How to achieve next-generation cybersecurity
According to Rapid7’s Tod Beardsley, “March 2020 will be the point that we look back and see a fundamental change in how the internet functions, as well as how people and enterprises interact with the internet.”
FinTech magazine recently spoke with Beardsley to discuss the rapidly evolving threat landscape for enterprises and how Rapid7 can assist.
The precursor to this conversation was Rapid7’s release of its 2020 Threat Report.
This extensive piece of work details the shifting cyber threat landscape in more detail, and outlines those major risks that enterprises will have to counter looking ahead.
In the article, which can be read in its entirety here, Beardsley explains that the most significant change over the last decade has been the moving of information to the cloud.
He states: “It’s so much better than running your own racks of servers, but it also alters the potential threats for your organisation, and has everyone now concerned about a host of technologies and risk factors that didn’t even exist 10 years ago.”
Key findings of the report are that phishing remains the most popular form of attack for businesses.
So much so, says Beardsley, that “if you can solve phishing, you solve 90% of your problems - it’s that simple.”
Network segmentation, he adds, is one way of tackling the problem. “The problem with the enterprise is that everything is a big flat network, and it’s still very hard to get people to change that.
“The concern is that with the sudden shift to remote working as a result of COVID-19, you’ve gone from a home workforce of 5-10% to 100% and a whole new bunch of VPN traffic that lets anyone have a straight shot to an internal network. It’s a recipe for security failure.”
Typically, Rapid7 analyses risk across four key areas: threat telemetry, detection telemetry, recommendations and security programmes.
Beardsley elaborates on how enterprises still host vulnerable internet-exposed systems, and how malware and malicious documents are used to attack networks.
“A lot of what we found, we predicted,” he explains. “For example, that companies continue to build and deploy straight up, vulnerable systems and then put them on the internet.
“So, things like Windows machines with SMBs - Windows’ ‘everything’ protocol for file sharing, administration, authorisation, printing… everything - just exposed to the internet. That’s pretty shocking, it was probably the most visceral reaction I had to the data.”
2020 threat landscape
According to Rapid7 there are several key areas of focus that como as a result of its latest report:
- There exists a need for focusing on external footprint.
- Attackers most commonly exploit a public-facing application or valid accounts. This can be countered by patching, network segmentation and UBA.
- Organisations should use multiple threat detection methodologies and augment detections and technology with skilled individuals.
- Close to 80% of breaches detected by Rapid7’s MDR service are malware-related, phishing-related or malicious documents.
- Earlier focus on detecting threats in the initial access and execution tactics of the attack lifecycle can reduce the cost and impact of breaches.
- Investing in collecting and reusing threat indicators improves security programme efficiency.
- Proactively deploying mitigating controls based on trends in the threat landscape can reduce the risk of a breach.
Tink partners with Novalnet AG for open banking payments
The Munich-based fintech Novalnet AG, which was founded in 2007 and is one of Europe’s leadingfintech companies, has announced a new partnership with Tink, the Swedish open banking platform currently connected to more than 3,400 European banks.
Novalnet AG delivers payment solutions and fully automated services, from checkout to debt collection. Its solutions are also available worldwide.
According to reports, the fintech company plans to launch a real-time payments feature for merchants across Europe, to expand its current services and enhance the transaction experience it operates through its platform.
The new feature, says Novalnet, will revolutionise payments for ecommerce with transactions being credited to merchant’s accounts almost instantly.
Novalnet partnership with Tink
By partnering with Tink for payment initiation services (PIS) technology, Novalnet will take previous region-specific payment methods and offer a new unified digital payments service to its merchants across Europe.
The fintech’s real-time merchant payments feature, which will be launched initially in Germany and the United Kingdom, will then be integrated across other European markets during 2021.
Speaking about the new collaboration, Emmanuel Kirse, COO of Novalnet, explained, "We expect great things from our strategic partnership with Tink, which is a significant development for both parties.
“With Tink, Novalnet can offer a new set of open banking-related solutions in Europe. The new opportunities offered by this partnership will help both Tink and Novalnet grow together, along with our merchants."
Cyrosch Kalateh, Regional Director for the DACH region at Tink said, “Our partnership with Novalnet is a big step for Tink in the German market, and we are excited to work together to bring new, innovative payments services to merchants across Europe.”
He added, “At the end of 2020 Tink committed to expanding its payment initiation services from five to 10 markets, fuelled by an €85mn investment round. We are proud to add Germany to this list by announcing we have now fully launched Tink’s PIS services in this market.”
Image credit: Novalnet AG