Welcome to blog 2 of our 3-part series featuring top recommendations to help financial institutions (FIs) navigate the impact of COVID-19 on their payment business. Last week’s blog shared tips to manage the surge in online and mobile banking transactions. This week, we’ll focus on card-not-present fraud. As we inch closer to June, the coronavirus continues to affect consumer purchasing behaviors – including an immense payments shift towards digital banking and e-commerce.

We all know about hacking and hackers, but what about hacktivism and hacktivists? In this article, we will discuss what hacktivism is and how it can affect your organization. Hackers and the act of hacking found their way into mainstream long ago, with the help of high budget films and our increasing use of technology in almost every aspect of our lives. That is why almost everyone knows what hacking is and who a hacker is.

This new world is putting a strain on organizations’ digital security defenses. First, malicious actors are increasingly leveraging coronavirus 2019 (COVID-19) as a theme to target organizations and to prey upon the fears of their employees. Our weekly COVID-19 scam roundups have made this reality clear. Second, organizations are working to mitigate the risks associated with suddenly having a large remote workforce.

In the new normal, if your business has chosen remote operations, this might attract malicious actors. Hackers prey on the remote workforce whose vulnerability has increased in multifold ways. While infrastructural concerns, such as working outside the corporate IT network and using home Wi-Fi are inevitable, other issues, including using personal devices and retaining privileges to access more than required business resources add to the magnitude of this vulnerability.

In an earlier blog, Collaboration in the Modern Biotech Era, we explored the scope, dynamics, and complexity of collaboration in modern biotech and how “…these external partnerships have made the life sciences industry more distributed, networked, and collaborative than ever before.” But data security, integrity, structure, and storage present a number of concerns that need to be addressed to strengthen your GxP compliance envelope when working with external partners.

A recent attack on a hospital in Brno, Czech Republic (a COVID-19 testing center)ehowed the extent to which weaknesses in a health center’s cybersecurity system can endanger the lives of patients. During this attack, patients had to be redirected to other hospitals and vital surgeries were postponed - all during a time in which vital testing needed to be carried out and releases needed to be sped up. A study published in the journal Technological Health Care by CS Kruse et al.

The attack surface of your organization is the total number of attack vectors that could be used as an entry point to launch a cyberattack or gain unauthorized access to sensitive data. This could include vulnerabilities in your people, physical, network, or software environments. In simple terms, your attack surface is all the gaps in your security controls that could be exploited or avoided by an attacker.

If your organization offers or needs cyber security solutions, you must have heard of the Advanced Encryption Standard before. In this article, we will take a closer look at AES and how it can be beneficial for your organization. The Advanced Encryption Standard (also known as Rijndael) is one of the most popular global encryption standards, that is why its acronym AES keeps coming up in almost every discussion related to cyber security.

The energy industry used to operate on a simple hub-and-spoke model, in which large power plants would produce energy in a centralized location and distribute it out to consumers. Yet as solar, wind, and other small-scale renewable energy sources take hold in the market, that hub-and-spoke model is being replaced by a complex grid of interconnected devices.

The Cyber Security Body of Knowledge project or CyBOK is a collaborative initiative mobilised in 2017 with an aspiration to “codify the foundational and generally recognized knowledge on Cyber Security.” Version 1.0 of the published output of this consultative exercise was quietly released last year and then more publicly launched in January 2020. Yet, this free and information-packed publication does not appear to have captured the attention it perhaps deserves across the wider industry.