July 13, 2021
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Another rising data science trend within banking is the use of traceable timing solutions. With timestamping regulations in financial services getting stricter, and data scientists looking to maintain integrity of assets, these solutions look to improve the accuracy of time sources.?Richard Hoptroff, CTO and founder of Hoptroff, said: “Network derived and precise traceable timing solutions are an innovative aide which can be used to bolster data infrastructure of banks. They are a growing alternative to traditional, satellite dependant means of achieving time. Network derived time can be used to optimise trade lifecycle management, improve transaction reporting and inform strategic decisions. This enables the verification of transactions to become more efficient and reliable and also opens up the possibility to identify significant cost savings. “The implications of the Fourth Industrial Revolution mean that traceable timing solutions are becoming increasingly relevant outside of financial services – as posited by Brad Casemore, the vice-president of Datacenter Networks at IDC, ‘Time and time services are more ubiquitous and more valuable today than many business leaders realise’.”
Companies need to buy into zero trust, or the philosophy that organizations should not trust anything inside or outside their network. Even the savviest internet users are targets for phishing scams and require constant education to sidestep hackers targeting vulnerabilities. Zero trust can manifest as a suite of programs to prevent phishing. Web users must keep up-to-date on common scams, such as suspicious links and misspelled email addresses, to avoid putting the workplace at risk. Companies can install software to block downloading external software and monitor how devices can be used. Cryptographic systems such as two-factor authentication (2FA) could be key to staying secure, Cerf and Rashid agreed. That could take the form of an app on a smartphone or a physical cryptographic device. Employers can also apply these principles to working in the office. There may come a time where the corporate network is compromised, and it is crucial that security teams assume their networks could be exposed. Cerf predicts 2021 will bring expanded internet coverage in rural areas and increased 5G speeds and capabilities.?
Once leaked, attackers can use the stolen hash to take over the secure connection that UMAS establishes between the PLC and its managing workstation, allowing the attacker to reconfigure the PLC without needing to know a password. Reconfiguration, in turn, allows the attacker to perform remote code execution attacks, including installation of malware and steps to obfuscate their presence. Schneider Electric said it applauds security researchers like Armis and has been working with the company to validate its claims and determine remediation steps. "Our mutual findings demonstrate that while the discovered vulnerabilities affect Schneider Electric offers, it is possible to mitigate the potential impacts by following standard guidance, specific instructions; and in some cases, the fixes provided by Schneider Electric to remove the vulnerability," Schneider said in a statement. Industrial control systems vulnerabilities have been a rising problem in recent years, but it's important to note that just because PLCs like Schneder's Modicon line are vulnerable doesn't mean an attacker will have an easy time taking control of them.
领英推荐
Ultrathin semiconductors like the one used here are currently a hot investigation topic for researchers: they can be stacked together to form entirely new synthetic materials known as van der Waals heterostructures. These structures have a lot of potentially innovative uses, such as being able to control electron magnetism with electric fields. However, a lot of this potential is still theoretical, because scientists just don't know what effects they're going to get yet and what devices they might be able to make. Which is why succeeding in creating this latest combination is so important. ... Getting this semiconductor-superconductor link together isn't easy – as you would expect, considering no one has done it before. The semiconductor is placed in a sandwich, with insulating layers above and below, while holes etched in the top of the insulating layer provide the electrical contact access. The superconducting material fills the gaps left by the holes, and the process is finished inside a nitrogen-filled glove box to protect the finished system from damage. Remote-controlled micromanipulators are used to complete the fabrication, under an optical microscope.
Open financial data could put powerful non-bank companies in a stronger position to become financial-services players. With digital adoption leaping ahead by years in just several months,4 many ecommerce, tech, and social-media companies have accumulated a massive lead in customer attention. This opens the possibility for them to be the first port of call for new financial products and services to their user bases, similar to what Google now enables customers to do with its “Plex” product, connected to the Google Pay app. According to the Google web site, Plex is offered in partnership with 11 banks and credit unions and includes physical and virtual debit cards, peer-to-peer payments, and an associated checking account. In Singapore, the government recently issued banking licenses to five nonbanking players, including the consumer ecosystem Grab (200 million users in eight countries) and the consumer internet company Sea. The surge in online activity and digital behaviors has also opened up new avenues for companies to integrate financial services directly into customers’ daily activities, such as online shopping and the management of payments related to cars.
The decision is the first time an official has been required to explain the role of the Netherlands in the operation to hack EncroChat, which has led to arrests worldwide of hundreds of members of organised crime groups. The Dutch Public Prosecution Service’s public position is that it was not involved in the development or deployment of a “software implant” used by the French Gendarmerie to harvest 120 million messages from the phones, which were largely used by organised criminal groups. Dutch prosecutors argue that it is not up to the Dutch courts to assess the legality of the French police operation to intercept messages from EncroChat, which were subsequently shared with the Netherlands, the UK, Sweden and other countries. But the claim has been questioned by defence lawyers in the Netherlands, who point to evidence from the UK and elsewhere that suggests the Dutch and French Gendarmerie worked closely together on the operation. A court in Den Bosch ruled last week that a public prosecutor involved in the Dutch investigation into EncroChat, codenamed 26Lemont, should give evidence on the Dutch judiciary’s role in the operation with the French.