Arx Alliance Cyber Security Newsletter #1

— Originally published October 4, 2021 at ARX — 

Welcome to our inaugural newsletter! Thank you for taking the time to spend a few minutes with us as we discuss the world of cybersecurity and try to share interesting stories, perspectives, and news. Those who know us already will know we are a massive advocate for the ‘little guy’ and feel more needs to be done to help create visibility, transparency, and increased education for SMEs who would otherwise not be in a position to combat or even manage an ever-worsening world of cyber. Therefore, we genuinely hope this monthly sharing of information will help organisations, both small and large, better understand and therefore manage their respective landscapes when it comes to cybersecurity and supply chain risk management.

Modern day cyber attacks

Let me first begin with a question: how many companies out there (regardless of size) believe they are immune to a cyber-attack? In my humble opinion, the simple answer is a big fat zero! Size clearly does not play a role in an organisations ability to avoid attacks which has been proven time and again as some of the largest tech companies in the world have fallen victim on multiple occasions. It therefore won’t surprise many that more than 90% of industrial companies are open to cyber-attacks. Perhaps this is due to their perceived lack of industrial organisations being tech-savvy. One such (worrying) stat was that “…penetration testers gained access to the industrial control systems (ICS) networks at 75% of these companies“. Let’s also not forget, these are often large organisations who demand and work with a large network of suppliers therefore potentially resulting in a knock-on effect that no one would want to experience. Some eye-opening & eye-catching stats within which are worth a read!

There are of course plenty of preventative measures available (but as mentioned above, unfortunately not accessible for all) however, as the old adage goes look close to home first and foremost to begin addressing issues. But what does this actually mean in a practical sense?! It’s not as complicated as it might sound at first with six basic things one can do to prevent being hacked. Changing personal behaviours will not only help individuals in their usage of personal devices but also when using company infrastructure. For instance, using free to use authenticator tools by turning on two-/multi-factor authentication and using a password manager would be two great steps to get us all started.

The importance of multi-factor authentication and strong passwords seems obvious but is regularly overlooked by the masses. This helps protect data, devices, and systems from unauthorised access. There have been many examples of poor password strength being used repeatedly including the use of the same ‘weak’ passwords for most (if not all) access. Let’s not forget, hackers are continually upping their game to ensure they can access what we don’t want them to; therefore, meaning we have to continually up our game too to stay one- step ahead. A simple change in approach of regular password changes and the use of password managers to help generate random passwords would make a material difference in this line of defence.

What are sniffing attacks?

It is important the industry terminology and acronyms don’t put people off from exploring approaches and solutions to addressing cyber issues. This not only helps cut through the jargon but also results in the basic measures being put into place for what’s (at some point inevitably) to come. Sniffing attacks is one such term that is gaining prominence among cybercriminals today to steal customer data and compromise network security.

To put into perspective exactly how much cyber criminals are raising their game, it might surprise you to know that these attacks are not at all random and opportunistic as one might think. There is a whole ecosystem where hackers can actually purchase access to victims’ networks from other cybercriminal groups and initial access brokers (IABs). Attackers are so savvy they have lists based on Geography, Revenue, Sectors, and Access Type which they are explicitly looking for in terms of vulnerabilities to target. This has gone so far that its even has a mainstream and very much identifiable name: Ransomware- as-a-Service (RaaS) with pricing far outweighed by the potential of payouts.

It is therefore no surprise that the cyber security industry is combatting people burnout! The ‘defenders’ of the peace are not only inundated but often the unsung heroes as their visibility is reduced the better the job they perform. This is of course due to increased cybercriminal sophistication which in turn means things need to change with some practice changes including investing in solutions that empower these teams to detect and stop attacks. The added ability to provide non-IT jargon-based management reports would be a massive plus to these individuals in helping to facilitate decision making at the very top. This approach will in turn promote a proactive and preventative strategy rather than fire-fighting once the problem has landed on their doorstep. Some food for thought!

Prevention and education!

Words by Dishang, COO Arx Alliance, COO Leading Point 


The Composable Enterprise: Improving the Front-Office User Experience

[et_pb_section fb_built="1" _builder_version="4.4.8" min_height="1084px" custom_margin="16px||-12px|||" custom_padding="0px||0px|||"][et_pb_row column_structure="2_3,1_3" _builder_version="3.25" custom_margin="-2px|auto||auto||" custom_padding="1px||3px|||"][et_pb_column type="2_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_social_media_follow url_new_window="off" follow_button="on" _builder_version="4.4.8" text_orientation="left" module_alignment="left" min_height="14px" custom_margin="1px||5px|0px|false|false" custom_padding="0px|0px|0px|0px|false|false" border_radii="on|1px|1px|1px|1px"][et_pb_social_media_follow_network social_network="linkedin" url="https://uk.linkedin.com/company/leadingpoint" _builder_version="4.4.8" background_color="#007bb6" follow_button="on" url_new_window="off"]linkedin[/et_pb_social_media_follow_network][/et_pb_social_media_follow][et_pb_image src="https://leadingpointfm.com/wp-content/uploads/2020/10/cloud-based-services.png" title_text="cloud-based-services" align_tablet="center" align_phone="" align_last_edited="on|desktop" admin_label="Image" _builder_version="4.4.8" locked="off"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.4.8"][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text _builder_version="4.4.8" text_font="||||||||" text_font_size="14px" text_line_height="1.6em" header_font="||||||||" header_font_size="25px" width="100%" custom_margin="10px|-34px|-5px|||" custom_padding="16px|0px|5px|8px||" content__hover_enabled="off|desktop"]

By Dishang Patel, Fintech & Growth Delivery Partner, Leading Point Financial Markets.

The past six months have by no means been a time of status quo. During this period of uncertainty, standards have been questioned and new ‘norms’ have been formed.

A standout development has been the intensified focus on cloud-based services. Levels of adoption have varied, from those moving to cloud for the first time, to others making cloud their only form of storage and access, and with numerous ‘others’ in between.

One area affected adversely (for those who weren’t ready) but positively (for those who were) is software. ‘Old-school’ software vendors – whose multi-million-pound solutions were traditionally implemented on premise at financial institutions, whether as part of a pure ‘buy’ or broader ‘build’ approach – have worked hard to offer cloud-based services.

The broad shift to working from home (WFH) as a result of the Covid-19 pandemic has tested the end-user experience all the way from front to back offices in financial institutions. Security, ease of access and speed are all high on the agenda in the new world in which we find ourselves.

The digitisation journey

With workforces operating globally, it is difficult to guarantee uniform user experiences and be able to cater for a multitude of needs. To achieve success in this area and to ensure a seamless WFH experience, financial institutions have moved things up a level and worked as hard as software providers to offer cloud-based solutions.

All manner of financial institutions (trading firms, brokerages, asset managers, challenger banks) have been on a digitisation journey to make the online user experience more consistent and reliable.

Composable Enterprise is an approach that those who have worked in a front office environment within financial services may have come across and for many could be the way forward.

 

Composable Enterprise: the way forward

Digitisation can come in many forms: from robotic process automation (RPA), operational excellence, implementation of application-based solution, interoperability and electronification. Interoperability and electronification are two key components of this Composable Enterprise approach.

Interoperability – whether in terms of web services, applications, or both –  is an approach that can create efficiencies on the desktop and deliver improved user experience. It has the potential to deliver business performance benefits, in terms of faster and better decision making with the ultimate potential to uncover previously untapped alpha. It also has two important environmental benefits:

1) Reducing energy spend;

2) Less need for old hardware to be disposed of, delivering the reduced environmental footprint that organisations desire.

Electronification, for most industry players, may represent the final step on the full digitisation journey. According to the Oxford English Dictionary, electronification is the “conversion to or adoption of an electronic mode of operation,” which translates to the front office having all the tools they need to do their jobs to the best of their ability.

The beauty of both interoperability and electronification is that they work just as well in a remote set up as they do in an office environment. This is because a good implementation of both results in maximising an organisation’s ability to use all the tools (trading platforms, market data feeds, CRMs, and so on) at their disposal without needing masses of physical infrastructure.

Because of the lower barriers (such as time and cost) of interoperability, financial institutions should start their digitisation journeys from this component and then embark on a larger and more complicated move to electronification.

Composable Enterprise is about firms being able to choose the best component needed for their business, allowing them to be more flexible and more open in order to adapt to new potential revenue opportunities. In these challenging times, it is no surprise that more and more financial institutions are adding Composable Enterprise as a key item on their spending agenda.

 

 

 

 

[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="452px||133px|||" custom_padding="8px||0px|||"]

"The broad shift to working from home as a result of the Covid-19 pandemic has tested the end-user experience all the way from front to back offices in financial institutions."

[/et_pb_text][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="452px||133px|||" custom_padding="8px|||||"]

"It has the potential to deliver business performance benefits, in terms of faster and better decision making with the ultimate potential to uncover previously untapped alpha."

[/et_pb_text][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="427px|||||" custom_padding="1px|||||"]

"The beauty of both interoperability and electronification is that they work just as well in a remote set up as they do in an office environment."

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="3.22.3" animation_style="fade" locked="off"][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_team_member name="Dishang Patel" position="Fintech & Growth Delivery Partner" image_url="https://leadingpointfm.com/wp-content/uploads/2020/03/dishang.2e16d0ba.fill-400x400-1.jpg" _builder_version="4.4.8" link_option_url="mailto:dishang@leadingpoint.io" hover_enabled="0" admin_label="Person" title_text="dishang.2e16d0ba.fill-400x400"]

Responsible for delivering digital FS businesses.

Transforming delivery models for the scale up market.

[/et_pb_team_member][et_pb_text admin_label="Contact Us" module_class="txtblue" _builder_version="3.27.4" text_font="||||||||" link_font="||||||||" ul_font="||||||||" text_orientation="center"]

Contact Us

[/et_pb_text][et_pb_text admin_label="Form" _builder_version="3.27.4"][formidable id=2][/et_pb_text][et_pb_code admin_label="Social media icons" module_class="form" _builder_version="3.19.4" custom_margin="0px||0px" custom_padding="0px||0px"]

[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section]


Intersecting the Old World with the New

[et_pb_section fb_built="1" _builder_version="3.22.3" custom_padding="30px|||||"][et_pb_row column_structure="3_4,1_4" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat"][et_pb_column type="3_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://leadingpointfm.com/wp-content/uploads/2020/02/samson-ZGjbiukp_-A-unsplash.jpg" align_tablet="center" align_phone="" align_last_edited="on|desktop" _builder_version="3.23"][/et_pb_image][et_pb_image url="https://www.surveymonkey.co.uk/r/FMXDXS9" align_tablet="center" align_phone="" align_last_edited="on|desktop" _builder_version="3.23"][/et_pb_image][et_pb_text admin_label="Text" _builder_version="3.27.4" background_size="initial" background_position="top_left" background_repeat="repeat"]
It has always been a challenge for large corporations to adopt change.  There is constant change being experienced at all institutions but, despite the appetite for change, the size of an organisation often hamstrings its ability to execute on innovative initiatives.

So, what differentiates those who can deliver successful change versus those who cannot?  In one word: Execution!

Execution is the biggest differentiator between small, agile and nimble businesses and their much larger counterparts.  Even if you put to one side the classic large corporate roadblocks (such as organisational complexity and bureaucracy), it’s clear that those who decide to take the leap of faith and try to change the world by starting their own businesses seem to be able to avoid and, often, ignore convention to deliver significant change.

Innovation in large organisations must pass through many layers of change management and control which frequently ties the hands of those who are the agents of change. Equally frequently, organisational politics have an adverse impact.  This is not true of ‘Upstarts’.

‘Upstarts’ break the glass ceiling of ‘the norm’ to create change by significantly improving an existing system or reinventing a process, convention, etc.  But one must question why it is easier for Upstarts to achieve significant change where larger organisations struggle and fail to achieve the same success.

Is it because Upstarts have more skills or able people to execute change?  Probably not, although one must believe Upstart people form a more focused collective.  It’s much simpler than that – it’s a matter of having the time and inclination to apply that collective focus to the achievement of a single objective.  Having, as a sole objective, creating and delivering industry augmenting technology will result in an executable product roadmap and realistic delivery timelines.
[/et_pb_text][/et_pb_column][et_pb_column type="1_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_testimonial admin_label="Testimonial" _builder_version="3.22.7"]
Execution is the biggest differentiator between small, agile and nimble businesses and their much larger counterparts
[/et_pb_testimonial][/et_pb_column][/et_pb_row][et_pb_row column_structure="2_3,1_3" _builder_version="3.25"][et_pb_column type="2_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.27.4"]
However, there is one area in which large corporates have the upper hand: domain expertise.  Upstarts, by virtue of their size, generally do not have the breadth of expertise of larger organisations.  There are many Upstarts who are capable and indeed do produce top of the line tech solutions.  However, often these same single solutions providers (focus!) struggle to appreciate and navigate the vast array of problems large FS organisations are looking to address. Due to these information gaps, solutions can often result in not being fully fit for purpose and therefore hinder an Upstarts ability to precisely satisfy the needs of large FS corporates.

In addition, large organisations have deep pockets.  This allows them to research and develop solutions internally or to attract external innovation by setting up Innovation Labs, or both.  The main objective of these Labs is to experiment with and identify the kind of innovation that will create competitive advantage.  Upstarts may find themselves part of the Innovation Lab or even acquired in the process.

While Innovation Labs may ensure large players don’t get left behind, there is a big opportunity being missed.  This is the integration of external innovation with internal processes and capabilities.  Acquisitions should be aligned with internal use cases i.e. known (or guessed at) issues with existing business workflows such as efficiency gains.  The main reason seems to be that each is located in its own silo.
[/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_testimonial _builder_version="3.22.7" custom_padding="|0px||||"]
Having, as a sole objective, creating and delivering industry augmenting technology will result in an executable product roadmap and realistic delivery timelines
[/et_pb_testimonial][/et_pb_column][/et_pb_row][et_pb_row column_structure="2_3,1_3" _builder_version="3.25"][et_pb_column type="2_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.27.4"]
So internal use cases (areas in need of improvement and change) are not connected to potential external innovative solutions.  And this is not to speak of the bigger challenge which is to identify those use cases in the first place.  This raises a number of questions:

  • Does the right type of resource exist?
  • Can available internal staff ask the right questions?
  • Is an independent party better placed to conduct such an exercise?
  • Will this be prevented by internal politics?
  • Who’s going to pay for the work?
  • Who’s going to take ownership?
  • ... and the list goes on.

Successful organisations engage the right people at the right level internally as well as identify and breakdown the ability of Upstarts to address wide ranging and often long-standing issues.  This takes a certain type of skill set including

  • The ability to face off across the corporate spectrum
  • Applying the correct level of domain expertise and insight, and
  • The ability and expertise to collaborate with Upstarts; to name but a few.

[/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_testimonial _builder_version="3.22.7" custom_padding="|8px||||"]
Entrepreneurs, especially the good ones, know that if failure is to happen, it happens fast.  This requires the ability to EXECUTE. 
[/et_pb_testimonial][/et_pb_column][/et_pb_row][et_pb_row column_structure="3_4,1_4" _builder_version="3.25"][et_pb_column type="3_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.27.4"]
The common thread: entrepreneurship. Why?

Entrepreneurs, especially the good ones, know that if failure is to happen, it happens fast.  This requires the ability to EXECUTE.  Getting the job done is very high on the agenda for any entrepreneur.  Lateral and cohesive thinking is also vital.  Steve Jobs once said, “creativity is just merging things” and entrepreneurs do this better than anyone and tend to find ways through means others don’t or won’t pursue through such approaches as marginal gains.

Entrepreneurs don’t have all the answers. Not at all.  But to bridge the gap between larger, more conventional-minded organisations and newer Upstarts, one must have the ability to “intersect the old world with the new”.  An excellent example of this was the event we ran Data Innovation Uncovered and the work we continue to do in the FinTech space including in Enterprise Blockchain and Client Lifecycle Management.

We love to talk about this intersection and encourage free and open conversation so please feel free to get in touch to share your thoughts or indeed to hear more of ours.
[/et_pb_text][/et_pb_column][et_pb_column type="1_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_testimonial _builder_version="3.22.7" custom_padding="|14px||||"]
To bridge the gap between larger, more conventional-minded organisations and newer Upstarts, one must have the ability to “intersect the old world with the new”
[/et_pb_testimonial][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Section" _builder_version="3.22.7" min_height="796px"][et_pb_row column_structure="1_3,1_3,1_3" _builder_version="3.25"][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_team_member name="Dishang Patel " position="Partner" image_url="https://leadingpointfm.com/wp-content/uploads/2020/02/dishang.2e16d0ba.fill-400x400.jpg" admin_label="Person" _builder_version="3.22.7" header_font="||||on|||rgba(0,0,0,0.38)|" custom_padding="0px|||||" link_option_url="mailto:dishang.patel@leadingptconsulting.com"][/et_pb_team_member][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="3.22.7"][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][/et_pb_column][/et_pb_row][/et_pb_section]