Thursday, 27 September 2018

How AI can boost Banking services


Artificial Intelligence (AI) is taking businesses to the next level mainly because of the services offered under this technology. Every industry has started seeing improvements in their business processes, costs and work efficiencies due to the introduction of AI in their field. For every industry AI brings something different to the table. AI has helped decision makers to take quick accurate decisions which are backed by facts and helps implement suitable options. When we talk about the financial sector, the insurance industry has already implemented AI in their field. Until now 54 percent of insurance companies have started using AI for their processes but only 34 percent of banking and finance institutions have adopted AI. As AI is in full swing, leaders need to closely understand where and how they can implement AI in their field and how they can reap maximum benefits. 



Financial services sector is a potential area where AI has a lot to offer as it is an exciting time for the banking sector. There is huge amount of data being generated in the Banking and Finance Industry (BFSI) and there are a lot of insights in those huge amounts of data which needs to be analyzed. AI can easily examine the data fed to it and provide outcomes which can be used to create more opportunities and understand the current scenarios.

According to Accenture’s recent Accenture Banking Technology Vision 2018 report, 83% of Indian bankers believe that AI will work alongside humans in the next two years — a higher than the global average of 79%

Banks now offer services through digital means which has resulted in increase of online transactions, growth in customers who are increasingly benefitting from digital initiatives of banks. Customer experience is one such area which can be enhanced through AI as quick support can be easily provided to the customer and he can even be offered tailored banking products according to his requirements.

Below are some of the areas in banking sector which are going to transform themselves because of the introduction of AI:

1.      Real-Time Fraud Detection

Financial sector has been at the receiving end of numerous frauds and according to a report released recently by McAfee, frauds in the financial sector all over the world has resulted in global economic loss of about $600 billion. But as the technology landscape changes, banks are rapidly transforming and adapting new ways to counter threats and frauds. Big Data also plays an important role in providing banks with deep insights about a customer’s data and behavior patterns. When we talk about mitigation of financial risk, new solutions which are AI enabled and new advanced financial models will help banks identify fund flow analytics in real time and discover fraudulent transactions which can be stopped the moment they are discovered.

2.      Chatbots for Customer Service

Like any other business, it is important for banks too to acquire new customers and provide them with services they need along with excellent customer support. People no longer visit banks to obtain minor information like interest rates, loans or services which a bank has to offer because all the customer needs to do is visit the bank’s website and find out all the information they are looking for in minimum amount of time. Chatbots have been proved effective by certain banks who are currently making use of this technology stating that installation of chatbots have resulted in upmost customer satisfaction. People find it tedious to call or email a bank in case of a query but they find it very convenient to reply to a ‘Hello’ by a chatbot on the bank’s website. Efficient, systematic and accurate conversation leads to great customer service.

3.      Improved Banking Products

AI can analyze various types of data and through that it is able to obtain great insights on customer’s behavior and preferences. By understanding customer’s requirements, AI will be able to serve them better with best possible banking services. Historical data plays an integral role in unearthing customer’s buying patterns which are necessary for providing expected banking products and services.

4.      Improved Security

Whenever we adopt new technology, there are always new challenges that we face and thus in this case it is important to ensure that banks remain in compliance with industry regulations and protect customer’s private data from losses, frauds and security breaches.  The new technology will pair block chain and AI-powered algorithms which will offer multiple layers of modern and robust security which will reduce the risk of tampering with transactions which results in losses.

Conclusion

As banks are taking steps towards adopting AI, they are willing to change their traditional methods along with current processes so that AI can contribute in new generation transformation which will enhance the financial industry.

Wednesday, 26 September 2018

Cloud Computing and Mobile Devices: A Relation Impacting the Security Game


Comparing with the earlier era-

Before mobiles became ‘smartphones’, the life was slow, less hectic and mobiles were just merely what they are called – ‘mobiles’; meaning portable devices. Around a decade ago, a massive turnaround of investments happened through which there began an internet revolution. After that, mobiles became so powerful than even the desktops of an earlier decade. 

The term, ‘cloud computing’ further lead to the term ‘mobile cloud computing’ and these both words are one of the most used and misused terms in the technology industry today. The main purpose of these services lies in quicker access facility to the users irrespective of the location and time.

The huge number of internet-connected device market is captured by smartphones today than other laptops and desktops, and therefore mobile cloud computing has grown to a high scale.

When mobile computing was not in existence, the physical IT assets of the company which were owned and managed were the only things having security. But today, the scenes are different. Mobiles are dominating the world and are the fundamental source of internet for each and every user. Even being so, they have very little physical security which came just a few years back (mobile insurance). Hackers have this opportunity and rather they have a chalked-out path for hacking all these devices as it is very easy to root, jail-break or hoodwink the device of any user. One person sitting in a corner of the world can access your device – this thought itself is very frightening! Hence, there is a strong demand for security as a service.

The facts and figures on security breaches-

As per the latest study made by SANS Institute, 12% of the IT budget is spent on only security. The reasons are pretty evident. Studies show that companies are having chances of 27.7% of material data breach and they will have to spend over $3.6 million on it in the coming 2 years.

There are several things which cause concerns on security levels because, if your applications get hacked then the repercussions include deteriorated brand value, increased liabilities, regulatory risks, and of course financial losses. Considering the data of the last eight years, more than 7 billion identities were stolen in the data breach attacks! That accounts for one data-theft attack for one person on the earth! This scenario is getting complicated every day as there is a constant rise in the mobile expansion. Further, it is creating a very vulnerable and complicated environment which is back-breaking for managing and protecting the data. More than 60% of security managers get concerned about the heavy usage of insecure mobile applications and the number of such applications is increasing day-by-day. This situation is causing stress to the users as well as to the security solution developers and designers.

The rise of new challenges-

Due to such big losses in the past and coming ahead, the security world needs a precise solution which could prevent and counter-attack these threats. The computing world is significantly changing and therefore, security is not just limited to the physical IT assets. The users being more ‘mobile’ than ever and constantly connected to the internet desire more security of their data and need recovery options. The birth of IoT has contributed to a number of cloud-connected devices and the numbers will be increasing rapidly in billions.

The combination of mobile plus internet connectivity reaching new heights is giving new business models an opportunity to take advantage and increase their revenues. Therefore, new business models also came with a bunch of new loop-holes in security.

Check out the loop-holes in security, given below-

First, modes of payment have changed drastically since the smartphone era. Near Field Communications (NFC) are getting popular on mobile devices. Every single app which provides service has the facility to pay online. All such apps require the payment account’s credentials for authenticating the users. Therefore, these details get stored on the device. These details have high chances of getting compromised, and if it happens then the hackers will be free to make fraudulent transactions through anyone’s bank accounts. Nowadays, they can directly ask your bank details by pretending someone from your contacts or trust-worthy people!

Second, the facility for parking your car with a mobile can also turn as a bane to you and the automobile industry. If your device gets breached, you can imagine what types of fatal attacks are possible.

Third, personal data is also collected in the healthcare industry. We use smartphones and smart-watches to track our fitness goals, details, blood sugar levels, BP, etc. The purpose of this facility is to get data-driven treatment when required. If these devices get hacked, then there could be serious repercussions of life-threats.

Conclusion-


 Such situations are arising and can arise even further. Our society needs more solutions in terms of security. Due to this reason, several SOC (Service Operations Centers) are coming up and we need more but, reliable and robust ones providing fully managed security services. The users also have to be more careful while handling the apps and should know which are really useful and which are not. Also, there is no need to give every single permission to every app, you can customize the settings. All these aspects together can help the world in building a more secure future.

Thursday, 20 September 2018

Know About SOC (Security Operations Center) and the Rise of SIS (Security Insight Services)


What is SOC?

SOC i.e., Security Operations Center is that army which protects you from the terrorists named as cyber-attacks and online threats. Having said that, it resembles the 24/7 hardworking forces dedicated to preventing, detecting, assessing, and responding to the cyber threats and vulnerabilities. The team is highly skilled and organized with the mission of continuously monitoring and improving the security posture of an organization.



The Strategy of SOC

The SOC strategy has to be business-specific and clearly outlined. It strictly depends upon the support and sponsorship of executive levels otherwise it’s not possible for SOC to work properly. The SOC must be an asset to the rest of the organization. The aim of SOC should be catering to the company’s needs and a strong sponsorship from the executives is mandatory to make it successful.

The Infrastructure

Careful planning is the key to make any model successful. Same is the case with the SOC environment design. The aspects like physical security, layout, and electrical arrangements for the equipment, lighting, and acoustics must be considered properly. The SOC needs to have specific areas like a war room, an operational room, and the offices for supervisors. There must be proper visibility, comfort, control, and efficiency in every single area and therefore the design should be in consideration with these aspects.

The Technological Environment

After the mission and scope of the SOC, designing the underlying infrastructure is important. As several components are mandatory to build a comprehensive technological environment like firewalls, breach detection solutions, IPSs/IDSs, probes, and SIEM of course, to name a few. Efficient and effective data collection is primarily essential for a perfect SOC. Packet captures, telemetry, data flows, Syslog, and many such events are vital to collect, correlate, and analyze from the perspective of security. It is also essential to monitor the information and data about the vulnerabilities which can affect the complete ecosystem.

The Team and Processes

Although, technical aspects are highly important, still the huge and high-tech control room would be worthless if it doesn’t have people and proper functions/processes. 

Just like a fully equipped car is useless without a driver, an organization is empty without human resources and policies. Technology, processes, and people are the pillars of SOC.
As we know, SOC is a Team and every winning team shall follow some rules. Apart from engineers, analysts, and dev-ops people, there will be leaders and the leadership skills are necessary for everyone. There will be several tiers assigned to different team members. The analysis based on the real event monitoring, security incident/data breach detection, response to the incidents, and finally the remediation of those happenings. The paramount of the organization is coordination, collaboration, efficiency, and timing. Every member has to be aware of the strategy and mission of the SOC and hence, leadership plays a key role in this scenario. The SOC manager must be the one who inspires and motivates other team members so that they can contribute to the organization’s vision and mission. After all, providing 24/7 service while handling the stress isn’t easy at all.

Selecting such team members who can add value, is really a challenging task as the required skill-set is quite big and the enthusiasm should also be there. Again the exact amount of the workers must be hired, neither less nor more.

Considering this scenario, adopting a hybrid vision model could prove viable as it envisions the cooperation between the internal teams and managed service providers which are outsourced.

The Types of SOC models

Are you aware that there are several kinds of SOC models? Yes, check out below-

Virtual SOC

• It has no dedicated solution/facility
• Members are part-time
• The team is active only when critical incidents occur

Dedicated SOC

• Facility is dedicated
• The team is also dedicated
• Totally in-house team

Co-managed / Distributed SOC

• Both semi-dedicated and dedicated teams
• Usually, 5 X 8 operations are handled
• It becomes co-managed when paired with MSSP (Managed Security Service Provider)

Command SOC

• Coordination with other SOCs
• Offers situational awareness, threat intelligence, and additional expertise
• Not always directly involved in day-to-day operations but rarely

NOC (Network Operations Center) / Multifunction SOC

• Dedicated facility and team
• Performs all critical IT and security operations 24/7 with common facilities
• Helps in reducing the costs of the organization

Fusion SOC

One SOC facility consists of new and traditional SOC functions like CIRT (Computer Incident Response Team), threat intelligence, and OT (Operational Technology) functions which are combined.

Fully Outsourced SOC

Apart from the above six models, the service provider of ‘fully outsourced model’ operates and builds the SOC with minimum but supervisory involvement from the customer’s enterprise.

The Intelligence and Approach

To enhance the organization’s security posture, the SOC has to be both –active and proactive as it needs to carry out the process of Vulnerability Management. The priority for SOC is a robust approach to handling vulnerability and risk assessment skill. Other than that the OWASP model approach can be taken into the consideration too. Also, a threat intelligence approach (context aware) shall be implemented to become more effective in diagnosing/preventing the threats and adding more value.

The Essentials

Creating and Operating a SOC demands high quality, infrastructure, enthusiasm, teamwork, and skills. It should have best practices, compliances, and frameworks like COBIT, ITIL, and other are vital to abide by the PCI DSS and ISO/IEC 27001: 2013 standards.

ITIL is a potentially unmatched source of guidance in case of service design and strategy, service level management, and coordinating between the SOC related purposes and incident management processes.

Also, COBIT and especially its Maturity Model, COBIT- MM shall be considered as a premium guideline for checking how mature is SOC? 

The performance of the SOC has to be measured correctly and appropriately in all aspects. Therefore, the KPIs must be well-defined to check the application of ITIL, i.e., continual improvement of service. These steps will help in generating the best results from the SOC and add value to the organization.

So, these were the things you need to know about SOC.

Now, let’s understand what are Managed Security Services or Security Insight Services.

SIS (Security Insight Services)

We all know the hell number of online threats and cyber-attacks going on in the world. These things happen due to lack of essential security tools, equipment, and services. Many of the businesses are so concerned about the security of their data and loss of business but they don’t get proper solutions. They are often worried about how prepared their organization is to handle the online crisis situations. 

To these problems, ‘Security Insight Services’ is the solution. It is a one-stop-shop solution for all the current and possible online threats/attacks. 

The offerings by SIS

• Project driven approach
• Security Incident & Threat Analysis
• Project Driven Approach
• Security posturing assessment
• Security Incident & Threat Analysis
• Gap Analysis
• Network Security Assessment
• Malware Threat Modeling
• Database Activity monitoring & Vulnerability Scanning
• SIEM effectiveness modeling Configuration Auditing
• Process Auditing
• Application Vulnerability Assessment Email System Assessment
• Wireless System Assessment
• DDOS Attack Preparedness Testing DLP Analysis

The Need for SOC and SIS

If you aren’t aware already then let me tell you that if an attack happens, it takes 99 days on an average for that to get identified. Now that’s a big amount of time! So, you get the need for data protection and privacy for providing security. Hence, it clearly indicates the dire need for newness in the technology of cyber-security. Many people forget that just having the correct tools and processes isn’t enough. You can be still vulnerable to threats and attacks if you don’t monitor systems, detect upcoming threats, and don’t make any changes in the systems/operations whenever an attack or threat is identified.

Many organizations are now getting aware and want to build their SOC as they want more control over the safety of their data, monitoring, and the response. A SOC built project creates a strategic business impact and hence it’s a critical and vital initiative for those organizations. 

Conclusion

Looking at all the above key pointers, we get to know about the ideal SOC, the necessities for it in all aspects, the rise of SIS (Security Insight Services), and the vitality of SOC and SIS. To run ta SOC, the comprehensive range of cyber security aspects, high skills, and important competencies have to be considered. Building SOC is a combination of business strategies and high level of security armors as a service. 

Teamwork, great leadership skill, and motivation are vital for every member of the team, especially for the manager. A fully functional SOC is a complex project because it has to deal with wide and endless range or problems related to the data security. As the time gets ahead, there are going to be more challenges, and therefore a SOC has to be prepared for the same.
There is going to be the constant need for high-end online security services, and everyone has to brace for it! SOC team has a lot of work to do and that too tirelessly. 

Many businesses will have to choose one of the best online security services or the SOCs, and we are certainly going to get a number of them in the near future.

So, the whole point is that every single business should find a great SOC to cater to their needs of business security and improve the complete security structure of the organization.