Connect with us

Cyber Security

US Government Publishing Office Website Defaced

Avatar

Published

on

The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran.

An obscure US federal website was attacked and vandalized on January 4, resulting in the site being taken down for more than 24 hours.

A group claiming to represent the Islamic Republic of Iran launched the attack against the Federal Depository Library Program (FDLP) website, changing its landing page to include a statement in Farsi and a Photoshopped image of President Trump bring struck by a fist representing the Revolutionary Guard.

The hack and defacement came on the heels of a US airstrike on Friday that killed Iran Revolutionary Guard General Qassem Soleimani.

The FDLP, whose site is now operating normally, has a mission to, “…provide free, ready, and permanent public access to Federal Government information, now and for future generations.” It operates under the Government Publishing Office.

Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency at DHS, on Saturday via Twitter warned organizations to renew their vigilance against potential Iranian cyberattacks, especially attacks concerning industrial control systems.

For more, read here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

Republished from https://www.darkreading.com/attacks-breaches/us-government-publishing-office-website-defaced/d/d-id/1336723?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Continue Reading

Cyber Security

A Complete Guide to Math in Cybersecurity

Avatar

Published

on

Math in cybersecurity

A critical shortage of trained cybersecurity professionals exists. Employees are in high demand at all levels, and all indications are that this demand will continue to rise.

Understanding how your abilities, interests, experiences, and aptitudes match with those required for success in cybersecurity will assist you in determining the best way to enter the field. Finding the ideal job is difficult at best.

Cybersecurity is a technological area that necessitates good quantitative abilities. This guide explains how math is used in cybersecurity and how to better prepare for a math-based cybersecurity job.

Table of Contents

Cybersecurity as a science

The almost universal use of computers in almost every aspect of life makes understanding the technology behind the displays both easy to overlook and difficult to comprehend. In most cases, whether a desktop, laptop, tablet, or mobile device does what we want it to do, we don’t give much attention to the bits and bytes that make it work. When we find ourselves wondering what magic makes these machines so unbelievably powerful, we must metaphorically throw up our hands and exclaim that there is simply too much technology jammed into our electronics for any one person to comprehend.

You are not alone in feeling this way, and you are not mistaken. Our computing and networking devices contain much too much technology for any one person to comprehend. To conceptualise, design, produce, software, customise, secure, and deploy each piece of technology that we take for granted, it takes teams of experts from various fields working together. The common denominator among these experts is that they must all be knowledgeable in the core academic disciplines of science, technology, engineering, and mathematics (STEM).

Although math is required in all STEM fields, this guide will concentrate on math because it is required for success in the general field of computer science and, more specifically, cybersecurity. Cybersecurity is a branch of computer science, and many cybersecurity positions require less STEM training than becoming a computer scientist.

People also use a broad brush to describe themselves and others, declaring them to be either imaginative or logical. Logical or methodical thinkers are also credited with mathematical aptitude. Although this is frequently true, the ability to consistently apply justification does not preclude the ability to be imaginative.

The creative mind can express itself in a very artful way by using mathematical equations. Consider your partnership with numbers instead of allowing one of these labels to discourage you from exploring STEM fields. How comfortable you are with numbers could be a better indicator of how well you would fit into STEM fields.

Consider if you enjoy dealing with numbers and communicating concepts and ideas with them. If you do, and you think analytically with a keen attention to detail, you may have a natural aptitude for a career involving numbers.

If you like numbers, you’re probably a good fit for fields that need math skills. If you enjoy solving complex puzzles and assisting others, you may be a good fit for a career in cybersecurity.

People that enjoy working with numbers

Many professions include the use of mathematics. Many knowledge-based careers, from research to finance to communications, demand competence and aptitude in mathematics and quantitative reasoning. In addition, analytical problem solving, critical thinking, and decision making are emphasised in these fields. There are abilities that have been honed through the study of mathematics. Consider the traits, skills, and abilities mentioned below to obtain a general understanding of your relationship with numbers.

Traits, skills, and abilities of “lovers of numbers” include:

  • The ability to accomplish objectives by reasoning backwards from the desired outcome to the actual state of an issue — or to reverse engineer a problem to find a solution.
  • Ability to imagine abstract concepts, quantitative relationships, and spatial relationships easily
  • The ability to use symbols and numbers to comprehend, interact, and model
  • Ability to think analytically and provide or receive criticism of ideas and concepts without involving feelings or emotions
  • The ability to recognise and categorise patterns and relationships, as well as the ability to use statistics as justifications for taking calculated risks.
  • An ability to keep track of and follow details while working on large, complex problems An ability to be patient while working on large, complex problems

To be effective in cybersecurity, you don’t have to be a “numbers person,” but the more of the traits, skills, and abilities mentioned above you can assert as yours, the more likely you are to enjoy a numbers-based work.

How math is used in cybersecurity

Cybersecurity isn’t typically thought of as a math-intensive field. That isn’t to suggest that knowing how to do math and being comfortable with it won’t help you succeed in cybersecurity. To progress beyond an entry-level cybersecurity grade, however, an applicant must be at least proficient in high school math.

Determining risk is a mathematical exercise, whether expressed as (threat x vulnerability) or (probability x loss) or in some other more nuanced way. At some stage, all security practitioners are involved in risk assessment. This calculation is almost subconsciously done several times per day by many security personnel in the course of their duties. The ability to consider risk is all about knowing what’s important and where to invest time and money to get the best results.

A protection professional on the front lines of a Security Operations Center (SOC) can be inundated with security warnings. They must examine these warnings and perform a fast risk assessment to determine what they can handle right now and what needs to be escalated for further investigation. This can be daunting at times, and it necessitates the ability to quickly quantify risk.

A security code auditor will be tasked with reviewing code written by others. While several analytical tools are available to help, she must be able to spot flaws and bugs in the code at a glance. Mathematical skills are needed for writing and understanding computer software code.

Computer operations are calculated using binary math. Anything from defining IP addresses to network routing relies on it. The term binary refers to something that is made up of or involves two items. A binary number is composed of bits, each of which has a value of 0 or 1. In a machine, a bit (short for binary digit) is the smallest unit of data. Bytes are the bit multiples that computers use to store data and execute instructions. A byte is made up of eight bits in most computer systems.

Any number in your device is an electrical signal, and electrical signals were difficult to precisely measure and monitor when these machines were first developed. Only distinguishing between a “on” state (represented by a negative charge) and a “off” state (represented by a positive charge) made more sense. As a result, binary arithmetic is used in both computer machine languages and applications today.

Hexadecimal math is another math-based concept used in cybersecurity. Unlike binary math, which has only two choices, hexadecimal math is based on the premise that you can count up to 16 different options. You should count these options from 0 to 15, giving you a total of sixteen options. Since one-digit numbers only go from 0 to 9 (10 takes up two digits), anything from 10 to 15 must be represented by something else, in this case the letters A through F.

At the very least, entry-level cybersecurity work would necessitate any knowledge of computer coding or programming. Math serves as the basis for computer code. Programming principles such as constraints, variables, and programming logic must be understood by coders. For example, you’d need to know how to write basic computer code like this simple if-else statement:

var x = 1; if (x === 1) { window.alert(“The expression is true!”); } else { window.alert(“The expression is false!”); }

The preceding is a basic example of computer code. Nonetheless, you can see from this that you’ll need a basic understanding of mathematical logic and how a machine interprets data.

The architecture of digital electronics has relied heavily on Boolean algebra. Boolean algebra is used in modern programming languages, despite the fact that it was first introduced by George Boole in his book The Mathematical Analysis of Logic in 1847. Expressions in elementary algebra represent primarily numbers, while in Boolean algebra, they represent the values false and true. It deals with logical value operations and includes binary variables of 0 and 1.

Cryptography is a mathematically oriented science that deals with codes and encryption. Information protection and data confidentiality are fundamentally based on cryptographic techniques. Cryptography uses a wide variety of algebra, from elementary to advanced. Computational hardness assumptions are used to construct cryptographic algorithms. A computational hardness assumption states that a problem cannot be solved efficiently, making algorithms difficult to crack in practise by any adversary. They’re often used by cyber-criminals and are a key component of ransomware. Cryptovirology is the study of how to use cryptography to create secure malicious software.

An algorithm is a calculable pattern of simple, machine-implementable directions in mathematics and computer science. They’re used to solve problems and finish calculations. Computer science and cybersecurity both rely on algorithms. Calculations, data analysis, automatic reasoning, and other activities are all carried out using them as blueprints.

Math requirements for education in cybersecurity

Examining the math criteria for different degree and credential programmes in the field is perhaps the most powerful way to equate your math aptitude to the requirements for a career in cybersecurity. If you’ve taken and passed these classes, or if you think you might pass them, it’s a positive sign that your interests and skills are a good fit for a career in cybersecurity.

The need for math in cybersecurity work isn’t so compelling that a math degree would be appropriate for anything but the most advanced cybersecurity research positions. These lucrative positions do exist, but in most situations, a degree or certificate in a security-related area would be preferred over a degree in math.

Look for the underlined terms to direct your understanding of where math skills may be needed when you review the course descriptions for cybersecurity-related qualification and degree programmes below. It is impossible to list all of the math requirements for all of the prerequisite courses, but these examples should give you a good idea of what is typically needed.

A technical cybersecurity certification will help you advance your career whether or not you plan to pursue a structured security-related degree programme. While there are numerous relevant certifications to choose from, CompTIA exam takers state that:

Only arithmetic and calculating the risk formula are required for the Security+ exam.
For IP/MAC addressing, the Security+ exam includes math.
In order to figure out subnet details on the Network+ test, you’ll need to use math.
You must note and apply the equation for calculating the transfer rate of various memory types on the A+ 220-801 test.

Many cybersecurity associate degree programmes do not include any math-related courses in their curriculum. Presumably, a high school diploma will be the only requirement for entry-level security jobs that don’t require an associate’s degree.

Cybersecurity associate degree programmes excel in two areas: gaining experience and training for cybersecurity industry certifications. Associate degree programmes play an important role in cybersecurity education, whether as stand-alone programmes designed to rapidly prepare students for the digital workforce or as a stepping stone to more advanced cybersecurity education, such as a bachelor’s degree in cybersecurity or a cybersecurity master’s or Ph.D.

Consider a BSE degree from Arizona State University as an example of the math needed for a bachelor of engineering degree. The following courses are mentioned as prerequisites for their junior year concentration in computer system security:

  • Computer Science BS or Computer Systems Engineering BSE are two majors in computer science.
  • CSE 310 – Data Structures and Algorithms. Stacks, lists, trees (B, B+, AVL), and graphs are examples of advanced data structures and algorithms. External sorting, hashing, and searching for graphs.
  • CSE 365 – Information Assurance. Information assurance (IA) concepts, procedures, risk management, governance, legal, and ethical concerns are covered.
  • SER 222 – Design and Analysis of Data Structures and Algorithms. Specification, complexity analysis, implementation, and deployment of data structures and associated algorithms. Professional tasks such as software creation, documentation, and checking, as well as sorting and searching.

The math level required for success in these courses is comparable to that required for other engineering degrees. A student should be assured in their ability to pursue a BSE programme with a solid understanding of algebra, geometry, and calculus at the high school level.

The math criteria for a master’s degree are more rigorous and challenging, as you would imagine. Boston University provides a cybersecurity specialisation to its MS students in order to satisfy what they see as a growing demand. This concentration includes courses on technological issues such as secure applications, languages, and architectures, as well as wider social issues such as privacy and legal implications.

Students are trained in a variety of topics through an eight-course curriculum, which includes:

  • Methods of cryptography
  • Knowledge and data protection
  • Computing that is fault-tolerant
  • Network safety
  • Anonymity and privacy
  • Security of software
  • System safety

While cryptographic techniques are math-intensive, students with a BSE degree should be confident in their ability to succeed in this course.

The Ph.D. is the highest academic honour bestowed by American universities and marks the pinnacle of academic achievement. In their Ph.D. Security degree programme, the University of Colorado, Colorado Springs (UCCS) offers a security specialisation. This latest multidisciplinary specialisation provides students with the opportunity to study and perform multidisciplinary research in areas such as cybersecurity, physical protection, and homeland security, all of which have become increasingly important in today’s personal, company, and government operations.

The NSA’s Information Assurance Courseware Evaluation (IACE) Program has approved UCCS’ Ph.D. programme, which includes:

  • CS3910 – System Administration and Security. Installs and configures common operating systems, as well as essential network utilities, disaster recovery protocols, and techniques for ensuring system security.
  • CS4200-5200 – Computer Architecture. The science and art of selecting and connecting hardware components to build a device that meets functional, efficiency, and cost goals is known as computer architecture. This course teaches you how to build a single processor computer from start to finish, including processor datapath, processor power, pipelining optimization, instruction-level parallelism and multi-core, memory/cache systems, and I/O. You’ll see that creating a machine does not require any magic. You’ll learn how to assess and analyse design success quantitatively.
  • CS5220 – Computer Communications. The topic of transmitting data between processors is thoroughly discussed. The student should be proficient in hardware and/or real-time principles. Communication structures will be investigated, ranging from basic to asynchronous point-to-point connections to those focused on complex network architectures. The content will be geared toward computer scientists who are users, designers, or evaluators of such systems. Rather than comprehensive electronic or physical theory, the emphasis will be on terminology and principles.
  • CS5920 – Applied Cryptography. Basic computer security problems, classical cryptographic algorithms, symmetric-key cryptography, public-key cryptography, authentication, and digital signatures are all covered.
  • CS6910 – Advanced System Security Design. Firewall architecture, network intrusion detection, monitoring, and prevention, virus detection, programming language, and OS support for protection, as well as wireless network security, are advanced topics in network and device security.

You can find a Ph.D. programme in cybersecurity daunting if you have a dislike for numbers; however, there are many high-level, even C-Suite, positions in cybersecurity that do not require a Ph.D.

Final thoughts

Technology advances at a breakneck rate. Year after year, developments in computer technology have influenced and revolutionised how we communicate with the world, a world that was unimaginable only a few decades ago. It can be difficult for many people to figure out where they belong in this high-tech world. It can be difficult to match their preferences and abilities to a potential profession.

Many professional professions necessitate the use of math. The field of cybersecurity, which is rapidly expanding, is no exception. Math and algebra at the high school level are needed for entry-level jobs, and highly technical security jobs require much more advanced math. However, only a few security-related jobs necessitate math at a higher level than that required of a student pursuing a Master of Science degree.

Despite this, there are several non-technical career paths in cybersecurity. Cybersecurity firms and agencies, like any other company, need a diverse workforce. Non-technical people make up a big part of every company, from administrative to supervisory positions.

Allowing labels like “creative person” or “analytical person” to close doors unnecessarily is a waste of time. A passion for drawing and painting may indicate a talent for conceptualising complex concepts, which is useful in computer science. Many successful people have discovered how to use science to express their imagination.

While math is required for some cybersecurity jobs, there are other skills and characteristics that are more important, such as:

  • A value system that places a high value on supporting and protecting others.
  • Ability to work in a high-stress environment Willingness to work as part of a team Ability to rapidly understand new and complex concepts

You probably already have the math skills needed for all but the most advanced cybersecurity positions if you can write and understand computer code. If you’re applying for one of these highly specialised jobs, you’ve almost certainly already put your math skills to the test in the real world.

Examining the advanced certifications and degrees that cater to the security industry is the perfect way to see how your math knowledge and aptitude fit with technical security work. Some examples of each have been given in this guide. Examine these examples and consider whether something about your education, job experience, or general interests qualifies you for or disqualifies you from these services. To be honest, the security industry requires your services and will most likely be able to accommodate you.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cybersguards.com/a-complete-guide-to-math-in-cybersecurity/

Continue Reading

Artificial Intelligence

The four biggest challenges facing the payments industry right now

Avatar

Published

on

We all know that 2020 was an unusual and challenging year for everyone and as much as we would have all wished that things could have gone back to normal the second the clock struck midnight on the 31 December, that has unfortunately not been the case. Most industries and businesses continue to face a number of challenges, some carried over from last year and others new to 2021. The payments industry is no exception to this. In difficult times it is even more important to understand our key challenges, so we are able to manage and overcome them.

To support that end, from my own experiences through 2020 and in 2021 so far, I have outlined the four biggest challenges I see for the payments industry and my thoughts on how to approach them.

Uncertainty

The biggest challenge facing payment providers this year is the continuing and over-riding state of uncertainty in the short term, but also for the medium to longer term. This isn’t limited to fintech and payments either, the past 12 months have been difficult for businesses in most sectors. This especially causes a problem for businesses as to how they manage the immediate and short-term challenges they are facing, while at the same time retaining focus on their medium- and longer-term planning and strategy.

Making decisions that protect the business in the short term and to adapt to the current situation can often be at odds with longer term goals. Increased uncertainty around for example, changes in customer behaviour and preferences, rules and regulations, and the economic outlook, adds a further layer of complexity for payments businesses in making strategic decisions.

Moreover, it would seem the current state of uncertainty may persist for some time. This combined with us being to a greater extent in ‘unchartered waters’ makes it even harder to forecast the future. With the struggles that COVID-19 has brought upon us, customer shopping behaviour has been forced to change and organisations have had to work hard to keep up with changing demands and requirements.

This has led to many businesses having to completely rethink their plans for the year and change much of their existing business model, which in turn has a knock-on effect to their business partners such as payment providers. Uncertainty as to whether the shift in customer preferences reflects a permanent change, or whether they will revert back to ‘normal’, once the pandemic is over, adds further difficulty in maintaining a balance between pursuing short-term initiatives and long-term initiatives – and deciding which of those to pursue. The past is not a reliable indicator of the future is probably now an even truer statement than ever. 

Uncertainty does however bring opportunity, and it is often challenges and uncertainty which drive forward leaps in innovation too. Businesses need to remain proactive in these times by staying up to date with industry developments, emerging customer trends and having a close eye on any new opportunities that may arise.

A business that manages to remain focused on its medium- and longer-term goals as well as its short-term challenges and which can remain nimble and flexible in its responses to the current uncertainty, has the best chances to be able to spot and take advantage of opportunities quickly. To do this, businesses need to keep their operations constantly under review and make changes decisively to adapt to the current climate as they push forward with their plans and development.

Regulation

Regulations are also likely to see a further overhaul in 2021. Following on from the ongoing legacy of the Wirecard scandal, regulators worldwide will certainly want to avoid any similar high profile and catastrophic collapses happening within the payments industry again. As a result, regulators are likely to introduce tougher and stricter regulations to keep customer funds safe and to protect the wider financial system.

Most of us would recognise that regulations are a good and necessary thing for the industry but changes in regulation can often present a challenge from a business perspective. This challenge can present itself through assessing the new requirements, through to deploying them and the potential additional time and resources required to ensuring ongoing compliance is achieved and maintained.

Key to successfully ensuring compliance with current regulatory requirements and making changes to meet changes in regulation, is to ensure the requirements are fully understood by the business. Where there is any doubt, it is always worthwhile seeking external advice which can help the business make the required changes and ensure compliance more quickly and can often be more cost effective in the long run.

It is also worthwhile receiving the regular update bulletins from regulators, which can help the business anticipate when new regulations will be announced and can help in understanding the updated requirements and what is required for the business to remain compliant.

Overall, there is a need for business to maintain investment in its compliance function to ensure this is fit-for-purpose and is effective in ensuring ongoing compliance with all current and emerging regulatory requirements. 

Fraud

Fraud remains a key challenge facing the payment industry, as well as an issue which can have a significant impact on both businesses more broadly and end consumers. Financial crime has seen an increasing trend in recent years and is one that is constantly evolving as criminals continue to get more sophisticated and more inventive with their approaches. In parallel new fraud prevention and detection methods and techniques have been developed and deployed. But this is a constantly changing game, with criminals adopting new strategies and the payment industry and other financial institutions deploying increasingly sophisticated techniques to stop them.

COVID-19 has created some degree of additional risk of fraud, thanks to an increase in online shopping including shoppers who have never previously shopped online in the past and are perhaps less familiar will some of the more obvious signs to be wary of. Criminals are all too aware of this and are happy to use this situation to their advantage.

Unfortunately, there is currently no way to full eradicate the risk of fraud. Payment providers continue to develop more sophisticated fraud prevention and detection tools to reduce the incidence. AI and other automated tools offer increasing levels of fraud detection – but at the same time criminals are also using new and more sophisticated techniques to try to avoid detection.

The best way to win in the battle against cybercrime and fraud is to ensure that all businesses have robust and effective controls in place, whether these are around access to data, protection of physical assets such as laptops, or measures to prevent unauthorised access to the business’s IT network and system. This is particularly important for any business that holds customer personal data or payment card information, where the business must ensure this data is fully protected to remain compliant with regulations and to avoid the risk of a costly and reputationally damaging breach.

Brexit

The fourth challenge for the payments industry, and for services industries more broadly, has been Brexit. This has been a cause of uncertainty since the outcome of the vote in 2016, not just for businesses operating in, or trading with, the UK but for the country in general. A big fear for many working in the financial services industry was a no deal Brexit along with a loss of access to the European Economic Area (EEA) “passport” for financial institutions based and regulated in the UK.

While the agreement of a trade deal is in my view a better outcome than a ‘no deal’ Brexit, it is disappointing that this did not extend to providing any real certainty for the financial services industry, other than a loss of ‘passporting rights’ and only a verbal agreement at the time the deal was announced that the EU and UK government would continue discussions in 2021 around some form of ‘Equivalence’.

The current situation therefore creates ongoing additional complexity, cost and operational effort for many financial services firms – in addition to the huge industry cost and effort of preparing for the risk of a loss of passporting rights over the past 4 years. While the UK has extended ongoing rights to EU-based firms to operate in the UK, these rights have not so far been extended by the EU to UK-based firms.

Financial services companies along with industry bodies continue to lobby for UK firms who are FCA regulated to be able to operate EEA markets, as they did previously. Currently though, it is unclear if, or when, the EU might extend these additional rights to UK-based firms. In the meantime, UK-regulated businesses have had to adopt alternative ways to work with their European partners and customers.

Clearly there is a hope that there would be movement going forward to allow UK-based and regulated firms to operate in the EU, and we are beginning to see steps towards this with the technology visa that was mentioned in the UK spring budget, but this will most definitely be a situation where we will need to wait and see.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.fintechnews.org/the-four-biggest-challenges-facing-the-payments-industry-right-now/

Continue Reading

Artificial Intelligence

The four biggest challenges facing the payments industry right now

Avatar

Published

on

We all know that 2020 was an unusual and challenging year for everyone and as much as we would have all wished that things could have gone back to normal the second the clock struck midnight on the 31 December, that has unfortunately not been the case. Most industries and businesses continue to face a number of challenges, some carried over from last year and others new to 2021. The payments industry is no exception to this. In difficult times it is even more important to understand our key challenges, so we are able to manage and overcome them.

To support that end, from my own experiences through 2020 and in 2021 so far, I have outlined the four biggest challenges I see for the payments industry and my thoughts on how to approach them.

Uncertainty

The biggest challenge facing payment providers this year is the continuing and over-riding state of uncertainty in the short term, but also for the medium to longer term. This isn’t limited to fintech and payments either, the past 12 months have been difficult for businesses in most sectors. This especially causes a problem for businesses as to how they manage the immediate and short-term challenges they are facing, while at the same time retaining focus on their medium- and longer-term planning and strategy.

Making decisions that protect the business in the short term and to adapt to the current situation can often be at odds with longer term goals. Increased uncertainty around for example, changes in customer behaviour and preferences, rules and regulations, and the economic outlook, adds a further layer of complexity for payments businesses in making strategic decisions.

Moreover, it would seem the current state of uncertainty may persist for some time. This combined with us being to a greater extent in ‘unchartered waters’ makes it even harder to forecast the future. With the struggles that COVID-19 has brought upon us, customer shopping behaviour has been forced to change and organisations have had to work hard to keep up with changing demands and requirements.

This has led to many businesses having to completely rethink their plans for the year and change much of their existing business model, which in turn has a knock-on effect to their business partners such as payment providers. Uncertainty as to whether the shift in customer preferences reflects a permanent change, or whether they will revert back to ‘normal’, once the pandemic is over, adds further difficulty in maintaining a balance between pursuing short-term initiatives and long-term initiatives – and deciding which of those to pursue. The past is not a reliable indicator of the future is probably now an even truer statement than ever. 

Uncertainty does however bring opportunity, and it is often challenges and uncertainty which drive forward leaps in innovation too. Businesses need to remain proactive in these times by staying up to date with industry developments, emerging customer trends and having a close eye on any new opportunities that may arise.

A business that manages to remain focused on its medium- and longer-term goals as well as its short-term challenges and which can remain nimble and flexible in its responses to the current uncertainty, has the best chances to be able to spot and take advantage of opportunities quickly. To do this, businesses need to keep their operations constantly under review and make changes decisively to adapt to the current climate as they push forward with their plans and development.

Regulation

Regulations are also likely to see a further overhaul in 2021. Following on from the ongoing legacy of the Wirecard scandal, regulators worldwide will certainly want to avoid any similar high profile and catastrophic collapses happening within the payments industry again. As a result, regulators are likely to introduce tougher and stricter regulations to keep customer funds safe and to protect the wider financial system.

Most of us would recognise that regulations are a good and necessary thing for the industry but changes in regulation can often present a challenge from a business perspective. This challenge can present itself through assessing the new requirements, through to deploying them and the potential additional time and resources required to ensuring ongoing compliance is achieved and maintained.

Key to successfully ensuring compliance with current regulatory requirements and making changes to meet changes in regulation, is to ensure the requirements are fully understood by the business. Where there is any doubt, it is always worthwhile seeking external advice which can help the business make the required changes and ensure compliance more quickly and can often be more cost effective in the long run.

It is also worthwhile receiving the regular update bulletins from regulators, which can help the business anticipate when new regulations will be announced and can help in understanding the updated requirements and what is required for the business to remain compliant.

Overall, there is a need for business to maintain investment in its compliance function to ensure this is fit-for-purpose and is effective in ensuring ongoing compliance with all current and emerging regulatory requirements. 

Fraud

Fraud remains a key challenge facing the payment industry, as well as an issue which can have a significant impact on both businesses more broadly and end consumers. Financial crime has seen an increasing trend in recent years and is one that is constantly evolving as criminals continue to get more sophisticated and more inventive with their approaches. In parallel new fraud prevention and detection methods and techniques have been developed and deployed. But this is a constantly changing game, with criminals adopting new strategies and the payment industry and other financial institutions deploying increasingly sophisticated techniques to stop them.

COVID-19 has created some degree of additional risk of fraud, thanks to an increase in online shopping including shoppers who have never previously shopped online in the past and are perhaps less familiar will some of the more obvious signs to be wary of. Criminals are all too aware of this and are happy to use this situation to their advantage.

Unfortunately, there is currently no way to full eradicate the risk of fraud. Payment providers continue to develop more sophisticated fraud prevention and detection tools to reduce the incidence. AI and other automated tools offer increasing levels of fraud detection – but at the same time criminals are also using new and more sophisticated techniques to try to avoid detection.

The best way to win in the battle against cybercrime and fraud is to ensure that all businesses have robust and effective controls in place, whether these are around access to data, protection of physical assets such as laptops, or measures to prevent unauthorised access to the business’s IT network and system. This is particularly important for any business that holds customer personal data or payment card information, where the business must ensure this data is fully protected to remain compliant with regulations and to avoid the risk of a costly and reputationally damaging breach.

Brexit

The fourth challenge for the payments industry, and for services industries more broadly, has been Brexit. This has been a cause of uncertainty since the outcome of the vote in 2016, not just for businesses operating in, or trading with, the UK but for the country in general. A big fear for many working in the financial services industry was a no deal Brexit along with a loss of access to the European Economic Area (EEA) “passport” for financial institutions based and regulated in the UK.

While the agreement of a trade deal is in my view a better outcome than a ‘no deal’ Brexit, it is disappointing that this did not extend to providing any real certainty for the financial services industry, other than a loss of ‘passporting rights’ and only a verbal agreement at the time the deal was announced that the EU and UK government would continue discussions in 2021 around some form of ‘Equivalence’.

The current situation therefore creates ongoing additional complexity, cost and operational effort for many financial services firms – in addition to the huge industry cost and effort of preparing for the risk of a loss of passporting rights over the past 4 years. While the UK has extended ongoing rights to EU-based firms to operate in the UK, these rights have not so far been extended by the EU to UK-based firms.

Financial services companies along with industry bodies continue to lobby for UK firms who are FCA regulated to be able to operate EEA markets, as they did previously. Currently though, it is unclear if, or when, the EU might extend these additional rights to UK-based firms. In the meantime, UK-regulated businesses have had to adopt alternative ways to work with their European partners and customers.

Clearly there is a hope that there would be movement going forward to allow UK-based and regulated firms to operate in the EU, and we are beginning to see steps towards this with the technology visa that was mentioned in the UK spring budget, but this will most definitely be a situation where we will need to wait and see.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.fintechnews.org/the-four-biggest-challenges-facing-the-payments-industry-right-now/

Continue Reading

Cyber Security

Google Released a New Open-Source Tool Called Cosign

Avatar

Published

on

Google

Google has launched cosign, a new open-source platform that simplifies the process of signing and verifying container photos.

The goal of cosign, which was created in partnership with the Linux Foundation’s sigstore project, is to “make signatures invisible infrastructure,” according to the business.

Google claims that the open source tool has been used to sign all of its distroless files, and that users of distroless (images that only contain the appropriate application and its dependencies) may easily verify if they are using the correct base picture.

The Internet behemoth claims to have incorporated cosign into the distroless CI scheme, making distroless signing yet another step in the Cloud Create job responsible for image development.

“To sign any distroless file, this extra step uses the cosign container image and a key pair stored in GCP KMS. Users can now verify that the distroless image they’re running was created in the correct CI setting, thanks to this additional signing step,” Google explains.

Cosign supports its own Public Key Infrastructure (PKI), hardware and KMS signing, Google’s free OIDC PKI (Fulcio), and a built-in binary transparency and timestamping programme, and can be run as a CLI tool or as a picture (Rekor).

Kubernetes, to which sigstore maintainers contribute, is already using the latest tool to validate images, and Kubernetes SIG Release is aiming to build “a consumable, inspectable, and stable supply chain for the project,” according to Google. In the coming months, Google expects to bring more sigstore innovations to distroless.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cybersguards.com/google-released-a-new-open-source-tool-called-cosign/

Continue Reading
Aviation55 seconds ago

FLYHT Names Nina Jonsson as Chairman of Board of Directors

okex-announces-listing-of-shiba-inus-shib-token.jpg
Crowdfunding2 mins ago

OKEx Announces Listing of Shiba Inu’s SHIB Token

Crowdfunding2 mins ago

OKEx Announces Listing of Shiba Inu’s SHIB Token

Crowdfunding2 mins ago

OKEx Announces Listing of Shiba Inu’s SHIB Token

Crowdfunding2 mins ago

OKEx Announces Listing of Shiba Inu’s SHIB Token

Esports17 mins ago

Cloud9 give boost to MSI 2021 rumble stage hopes with much-needed victory over DWG KIA

Energy20 mins ago

Asia/Pacific Market Trends to Boost Global Off-Road Equipment in 2021

Aviation21 mins ago

The Airbus A220: 5 Things You Must Know

Blockchain22 mins ago

Gemini Now Allows Users to Earn up to 2.25% Interest on Dogecoin

Blockchain23 mins ago

Public Mint Partners with KIRA to Enable Cross-Chain Liquid Staking

Blockchain24 mins ago

Rari Capital Will Reimburse Hack Victims with $26 Million From Developer Fund

Blockchain24 mins ago

Indonesia Plans to Tax Crypto Trading

Blockchain25 mins ago

Shield Finance Completes a $780K Round to Create a DeFi Insurance Aggregator

Blockchain31 mins ago

Mining Bitcoin: How to Mine Bitcoin

Energy31 mins ago

Sinopec: Acelerar el desarrollo de marca global para liderar el desarrollo empresarial de calidad

Blockchain32 mins ago

Bitcoin Cash price prediction: BCH to retest $1,500 resistance

Blockchain34 mins ago

Ethereum price prediction: Ethereum spikes below $3,700, another retest later?

chair-finance-debuts-groundbreaking-first-dex-for-utility-nfts.png
Blockchain35 mins ago

Chair.Finance Debuts Groundbreaking First DEX For Utility NFTs

Esports36 mins ago

Tony Hawk joins GameSquare Esports in special advisory role

Aerospace37 mins ago

Senate Intelligence chairman wants further review of decision to relocate U.S. Space Command

Aviation37 mins ago

Abu Dhabi Expansion: Wizz Air Targets More Low-Cost Destinations

Energy37 mins ago

Laboratories At Gage Products Are Recognized For Quality

Energy37 mins ago

Laboratories At Gage Products Are Recognized For Quality

Energy37 mins ago

Electrical Equipment Market In India- ABB Ltd., Bharat Heavy Electricals Ltd., CG Power and Industrial Solutions Ltd., among others to contribute to the market growth

Energy37 mins ago

Electrical Equipment Market In India- ABB Ltd., Bharat Heavy Electricals Ltd., CG Power and Industrial Solutions Ltd., among others to contribute to the market growth

Energy37 mins ago

Caterpillar Announces New 2030 Sustainability Goals and Reports Environmental, Social and Governance (ESG) Progress

Energy37 mins ago

Caterpillar Announces New 2030 Sustainability Goals and Reports Environmental, Social and Governance (ESG) Progress

Energy37 mins ago

Worldwide Forklift Industry to 2030 – Featuring Komatsu, Hyundai Heavy Industries and Mitsubishi Forklift Among Others

Payments38 mins ago

Revolut launches discount finder browser extension

Blockchain45 mins ago

AIRSOFT Technology LTD Heads Strongly into IFX EXPO Dubai

Trending