Digital Features

Safer technology – Safer financial institutions?

Cyber_securityWhat is Safety Tech, and how does it help FIs to fight financial crime and promote financial inclusion? The financial services sector has been experiencing widespread digitisation for several years, but the pandemic has suddenly forced financial institutions all over the world to step up their digital pivot in order to continue offering seamless services to their clients. In turn, this has widened the scope for cyber risks and financial crime. When it comes to cybercrime, humans are more vulnerable to exploitation than machines. Together with leading cyberpsychologist, Professor Mary Aiken, Standard Chartered has recognized the importance of Safety Tech, to protect people online and to create cyber situational awareness within the financial ecosystem, positioning the sector for longer-term sustainability. The emergence of SafetyTech
Cyber-security at financial institutions (FIs) is about more than just protecting computers. Protecting data, networks and systems is vital, but it is equally important to protect the people who use the systems from online harm. People are arguably one of the most vulnerable parts of the security equation. Protecting people in cyber contexts requires understanding not only those who are attacking the institution, but also the people financial institutions serve and employ. What is the difference between cybersecurity and cyber safety - according to Prof. Aiken "its binary, cybersecurity focuses on protecting data, cyber safety or 'SafetyTech' focuses on protecting people." A new sector, the online safety technologies or 'SafetyTech,' which complements the existing cybersecurity industry is gaining prominence. Prof Aiken emphasizes that "cybersecurity traditionally focuses on protecting data and information from cyberattacks, Safety Tech focuses on protecting people from psychological risks, harms and criminal dangers online -from mis information to online harassment." She points out that "It is critical that networks and systems are robust, resilient and secure however, it is equally important that people are psychologically robust, resilient, secure and safe in cyber contexts." SafetyTech describes the emerging online safety technologies sector which delivers solutions to facilitate safer online experiences, and to protect users from harmful content, contact or conduct, protecting users from everything from misinformation to online harassment. To take one example, Standard Chartered uses safety technology to block access to certain websites and dark net platforms. “By working with safety tech, we can now better understand the criminality of the networks that we're dealing with, and how we can get under their skin and put up defences to prevent abuse of our systems and our clients," said Patricia Sullivan, Standard Chartered’s Managing Director and Global Co-Head for Financial Crime Compliance, speaking at our Correspondent Banking Academy Masterclass on 10 November. “By understanding SafetyTech, you can better protect and or respond to ransomware attacks and offer more digital banking and ensure that it’s safe and that your communities can trust that they can use it.” The COVID-19 pandemic has changed how we live, accelerating FIs’ digital pivot and multiplying associated risks. According to INTERPOL, the pandemic has seen criminals shift to targeting major corporations and governments and propagating fake COVID-related news. In one month, one country reported 290 postings of such fake news, with the majority containing concealed malware.1 In this context, "SafetyTech is not an invention; it's a catch-up,” explained Professor Mary Aiken, a world leading expert in Cyberpsychology who has done extensive pioneering work in this new field, and a guest speaker at the Standard Chartered masterclass. “Online safety technologies or SafetyTech ensures that the levels of assurance we expect in the real world are matched in cyber-contexts.” SafetyTech for institutional resilience
SafetyTech aims to ensure that humans are resilient and secure when interfacing with technology. To this end, Professor Aiken said that financial workers should be trained to have increased cyber-situational awareness and trained to become more aware of their “digital exhaust,” that is, the identifiable traces people leave on the Internet, for instance on social media. Professor Aiken recommended that in order to develop cyber-situational awareness and to check out your digital footprint, you should search yourself often, and when you do this, use a private window or incognito mode option. Personal information attained online facilitates a range of cybercrimes from socially engineered attacks, to identity theft and cyber fraud. “Basically you need to think like a profiler, be cognizant of your digital exhaust and develop cyber situational awareness,” said Professor Aiken. Professor Aiken suggested multiple levels informed by the online safety technologies taxonomy2 whereby FIs can implement SafetyTech:
  • At the system level: Removing illegal content such as that linked to child sexual exploitation, terrorism and other serious crimes.
  • At the platform level: Tackling potentially illegal content or conduct, such as hate crime, or harassment, coercive behaviour and intimidation.
  • At the device or endpoint level: In the form of user-initiated protection, applications and products that can be installed on devices to help protect the user from harm. Network filtering can actively filter content, black-listing or blocking harmful content. SafetyTech methodologies that are particularly important given pandemic induced surge in remote working.
  • In the information environment: Flagging content with false, misleading and harmful narratives, through fact-checking and disrupting disinformation (e.g. by tagging trusted sources and building confidence in them).
  • Via online professional safety services: Through training for increasing psychological resilience, cyber situational awareness and cyber safety practices, along with research frameworks and methodologies for auditing, evaluating or mitigating potential harms. In addition, advisory support for implementing technical solutions, enabling the development of safer online communities by embedding safety-by-default.
Human behaviour can change in cyber-contexts, Professor Aiken noted, due to powerful psychological drivers such as the Online Disinhibition Effect, compounded by anonymity afforded by the Internet. Behavioural evolutions, coupled with the 24/7 'always on' nature of digital services, along with the profusion of communication channels, has increased the risk of vulnerability to cybercriminality, and has expanded the potential attack surface. Professor Aiken is working on the development of a SafetyTech service in the form of 'cyber-psychometric' testing, that would be of particular relevance in terms of tackling Insider threats, bottom line she says, "you need to know who your employees are in the real world, and you need to know who they are online." Prof. Aiken points out that on the dark web (i.e. that part of the internet which is invisible to search engines and can only be accessed with dedicated browsers), insiders can sell access to their employers’ confidential systems, they can also be recruited by sophisticated threat actors. Understanding the motivation of insiders who have the potential to cause damage – whether disgruntlement, revenge or outside influence – is crucial to identifying and preventing it. Safety tech for financial inclusion and sustainable development
The impact of implementing Safety Tech goes beyond protecting institutions and businesses and has broader societal implications. One key to achieving the UN’s Sustainable Development Goals is extending financial services to unbanked people.3 SafetyTech can help to build the trust of the unbanked in digital banking, while preventing them being exploited by unscrupulous third parties, for instance those that overcharge migrant workers for remitting money to their families. To date, much of the cyber-safety discussion on the societal level has focused on protecting children and teenagers. "We don't really see the same focus when it comes to vulnerable adult populations," Sullivan noted. But in many cases, it is urgently needed. "At our bank we have a strategy to provide microfinance to women in need in vulnerable populations, as well as certain countries where additional economic support is needed, for instance to combat corruption,” Sullivan explained. “In those populations there's a lack of feeling of safety when on the internet. Women most definitely tend to be more targeted when using the internet. Some countries also lack the same protections around freedom of communication. SafetyTech can come to the rescue and really shore-up the digital products we're offering. We want our clients to feel that they are not going to be victimised when accessing our digital banking platform." To date, Standard Chartered is the first, and to the best of our knowledge, the only financial institution to recognise the importance of Safety Tech from both a financial crime compliance (FCC) perspective and as a means of building long-term resilience. SafetyTech speaks to the bank’s three Sustainable Agenda Pillars: Sustainable Finance, Responsible Company, and Inclusive Communities. As Heidi Toribio, Standard Chartered’s Global Head for Financial Institutions, Corporate & Institutional Banking, pointed out: “SafetyTech supports sustainability goals concerning health and wellbeing, quality of education, gender equality, economic growth, and our ability to build partnerships to support these goals.” By ensuring that people are just as well protected from cyber-threats as are machines and data, FIs can promote the sustainable financial inclusion of those who need it most, while at the same time shielding their employees from harm. Essentially safety tech ensures a focus on People risk and vulnerabilities and is another dimension to cyber leadership that is critical in the fight against cyber risk and cybercrime,” concluded Sullivan. 1 Interpol, "INTERPOL report shows alarming rate of cyberattacks during COVID-19", INTERPOL News, 4 August 2020, https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-report-sh...
2 https://www.gov.uk/government/publications/safer-technology-safer-users-...
3 UNCDF, “Financial Inclusion and the SDGs”, https://www.uncdf.org/financial-inclusion-and-the-sdgs © 2020 funds global mena

Sponsored Profiles

There’s no doubt that Africa has been seen increasingly as an attractive prospect for inbound investment in recent years, with investors seeing real potential in the continent, particularly in the private equity, infrastructure and real estate asset classes, as it experiences strong economic growth.

Plausible explanations exist for why low-volatility stocks perform better than their high-volatility counterparts.

Aberdeen Asset Management has set up its first Middle East office in the newly established Abu Dhabi Global Market. Andrew Paul, senior executive officer, explains why.

A recent sovereign bond issue from Saudi Arabia underlines the appeal of emerging market investing. What must investors consider when allocating to this asset class? Firas Mallah of BMO Global Asset Management shares his views.

Executive Interviews

INTERVIEW: ‘Financing is the blood of Iran’s economy’

Amid a fresh wave of American sanctions, Romil Patel spoke to Meysam Hamedi, director of financial markets and instruments at Iran’s Securities & Exchange Organization (SEO).

INTERVIEW: Totally mega

In 2016, global consulting firm PWC forecast the emergence of five global ‘megatrends’ in the next two decades. Stephen Anderson, its Middle East clients and markets leader, talks about their...

INTERVIEW: Protecting the investment

Rasmala’s trade finance fund recently passed $100 million in assets. Doug Bitcon, head of credit strategies, explains why he has to be hands-on.

EXECUTIVE INTERVIEW: A natural interest in the topic

Since 2016, Guillermo Ortiz has been a chairman of Latin America’s BTG Pactual. The former central banker of Mexico talks to Nick Fitzpatrick.

Roundtables

Middle East Investor Roundtable 2020: Dimensions of diversification

Investors in the Middle East consider the tools that will be needed to navigate the Covid-19 crisis, the continued appetite for dividend and why it’s all about tech. Chaired by Romil Patel.

South Africa asset management roundtable: Global rebound on ice

Experts discuss the investment implications of the coronavirus pandemic, a delayed rebound in global growth and dealing with South Africa’s energy issues head on. Chaired by Romil Patel in Cape Town.

South African roundtable: Taking the bull by the horns

Our panel discusses Chinese investment in Africa, financial institutions’ contribution to economic sustainability and regulatory concerns. Chaired by Romil Patel in Cape Town.

ROUNDTABLE: Hooked to the global caravan

With the MENA region at a tipping point, our panellists talk about economic diversification, the impact of regulation and the delayed Saudi Aramco listing. Chaired by Romil Patel in Dubai.