracted, we’re working with new and unfamiliar technologies, and we’re accessing confidential data outside of our secure office network.

In a span of just seven hours, cybersecurity company ESET detected 2,500 infections from malicious emails that played on COVID-19 themes. Phishing emails that appear to come from legitimate sources like the World Health Organization offer links or attachments with information about the spread, face masks, a vaccine—anything that will tempt recipients into clicking and infecting their machines with spyware, ransomware, or otherwise.

And the massive success of these scams means that hackers will double-down.

Fortunately, we can avoid these scams by practicing the same awareness tactics you’ve heard before:

-Don’t click links or download attachments you weren’t expecting.

-Watch for poor grammar and generic greetings (sir/ma’am)

-Don’t offer up personal information unless you can verify the request (by calling the sender, logging directly into your Facebook account, etc.)

Regarding coronavirus specifically, be sure to stick to official websites (WHO, CDC) for the latest news on the outbreak.

3 – Not using multi-factor authentication

Multi-factor authentication keeps you protected even if you make a mistake—which, as I mentioned above, is a lot more likely in today’s landscape.

Say you fall for a phishing scam and enter your Office 365 credentials onto a fake web page. But, your Office 365 account is set to send a verification code to your cell phone. Even with your email address and password in-hand, the hacker still can’t access your account unless they’ve also managed to steal your cell phone.

In January 1.2 million Microsoft accounts were compromised. Microsoft has said “multi-factor authentication would have prevented the vast majority of those one-million compromised accounts.”

Work with your IT team to (forcibly) enable multi-factor authentication on as many applications as you can. This is often not labor-intensive, and it can do wonders to keep your accounts locked down.

4 – Sharing devices with others

If you live with roommates or family members, you may find them asking to borrow your machine for anything from their distance learning assignments to streaming movies.

Whether this machine is personal device or owned by the firm, letting others onto the same equipment being used to store and access client data puts that data at risk. It only takes one wrong click to put your threat detection and response software—assuming any is installed—to the test.

And in some cases, someone just seeing an open document on your machine is a compliance violation.

Your firm policy may already have guidelines against sharing devices, but keep in mind that this is new territory for all of us, and that some may need help finding an alternative.

_________________________________________________________________

Heinan Landa, CEO and Founder of Optimal Networks, a globally-ranked IT services firm, and author of The Modern Law Firm: How to Thrive in an Era of Rapid Technological Change.

trading market

Modern Tendencies of Global Trading Market

The world is now a global village. Hence, globalization is a concept that has affected every aspect of human existence. The exchange of goods and services across nations and individuals, regardless of geographical limitations, is becoming increasingly seamless.

A Brief History of Global Trading Market

If you take a trip down memory lane, you’ll notice that global trading has come a long way. The origin of international or global trading dates back to the 19th century after the French war. The trade relations among nations increased significantly from 1865 to 1913, just before World War I broke out.

When WWI broke out, global trading fell rapidly. There was a massive dip in the export market. As it is with war, arms sales enjoyed enormous proliferation.

After World War I, things began to fall back to normal. It took a while for global trade volumes to rise to the peak reached before 1914.

The most significant rise in global trading came after World War II. In 1947, the General Agreement on Tariffs and Trade (GATT) was signed in Geneva by 23 nations. It marked a new dawn for global trading markets.

However, to better understand the modern tendencies in the global trading market, we need to look at the industrial revolutions that have happened over time. We can then link them to how they affect the global market in recent times.

Global Industrial Revolutions

There is an age-long relationship that exists between industrialization and globalization. The global industrial revolution that started in the late 18th century ushered in an abundance of raw materials. Industrialization led to the creation of new products and markets.

The products and raw materials that came, as a result of industrialization, needed to reach consumers across the world. That’s what led to the expansion of global trading markets.

Products were made in Europe from American raw materials and exported to Asia for consumption. A consequence of this affair between industrialization and globalization was the creation of trade routes. These trade routes connected America to Europe, Europe to Asia, and other continents of the world that needed the products.

We can talk about the early days of global trading markets without the pros and cons of globalization. The good that happened to the world was that manufacturers had more markets to sell their products. On the flip side, it created the opening for Europe to colonize the world.

The Journey from Then to Now

At this point, it’s safe to look deeper into how the industrial revolutions changed the course of global trading markets.

The First Industrial Revolution (1760 to 1830)

This is the period when Britain dominated and monopolized the global market. At the time, they had control of machinery, manufacturing techniques, and skilled laborers. Knowing that they were ahead of the world in industrialization, they kept everything within the confines of the British territory.

The embargo on the exportation of the industrialization that gave Britain a huge advantage didn’t sit well with some British businessmen. These folks began to seek more significant market opportunities outside Britain.

In 1807, two Englishmen took the industrial revolution to Belgium. The revolution further expanded global markets at the time.

Though it took a while for other countries to get on the wagon, it eventually happened after almost over a decade of British Monopoly. European countries like France and Germany came on board the ship to industrialization.

When the United States came into the picture, they gave the Britons a good run for their money’s worth. America became an industrial giant in the late 19th century.

Other countries that joined the industrial revolution at the time were Japan, the defunct Soviet Union, China, and India.

The Second Industrial Revolution (1870 to 1914)

While the first phase of industrialization focused on machinery and skilled labor, the next step introduced the manufacturing of more natural and synthetic products. It was in this era that synthetic materials like plastics began to flood the global market. Global trading expanded as a consequence.

The expansion in marketable products demanded a more straightforward way of doing business. Hence, this era brought computers into the fold. These computers now gave rise to what was called automatic factories.

With the global market expanding, governments began to get more involved. Economic policies came into play to establish checks and balances. Hence, averting an impending global financial and market crisis due to laissez-faire ideas that were at play at the time.

World War I marked the end of the second industrial revolution. Global markets were on shutdown as trade routes were either closed or manned by warring nations.

The Third Industrial Revolution (1990 to Present)

The advent of the internet marked the beginning of the third industrial revolution. The global market has shifted from the exchanges that took place at country borders to a peer to peer market setting.

With the world dealing with a myriad of global issues like natural disasters in, overpopulation, and poverty in some of the most populated cities of the world, there was the need to make the world a global village.

Trade deals can go on from anywhere in the world. People now have access to computers and the internet. It doesn’t matter if you’re a college drop out or a graduate from some of the best universities in the world, you can be a part of the global trading market.

In the first and second industrial revolutions, skilled labor was an exclusive reserve of a few countries that dominated industrialization. Today, remote workers can come from anywhere in the world, thanks to the advent of the internet.

For instance, you can hire labor remotely over the internet. An example is getting content writers from content review websites like Pick The WriterWriting Judge, and so on. The global market has now become more internet and remote-based.

However, the third industrial revolution has its significant cons. One of which is cybersecurity. With a lot of data shared over the internet, there are concerns about the unauthorized use of personal information for fraudulent activities.

With small businesses increasing, the dependence on the internet of things is increasing, thereby posing further cybersecurity challenges in the global trading market.

Statistics available shows that 43% of cyber attacks are targeted at small businesses. Sadly, over 60% of these small businesses go out of business within six months of the attack.

What’s The Way Forward?

As we gradually move from the third into the fourth industrial revolution, we expect that some of these cybersecurity challenges will reduce. Each industrial era comes with its pros and cons. However, the higher we go, the better we get – and the global trading market isn’t left out.

Already, technological advancements like Artificial Intelligence (AI), are with us. We are getting ready for an industrial revolution that will completely alter the way we live and do business. Industries are shaping up for what is coming with this technological revolution.

One sure thing is that the global economy will improve and life will be better for many people all over the world. Most bottlenecks in living standards and business opportunities will disappear to a large extent.

We envisage an era where technology will make life a lot easier. Trading platforms like crypto will make massive inroads into the global market systems. It’s a progressive world, and all we can do is get ready for the imminent.

______________________________________________________

Anna is a specialist in different types of writing. She graduated from the Interpreters Department, but creative writing became her favorite type of work. Now she improves her skills while working as a freelance writer for Pick The Writer, Writing Judge to assist a lot of students all over the world and has free time for another work, as well. Always she does her best in the posts and articles. 

maintaining

Maintaining Business-as-Usual When Nothing is Usual

As we watch the evolving global response to the COVID-19 pandemic, it is abundantly clear that organizations are facing a business continuity challenge for which most had not precisely prepared. With little to no strategic planning for it, organizations are being forced to shift from an on-premises employee base to a remote distributed workforce. The choice is clear, shift or shut down, and those trying to shift have significant hurdles to overcome. Enterprises need to protect their employees and ensure business operation continuity by making this immediate pivot to a remote workforce.

The aforementioned hurdles are numerous, indeed. A few key ones fall around maintaining compliance, ensuring security with developmental practices and keys, and maintaining visibility into risk when monitoring tools are overwhelmed with signals.

Uncompromised Compliance

Meeting compliance rules in a diverse IT ecosystem is arduous on the best of days but can be overwhelming for organizations dealing with the unanticipated tide of remote workers, non-controlled devices, and unmanaged locations. Yet without access to the business-critical and sensitive information required to perform job responsibilities, productivity would grind to a halt.  Organizations meet the competing priorities of employee access and regulatory compliance in spite of an ongoing pandemic. Compliance frameworks such as SOX, HIPAA, HITECH, and PCI, require implementing and monitoring a large number of controls to ensure compliance, even with remote workers. This is a herculean task, especially across multiple clouds, sites, and external work locations.

In order to establish compliance, many compliance frameworks require organizations to begin with a risk-based assessment of the ecosystem. The information gathered from this assessment determines what controls are necessary and how they can best be configured to integrate with the environment. For organizations needing to move swiftly, it is absolutely essential to utilize automated tools to manage this process and ensure that no controls are left out or partially implemented. Even after implementation, the ecosystem should be reviewed and monitored in order to maintain continual compliance.

Remote Development

Developers working from home come with the challenge of ensuring the codebase that they are working on is secure and that it can safely be moved through the development lifecycle. Fortunately, developers have already been moving down this path with the development lifecycle in the cloud using a CI/CD pipeline to streamline and automate the process from development to production. However, this requires the issuance of high-privileged keys to developers to move code between environments and execute the code. Protecting these privileged keys is challenging and can leave individuals with excessive rights that violate the principle of least privilege. In the worst scenario, a bad actor could insert malicious code, self-promote the code all the way into production, and have the code execute with a permanently issued privileged key, all without any checks along the way.

The best way to ensure that the CI/CD pipeline remains secure is to ensure there are zero standing privileges when they are not directly needed to perform functions in the environment. To aid in this effort, storing privileged keys and using a system to programmatically check them out at the time of code execution allows them to be available when needed but otherwise keeps them inaccessible. This can further be improved upon by using scoped keys that have an expiration built into them so that even if a high-privilege key was compromised, its ability to be utilized by bad actors is limited.

In order to maintain compliance, it’s also important for a solution to see and control when a developer may have a risky or toxic combination of access, such as the capability of both writing code and performing QA on that code. Keeping these duties separate is key to preventing poor code hygiene, and it also reduces the risk of a backdoor being written in and pushed into production.

Pinpointing Anomalous Behavior

When dealing with multiple external workers and the sudden change in traffic, the vast amount of real-time activity and behavior data coming in from different areas can complicate visibility into anomalous behavior. An IT ecosystem that ranges from on-premises assets to multiple clouds generates a huge volume of log data, and SIEM tools and vulnerability scans only add to the total. Each of these is generally contained in its own environment and has separate interfaces for reviewing and monitoring, and there is limited correlation to find anomalies that might not be readily apparent from any given individual interface.

While managing a strong remote work environment, an organization is going to need to double down on monitoring. In order to understand holistic risk and keep from missing trends only visible when broader data is analyzed, organizations should seek ways to integrate the data from these disparate systems to attain visibility not possible from looking at each as a silo. A quick response can make the difference between a bad actor being stopped cold and walking off with the keys to the kingdom.

When Business IS Usual

Whether adapting to a pandemic or evolving to follow the trend of offering remote work to attract top talent, ensuring your organization’s data is secure is top priority. Even when the IT landscape of your organization changes, you need to maintain business continuity with solutions that include automated response to risk while documenting continual compliance. Whether securing file access or enabling software development, ensuring only the right people have the right access to the right digital resources at the right time should be more than a clever catchphrase. It should be business as usual.

___________________________________________________________

Diana Volere is a strategist, architect, and communicator on digital identity, governance and security, with a passion for organizational digital transformation. She has designed solutions for and driven sales at Fortune 500 companies around the world and has an emphasis on healthcare and financial verticals.  In her role as Saviynt’s Chief Evangelist, she delivers Saviynt’s vision to the community, partners, and customers, addressing how to solve present and future business challenges around identity.  Her past twenty years have been spent in product and services organizations in the IAM space. Outside of work, she enjoys travel, gastronomy, sci-fi, and most other activities associated with being a geek.

automotive cybersecurity

Automotive Cybersecurity Market to Cross USD 837 Mn by 2024

The automotive cybersecurity market is set to grow from its current market value of more than $187 Mn to over $837 Mn by 2024, as reported in the latest study by Global Market Insights, Inc.

In an era where connected cars are deemed to mark the future of mobility, the market is indeed set to occupy a pivotal stance in smart and sustainable tech space. The cyber threats or security breaches in connected cars enable external access to the vehicle’s network and not just compromise the driver’s data privacy but can also pose serious threats to the driver’s physical safety and car’s operation. With data security breaches becoming intensely sophisticated, the automotive cybersecurity industry has turned out to be an inevitable investment spot that would aid the automotive sector’s continued roadmap toward connectivity without risk.

Speaking of competitive trends, strategic collaborations and partnerships have emerged as two of the top-notch measures adopted by the automotive cybersecurity market giants. One of the recent trends in this regard has been the JVs established between the automotive companies and technology conglomerates, in a bid to understand and resolve the security complexities in modern or connected vehicles.

The compulsion of connected services in vehicles for offering features like improved comfort, convenience, road safety and assisted parking will greatly benefit the automotive cybersecurity market, which apportioned revenues of over USD 187 million in 2017. With the mounting probability of a vehicle being hacked, a number of IT companies are partnering with automakers to develop security features and enhance vehicle safety measures. The  industry caters to every type of vehicle, from average passenger and luxury cars to heavy-duty trucks. Estimates suggest that close to 70 million connected vehicles will be running on the roads by 2020, a significant surge in comparison with the 2016 figure of 28 million. These statistics represent the vast amount of electronic control units (ECUs) that would be required in order to enhance the vehicles, instigating the market.

The network security dominates the automotive cybersecurity market and is projected to generate a market revenue of USD 236.4 million over the forecast timescale. The in-vehicle networks carry a variety of personal and operational identifiable information such as microphone recording, location, and call and navigation history, due to which protecting the data and messages over the network bus is important for privacy and operational security. Moreover, network protocols, such as Local Interconnect Network (LIN), Controller Area Network (CAN), automotive Ethernet, FlexRay, Wi-Fi, 5G network, Bluetooth, and Dedicated Short-Range Communication (DSRC), also aggravate cybersecurity threats. Therefore, it is important to adopt improved security techniques by interacting with security-enhanced network protocols to provide authenticity, integrity, and reliability of transmitted data.

One of the recent instances that validates the growing stance of collaborations & JVs as prominent growth tactics has been the partnership between SafeRide, one of the formidable automotive cybersecurity market players and Netherland based digital platform security giant, Irdeto. Under the terms of the recently inked partnership, SafeRide in collaboration with Irdeto is claimed to provide the OEMs and tier -1 automotive suppliers with a holistic cybersecurity solution for autonomous and connected vehicles.  Allegedly, SafeRide’s flagship vSentry solution would be integrated with Irdeto’s famous Connected Transport solution, Cloakware, to offer a multi-layered approach in protecting the platforms against tampering, automated attacks, and reverse engineering.

Europe’s automotive cybersecurity market is witnessing a fast growth rate and is projected to reach USD 224 million by 2024. Germany dominates the European automotive cybersecurity industry as it is the home to some of the leading automobile manufacturers including Ford, Volkswagen, BMZ, Audi, Mercedes-Benz, Opel, and Porsche. These companies are working with various software cybersecurity providers to increase the security offering aimed at maintaining passenger safety while traveling. For instance, in 2016, Volkswagen collaborated with three Israeli cybersecurity experts to establish an automotive cybersecurity company aimed at making vehicles and their ecosystem highly secured against cyber-attacks.

The companies functioning in the automotive cybersecurity market are investing in research and development strategies aimed at bringing about innovations in the automotive cybersecurity solutions. Some of the major vendors operating in the automotive cybersecurity industry are Audi, BMW, Ford, Honda, Nissan, General Motors, Volvo Car Group, Volkswagen, BT Security, Cisco Systems, Lear Corporation, Symantec Corporation, Argus Cyber Security Ltd., Intel Security, Arilou Technologies Ltd., Continental AG, and Karamba Security.

Source: https://www.gminsights.com/industry-analysis/automotive-cybersecurity-market

quantam computing

GlobalData Discusses Quantam Computing and its Impact on Auto Manufacturing

As artificial intelligence continues making news headlines in a variety of industries, GlobalData experts released statements from Volkswagen’s Data Lab team lead, Dr. Marc Hilbert about the risks and opportunities presented. In his statements, Dr. Hilbert addresses specifics relating to quantam computing in the automobile manufacturing sector.

“Security is definitely necessary. I think it’s very important specifically for Volkswagen because I think if you’re not compliant, if you cannot say that our things are safe, you will lose the trust of the consumer. So compliance is something that we are working on also with machine learning, and anonymization, so hiding your personal data within the car. So there’s nobody who can say that this is you, but we still have enough information to understand.”

Quantam computing is on the radar for many industry players as a potential emerging trend. Technology innovations and game-changers alike pose unique sets of challenges and potential solutions, and of course, associated risks.

“Traffic optimization is one of the use cases we’re looking at in terms of quantum computing. Because we think that quantum computing will be one of the emerging technologies which will have a big step in terms of machine learning, in terms of data analysis, and so on. And there are companies like D wave, IBM and Google, which tried to build the computer. So this is one aspect to actually get closer to a solution,” he adds.

“The Volkswagen group is coming from a different point of view. What we try to do is find problems in the real world. What we have today with our customers is traffic jams. We tried to translate this kind of questions in a way that a quantum computer can understand it. And we try to bring those two things together to identify aspects where we can use quantum computing in the next step. So this is our task in the data lab,” Hilbert concluded.

To read the full article, please click here.

healthcare

5 Ways For Healthcare Providers To Build A Fortress Against Cyber Threats

The healthcare industry has yet to find a cure for cyberattacks. Housing personal health data, all kinds of providers are vulnerable targets of hackers and patient care can be put at great risk.

News of breaches in healthcare computer systems is a regular occurrence. Over 100,000 medical records were recently leaked as a result of a data breach at a Montana hospital. And research this year showed an upsurge in malware attacks on healthcare providers. Phishing messages, a means of malware delivery via email, have been found to come in the form of alerts from the US Centers for Disease Control and Prevention (CDC).

As cyberattacks become more sophisticated and widespread, the need for adequately securing computer networks at hospitals and all medical facilities has never been greater, says Alex Zlatin, CEO of Maxim Software Systems (alexzlatin.com).

“The costs of cyberattacks for healthcare providers can be enormous,” Zlatin says, “but how hackers can literally stop facilities from functioning and keep patients from getting care and medication should get everyone’s attention. “It’s all about prevention, and for many providers, being secure as possible will involve a retooling and re-thinking of how they approach cybersecurity from the human and technological standpoints.”

Zlatin provides five tips for healthcare providers to better protect against cybersecurity threats:

-Educate employees about phishing attacks. Many breaches start with human error. Employees make the mistake of responding to an email, link or website designed by hackers to access private information. “Email is a popular phishing technique,” Zlatin says. “The best ways to prevent them from doing damage are to educate your employees on what suspicious emails look like and to use strong email spam filters. Also, your software should automatically scan any links or attachments. This prevents new or unrecognizable URLs from sneaking past company safeguards.”

-Beware of ransomware. Ransomware has been a big menace to the healthcare industry, holding data for ransom, paralyzing facilities and putting patients at risk. Zlatin says the first step in dealing with ransomware is backing up your system, ideally with a cloud backup to protect data. “Failure to do backup can cause irreparable damage,” he says. “And while hackers continually find ways to infiltrate, your security software should contain the most updated anti-malware and anti-ransomware protection. When a ransomware attack occurs, the first thing employees should do is contact their IT team — not try to resolve it themselves.”

-Have a top-down security program. There can be a disconnect and gaps in cyber security procedures when a medical facility’s security staff and IT team don’t overlap. “Including cybersecurity duties at a managerial level, perhaps even as an executive position, can ensure that correct initiatives are created, launched, and enforced, and that funding for security initiatives is available,” Zlatin says. “This also helps enforce regular risk assessment, which should be part of any healthcare provider’s cybersecurity threat program.”

-Make sure vendors have protection. The Healthcare Industry Cybersecurity Task Force, which was established by the U.S. Department of Health and Human Services and the Department of Homeland Security, warned providers about areas of security vulnerability in the supply chain. “Vendors should take the proper steps to detect threats,” Zlatin says. “They include all healthcare business partners, such as insurance companies and infrastructure providers, all of whom should have good security records and be able to protect medical information. It’s especially important for organizations that outsource IT personnel from third-party vendors.”

-Update passwords often. “Using the same passwords for most platforms is a big mistake,” Zlatin says. “It increases vulnerabilities. If a criminal discovers one password used for several accounts, it leads to a disastrous theft of data. So, have employees generate new passwords periodically and not get stuck on convenience.”

“Too often, many healthcare facilities aren’t vigilant enough about defending their medical records security,” Zlatin says. “Healthcare providers face a constant threat that requires constant vigilance because they and their patients have too much to lose.”

________________________________________________________________

Alex Zlatin, author of the book Responsible Dental Ownership (alexzlatin.com), had more than 10 years of management experience before he accepted the position of CEO of dental practice management company Maxim Software Systems. He earned his MBA at Edinburgh Business School and a B.Sc. in Technology Management at HIT in Israel.

His company helps struggling dental professionals take control of their practices and reach the next level of success with responsible leadership strategies.

 

 

cybersecurity

A Cybersecurity and Artificial Intelligence Forecast for 2020

As a cybersecurity and artificial intelligence innovator, we are often asked about our predictions for the year to come. AI, in all its flavors, is a hot technology and it is being applied in many fascinating and powerful ways. Our focus, of course, is on using deep learning to advance the standards in malware detection (and we see a lot of good happening in that regard) so we bring a unique perspective to these two areas.

And not to brag, but when the question came up last year we provided a modest forecast that turned out to be fairly accurate. Here’s a quick recap:

-We said that AI would be a key component to the delivery and management of 5G wireless services, which is in-line with what the industry is now saying about its roll-out.

-Our bet was behind the emergence of AI-as-a-Service. It’s comforting to know that Microsoft CEO Satya Nadella agrees, and sees a $77 billion market by 2025, according to Motley Fool.

-Last year we predicted the emergence of more sophisticated learning techniques, advancing the capabilities and efficacy of machine learning and deep learning algorithms, and that has been happening.

-We’ll even take credit for our prediction that AI in all its forms would see greater commercialization and consumerization, even though that one was probably self-evident in hindsight. Development and improvement in products like smart assistants, smartphones, autonomous vehicles, medical devices and more will continue apace now that AI is mainstream.

So what can we expect for 2020? We’re going to keep our forecast in the realm of cybersecurity and AI this year, looking at both the threat landscape and the emergence of innovative defenses. Here are five trends we see developing in the new year.

Cybercrime will focus on ransomware and cryptojacking

The focus of the global hacker community will shift to emphasize ransomware and cryptojacking. Ransomware has proven to be a lucrative source of income for hackers, and as associated malware and delivery techniques become more effective, that is only going to embolden them. Most hackers launch attacks from locations beyond the reach of U.S. authorities, and they collect payments in the form of cryptocurrency to minimize the risk factor of their illicit endeavors. And as cryptocurrency becomes more mainstream, we foresee a sharp increase in attacks intended to hijack computing resources to power the computations necessary to “mine” coins. What we’re seeing in Blue Hexagon Labs research is that cryptojacking attacks appear to have an inverse relationship to ransomware attacks. This is likely driven by hacker motivations; as the value of cryptocurrency increases, it may be more lucrative (and easier) to focus on cryptojacking than ransomware.

Malware-as-a-Service becomes increasingly sophisticated

Criminal hackers are innovators and entrepreneurial (even if they are evil, self-centered, and destructive innovators and entrepreneurs). As such, they are keen on minimizing cost and risk, and one way they are doing that is by productizing their tools and skills. As a result, Malware-as-a-Service hacking groups are now selling kits and automated services on dark web marketplaces. In March of this year, we wrote about Gandcrab ransomware-as-a-service. We will see these services increase in sophistication in the coming year–for example, the ability to select customizations such as the type of obfuscation or evasion techniques, and the way the malware is delivered. This will make it easier for anyone to get in on the malware game, creating a force multiplier effect that will increase the number of threats enterprises will face in the years to come.

First malware using AI-Models to evade sandboxes will be born in 2020

Malware developers already use a variety of techniques to evade sandboxes. A recent article explained that “Cerber ransomware runs 28 processes to check if it is really running in a target environment, refusing to detonate if it finds debuggers installed to detect malware, the presence of virtual machines (a basic “tell” for traditional sandboxes), or loaded modules, file paths, etc., known to be used by different traditional sandboxing vendors.”

In 2020, we believe that new malware–using AI-models to evade sandboxes–will be born. This has already been investigated in academia. Instead of using rules to determine whether the “features” and “processes” indicate the sample is in a sandbox, malware authors will instead use AI, effectively creating malware that can more accurately analyze its environment to determine if it is running in a sandbox, making it more effective at evasion. As a result of these malware author innovations and existing limitations, the sandbox will become ineffective as a means to detect unknown malware.  Correspondingly, cybersecurity defenders’ adoption of AI-powered malware defenses will increase.

The rollout of 5G networks will bring new attack vectors

The infrastructure needed to roll out and manage new 5G networks requires a more complex, software-defined architecture than older communication networks. This new architecture means services will operate within a more complex environment with a broader attack surface that requires more security diligence on the part of the service providers. In addition, the advent of 5G networks will enable more endpoint devices that will require security at the network edge. Hackers, in particular, nation-state threat actors, will work hard to find and exploit weaknesses in this architecture to intercept traffic, disrupt services, and deliver payloads to endpoints and networks.

Privacy regulations drive more spending in cybersecurity

The European Union’s General Data Protection Regulation (GDPR) has inspired a number of privacy regulations, including the new California Consumer Privacy Act (CCPA). In the CCPA, California has created a combined privacy and breach disclosure law that goes into effect on January 1, 2020. The office of the California attorney general recommends NIST (800-53 or CSF) or ISO 27001 as their standards for implementation, and uses CIS Controls for security program guidance. That means an emphasis on malware detection and prevention, and with data breach violations reaching hundreds of millions of dollars in the EU and U.S., we predict CCPA and the recent history of enforcement will drive a significant increase in cybersecurity spending.

Even though the overall theme of these predictions suggests increasing threats and risks to the enterprise, we do see cause for optimism. Our experience with the application of deep learning to meet the challenges of threat detection and prevention give us hope that, as our efforts and those of other innovators continue and build momentum, we are confident that 2020 will be regarded as the year our industry finally turned the tide against hackers.