Welcome!

Blog Feed Post

Riskskill Predicts That Government Cuts And Rapid Mobile Growth Will Drive Business Risks Throughout 2014

Business risk consultancy Riskskill (www.riskskill.com) has highlighted what it sees as the main areas of business risk in 2014. Advances in mobile and payment technology predominate globally, along with a retrenchment of government strategy in the UK. Their research suggests that key areas of risk growth in 2014 include:

1. Fraud Risks
In 2014 fraud risks are likely to be the major contender for exposing many businesses to significant risk as the closure of the government's National Fraud Authority (NFA) could, some feel, be seen by fraudsters as a huge victory for the bad guys. The NFA was set up to consolidate and focus upon the handling and approach of combatting fraud and also to direct the strategic elements of the attack on the fraudster. The NFA objectives were previously diluted from eight to three, with the more 'strategic issues' removed. Now its remaining operational functions have been atomized into several government silos.

On the commercial side, payment markets will continue to evolve very quickly this year. New payment systems and software solutions are appearing daily. Many of these do not put in place effective authentication, security, standards or best practice systems. Often, this is because these have yet to be created in a market that is changing so rapidly. New mobile payment and wallet solutions are being developed with the backing of 'big' funding and strong marketing campaigns. Only a few of these will win through though. Many will fail, either commercially or because of serious 'fraud attacks' that exploit the lack of authentication.

2. Identity Validation / Authentication
Who am I dealing with? This will become an increasingly important 'risk related' question in 2014 for businesses and consumers alike and it is very much linked into the whole 'mobile' market evolution. Anti Money Laundering legislation, whether it is in the UK or across the EU, requires that one properly identifies who we are doing business with, know what our customers do, regularly check, watch and look for unusual transactions that might be illegal, and report anything suspect.

There are though several weaknesses in this area. For example, some small operators of 'new' payment solutions think that they are excluded from these requirements. There are also some insurance company policy sellers, who are playing catch up and often who do not check identities. Then there is the public who are increasingly becoming payment providers as they buy and sell more on-line. Whereas one used to know who one was dealing with for financial transactions (as it used to be only one's banks, card companies and utilities that one dealt with) it can now potentially be almost anyone, anywhere in the world.

As a consequence, identity, identity validation and data certainty will all move up the risk hierarchy and as a result so will the level of importance placed on these areas by businesses in 2014. These risks will be amplified greatly or those organisations that do not understand the issues or address them properly.

3. Big-Data Losses
With such problems increasingly arising where our personal data is held and managed by more and more people, often across the web, a new generation of customers are very open about their data and therein are disclosing everything about their finances. They are very keen to become users of the new mobile breed of financial products, which will increasingly present greater opportunities for identity theft and data compromises. With numerous high profile data breaches losing millions of customer data records including payment details in 2013, one can see that more of these types of losses will be incurred over the coming year. Thankfully, the PCI DSS initiatives have helped to protect payments but there are too many people now handling our data. Some observers feel that there is not a comprehensive and pervasive enough solution to protect us. H M Government should be setting the strategy here, but do they have right 'body' with the appropriate level of oversight to understand the threat now that the NFA has been disbanded?

4. Protection For Multiple Channels
The proliferation of new wallets, payment instruments, mobile devices, payment applications and standards being developed means that for businesses to keep up, they need to evolve new protections, controls, and security that are consistent across multiple channels simultaneously - what one might call 'unified protection'. As ever, the security and controls side of things will often lag behind; so businesses must ensure that these developments are carried out fully and that they are free from short-cuts as these will lead to problems later.

One of the major areas of attack expected is a fresh onslaught of new viruses. With such new threats as Cryptolocker, and other such plagues landing on business of all sizes, there is a risk that this kind of attack could reach epidemic levels in 2014. Even the smallest firms must ensure that they update virus and anti-malware software regularly, maintain strong back-up regimes and avoid clicking on any suspicious links. If these dangers move closer to mobile payments, it could threaten the momentum of the mobile sector evolution especially where authentication is often far less effective than it could or should be.

5. Silo Mentality Causing Corporate Ineffectiveness in Combatting Risk
Borne out of the desire to conduct business correctly, increasingly complicated silo structures have grown up in the corporate world, with many differing and sometimes potentially conflicting interests. Often large businesses in particular, introduce several highly ineffective theoretical layers of risk management protection that often keep the business too busy and too slow to do the real work required to tackle the challenges that organisations face.

Instead, businesses should be fighting hard to define clear risk management direction, together with business goals that incorporate risk thinking and risk/loss targets. Collaboration is the key here. It facilitates speed of decision-making, clear and assertive action-taking and an understanding of the business drivers. It also enables the ability to act, invest and change the business as required which are key to controlling risks.

Says Bill Trueman CEO of Riskskill's parent company UKFraud, "The whole area of risk management is an on-going challenge to maintain and manage controls and processes in business. Losses tend only to be managed in a panic when they happen, but are generally predictable and avoidable. Equally, management should be able to move and act quickly and effectively to change the business and to react to attacks. Problems generally occur because the controls, measurements, or IT security technologies have lapsed over time. With the exception of fraud losses, things do not take us by surprise. Even with fraud, most of the losses are completely preventable and something that can be planned for.

"In 2014 it is going to become easier for things to go wrong. As we enter the year with FTSE / S&P highs and increasing employment rates, the evident green shoots of recovery will see system controls and financial prudence starting to relax. This will encourage both internal and external attacks on a business and upon individuals alike. Greedy crooks, will take these more relaxed opportunities and exploit them fully. The opening of new product and sales channels such as mobile payment will inevitably mean that there will be gaps and new risks that are opened up. The risk management challenges in addressing these will probably predominate in 2014."

About Riskskill (www.riskskill.com)
Part of the acclaimed UKFraud operation, Riskskill delivers 'total risk' strategies, direction, risk assessments for major corporations, solving problems and engineering bespoke risk reduction solutions in organisational, management, financial control and IT.

Specialists at Riskskill cause losses to reduce by €-$-£ millions each year, when they carry out assessments, analyse areas where organisations are at risk and put in corrective plans in area that include: fraud, credit risks, counterparty or partner risks, cybercrime exposures, bad debt management, and the oversight and control of other write-offs along with compliance penalties and legal-case losses. Having identified specific areas of risk, Riskskill supports businesses with change plans. Plans are backed by comprehensive executive mentoring and support, coaching, training and staff mentoring programmes, which target the engineering of ground-up (but also top-down) solutions throughout a client's organisation, people, processes, management and systems.

For Further Information please contact:

Bill Trueman
Riskskill
+44 20 8133 7575
[email protected]

Or

Leigh Richards
The Right Image
+44 844 561 7586
+44 7758 372527
[email protected]

Source: RealWire

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

Latest Stories
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities. In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, posited that disruption is inevitable for comp...
Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at every layer of the IT stack – from apps to file sharing to infrastructure. The typical organization currently uses more than a dozen sanctioned cloud apps and will shift more than half of all workloads to the cloud by 2018. Such cloud investments have delivered measurable benefits. But they’ve also resulted in some unintended side-effects: complexity and risk. ...
It is ironic, but perhaps not unexpected, that many organizations who want the benefits of using an Agile approach to deliver software use a waterfall approach to adopting Agile practices: they form plans, they set milestones, and they measure progress by how many teams they have engaged. Old habits die hard, but like most waterfall software projects, most waterfall-style Agile adoption efforts fail to produce the results desired. The problem is that to get the results they want, they have to ch...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
"We are a monitoring company. We work with Salesforce, BBC, and quite a few other big logos. We basically provide monitoring for them, structure for their cloud services and we fit into the DevOps world" explained David Gildeh, Co-founder and CEO of Outlyer, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, Doug Vanderweide, an instructor at Linux Academy, discussed why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers wit...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
While DevOps most critically and famously fosters collaboration, communication, and integration through cultural change, culture is more of an output than an input. In order to actively drive cultural evolution, organizations must make substantial organizational and process changes, and adopt new technologies, to encourage a DevOps culture. Moderated by Andi Mann, panelists discussed how to balance these three pillars of DevOps, where to focus attention (and resources), where organizations might...
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
In the world of DevOps there are ‘known good practices’ – aka ‘patterns’ – and ‘known bad practices’ – aka ‘anti-patterns.' Many of these patterns and anti-patterns have been developed from real world experience, especially by the early adopters of DevOps theory; but many are more feasible in theory than in practice, especially for more recent entrants to the DevOps scene. In this power panel at @DevOpsSummit at 18th Cloud Expo, moderated by DevOps Conference Chair Andi Mann, panelists discussed...
After more than five years of DevOps, definitions are evolving, boundaries are expanding, ‘unicorns’ are no longer rare, enterprises are on board, and pundits are moving on. Can we now look at an evolution of DevOps? Should we? Is the foundation of DevOps ‘done’, or is there still too much left to do? What is mature, and what is still missing? What does the next 5 years of DevOps look like? In this Power Panel at DevOps Summit, moderated by DevOps Summit Conference Chair Andi Mann, panelists loo...