To register for FREE, visit: https://ice-2023.reg.buzz/eskenzi-press-release-launch

Off the back of the inaugural event last year, ICE attracted over 135 exhibitors and more than 4,800 visitors from across the globe. The two-day event was well received and proved to be among the most inclusive, well-rounded, and attended cybersecurity events in the calendar. It caters to industry professionals of all backgrounds, from start-ups to established vendors, software developers to C-Level executives.

With networking a top priority for attendees, guests will have the opportunity to meet senior cybersecurity professionals from household names such as Google, Microsoft, Sainsbury’s, Tesco, Network Rail and Boohoo; as well as government representatives from across various departments, like the Home Office. Highly regarded members of International Cyber Expo’s Advisory Council such as Nick Bell (CEO, National Cyber Resilience Centre Group), Dr Emma Philpott MBE (CEO, IASME), Paul Chichester (Director of Operations, NCSC) and Juliette Wilcox, CMG (Cyber Security Ambassador, Department of International Trade) will also be walking the show floor.

International Cyber Expo 2023 event highlights will include:

• Global Cyber Summit: A combination of roundtable discussions, fireside chats and presentations that will look at real cyber issues impacting us today and in tomorrow’s interconnected world. This year, the Summit will explore themes such as the cyber skills gap, international perspectives surrounding the rise of artificial intelligence including ChatGPT, as well as the recent introduction of significant legislative changes in the industry. Uniquely, this year’s Summit will also look at the Russian cyber attacks on Ukraine and elsewhere, from a Ukrainian perspective with close advisors to the country’s government agencies weighing in. 
• Tech Hub Stage: An opportunity for vendors to launch products/services and talk about real-life applications and case studies of game-changing solutions. 
• Senior-Level Roundtables (by invitation only): An intimate get-together of 8 – 10 Chief Information Security Officers and other senior representatives exploring the latest challenges they are facing, and their insights on emerging trends. 
• Immersive Cyber Demonstrations: Professional actors from Crisis Cast deliver immersive demonstrations on how to prepare for cyber threats, explore vulnerabilities and survive in the new age of information warfare.
• Connect+ Live: A meeting service to connect qualified international buyers with sellers based on their buying needs.
• International Pavilions: A range of International Pavilions expand the market opportunity and international nature of this high-level cybersecurity event.
• Government Zone: With support spanning the Home Office, UKDSE, UK Cyber Council, Joint Security and Resilience Centre (JSaRC) and more, the Government Zone provides a central meeting point for visitors to network and discover the latest projects and plans for the UK’s future with the most senior and influential figures in UK Government departments, organisations and agencies.
• Cyber Griffin Tabletop Exercise: The award-winning tabletop exercise is designed to explore the decisions that people make in real-life scenarios in order to protect their businesses from modern-day threats.

“We are thrilled to be opening registration for International Cyber Expo, our London-based cybersecurity event, in its second consecutive year. We have already received an astounding amount of interest from both exhibitors and visitors alike, and we cannot wait to reconvene in September this year for another great event,” said Rachael Shattock, Group Event Director at Nineteen Group.

To register for FREE, visit: https://ice-2023.reg.buzz/eskenzi-press-release-launch

The post International Cyber Expo 2023 – Registration is now OPEN appeared first on IT Security Guru.

The round was completed in the third quarter of last year, and the new funding was leveraged to expand Vdoo’s offering to the telco and smart utility space, at the backdrop of the connectivity surge induced by COVID-19. The round increased the total capital raised by Vdoo to $70M. Qumra Capital and Verizon Ventures joined existing investors 83North, GGV Capital, WRVI Capital, Dell Technologies Capital, NTT DOCOMO Ventures, MS&AD Ventures, and prominent private investors in the extension round.

According to Netanel Davidi, Co-Founder and CEO of Vdoo, “Over the last year, we’ve experienced huge market demand from device deployers such as telcos and utilities. These companies are responsible for the security of the millions of devices such as routers, connected home appliances, and smart meters that they deploy to their end-user and customer environment. With Vdoo’s new offering, they can now quickly and easily vet the security and standard compliance of these devices and continue to monitor and protect the devices over the lifecycle of the product. As a result, our newest customers include top U.S. and global telcos and additional utilities players globally. We are happy to announce this round after receiving strong market validation, and we are thankful we were able to grow significantly in these challenging times.”

The connected product security market continues to expand; research firm Markets and Markets predicts the global device security market to grow from $12.5 billion in 2020 to $36.6 billion by 2025. COVID-19 and the shift to working from home (WFH) have dramatically increased the number of remotely connected devices, accelerating the demand for securing connected products.

Vdoo delivers the industry’s leading automated product security platform for device manufacturers and deployers. Vdoo’s platform performs a complete security assessment in minutes, providing a comprehensive report identifying zero-day vulnerabilities, CVEs, configuration and hardening issues, standard incompliances, and other security exposures with suggested prioritization and remediation mechanisms.

“The world’s top device manufacturers and deployers choose to work with Vdoo because they recognize the importance of securing their products,” said Davidi. “They’re leveraging the Vdoo platform to analyze their security and standards posture before deployment, and then continue to protect their devices through the end of product life. Our customers include dozens of Fortune 500 companies across every industry, geography, and type of connected product, such as automotive, industrial, medical, smart buildings, and now also telcos and utilities.”

“The number of connected IoT devices is rapidly growing, creating greater opportunities for security breaches,” said Boaz Dinte, Managing Partner of Qumra Capital that led the round. “Vdoo’s unique device-centric, deep technology automated approach has already brought immediate value to vendors in a very short period of time. We believe the market opportunity is huge, and with newly infused growth capital, Vdoo is well-positioned to become the leading global player for securing connected devices.”

“With the expansion of 5G networks and mobile edge compute, there’s a need for an end-to-end, device-centric security approach to IoT,” said Verizon Ventures Managing Director Tammy Mahn. “As the venture arm of a leading telco, Verizon Ventures is proud to invest in Vdoo and its world-class team on their journey to solve this global need, while ushering in a new era of security by design in our increasingly connected world.”

About Vdoo

Vdoo’s automated approach to securing connected products has helped Fortune 500 manufacturers and service providers to scale up their product security capabilities across multiple lines of business, enabling them to significantly shorten their time-to-market, reduce resource requirements, increase sales and lower overall risk profiles.

Founded by a team of serial entrepreneurs with deep expertise in endpoint and embedded system security, Vdoo is a global company with offices in the U.S., Germany, Israel and Japan. For more information, visit www.vdoo.com

The post Vdoo Reveals an Extension Funding Round with Qumra Capital and Verizon Ventures Joining as Investors appeared first on IT Security Guru.

Supplier: IS Decisions

Website: www.isdecisions.com

Price: 500-999 simultaneous user sessions, €7.75 per session (euros)

Scores

Performance 5/5

Features 5/5

Value for Money 4.5/5

Ease of Use 4.5/5

Support 5/5

Overall 5/5

Verdict: UserLock teams up seamlessly with Windows Active Directory to deliver easily managed user logon controls, essential concurrent session management and a wealth of auditing information.

With the GDPR (General Data Protection Regulation) now in full force, businesses must protect confidential data from unauthorized access. Strict administration of Active Directory (AD) user accounts is essential and although Group Policy is the tool of choice, processes such as logon and access policies can be tedious to configure and particularly so for SMBs with limited on-site IT expertise.

UserLock from IS Decisions simplifies these processes by providing real-time management of user logons for multiple session types, workstation access restrictions, session monitoring and detailed auditing. An important differentiator of UserLock is it complements AD and requires no modifications to its schema.

Another standout feature is UserLock’s ability to control concurrent user account logins – something AD and Group Policy are notoriously lacking in. The elderly LoginLimit tool was updated recently to support Windows 2012 R2 AD servers but is only capable of blocking all concurrent sessions.

Installation and deployment

UserLock requires a host running Windows Server 2008 upwards and for testing, we loaded it on a Windows Server 2016 system. The process took five minutes and was helped along by the copious online documentation.

For essential redundancy, UserLock can be installed on another host as a backup server which automatically takes over if the primary server fails. You can also install UserLock in a local standalone mode for protecting terminal servers.

First contact with UserLock’s well-designed management console fires up a wizard which helped us declare the lab’s AD server and set up a service account with administrative access to all protected computers. Next up is agent deployment which can be set to automatic or you can run it manually by selecting AD computers from the Agent Distribution pane.

Some preparatory work is required as Windows computers require the remote registry service and file and print sharing enabled. We also used MacBooks running macOS High Sierra and these needed SSH enabled from their local Sharing preferences panel.

We loaded the agents manually and found each task took around 20 seconds. Select any protected computer from the agent distribution pane and a drop-down menu offers options to restart, shutdown or wake them and run direct RDP sessions.

Close protection detail

UserLock starts auditing all sessions as soon as the agent is installed so you can move straight on to creating protected accounts. Connection rules and restrictions can be applied to AD user and administrator accounts, groups and OUs and you can create temporary time-limited accounts for guests and contractors.

Rules are extremely versatile as you can set the number of initial access points to control points of entry into the network. UserLock scores highly for its concurrent session rules as we could define the number of workstations a user can simultaneously logon to and apply restrictions to terminal, interactive, wireless/VPN and IIS sessions.

There’s more as you can restrict users to specific AD computers and IP address ranges, limit access with time periods, set session lengths and apply time quotas. Rules provide granular controls as they can be applied at AD group levels for general protection of large user bases and augmented with individual user rules which take precedence.

A valuable security feature that’ll stop password sharing in the workplace is the option to warn users if their account is being used to logon to another computer. If this occurs, they’ll receive a pop-up message showing the computer in use and advising them to contact their administrator who will also have received an email alert from UserLock.

User controls

During testing, we found UserLock worked seamlessly and unlike Group Policy, rules come into effect immediately after they have been applied. We set workstation concurrent session limits on multiple users and when they tried to logon to other computers and exceed their limits, they received a popup message warning them this was not permitted.

Users also received popup warnings the instant other employees tried to logon elsewhere with their credentials. Logon activity can be graded in severity where high risk alerts can be triggered when so many logins have been denied by UserLock or AD over a certain period.

UserLock administrators can interact with selected sessions by clicking on them in the console and logging users off, locking the workstations and resetting them. We particularly liked the blocking feature as we could instantly block a user and stop them reconnecting to any system while we investigated their activities.

Controlling wireless/VPN sessions requires a bit more work as NPS and RRAS agents must be deployed to servers hosting these services. Likewise with IIS sessions as UserLock’s ISAPI filter or HTTP module need to be installed on web servers.

This wasn’t a problem for our IIS servers as they appeared as separate entities in the agent distribution screen so the modules could be installed with one click. After manually enabling them locally, we could monitor all ISS sessions and manage access.

Web consoles and reporting

The UserLock console provides a real-time view of all the action with the main page showing pie charts of session, computer and agent activity. With IIS running on the UserLock host, we also installed its web console components and viewed activity remotely from a browser.

Some configuration tasks can’t be carried out from the web interface but we found the level of detail on activity was superior to the main console. Tablet and mobile versions are included and from our iPad, we viewed all session activity, saw historical session statistics and applied blocking actions to selected users.

Reporting is easily good enough to satisfy GDPR compliance and external auditors. From the main console, you have facilities for generating reports on any or all session types for select time periods, users and groups.

Detailed reports are available for logon and logoff activities, logons denied by AD and UserLock, failed logons and concurrent session history. They can be scheduled to run at regular intervals or triggered by an event and exported to a range of formats including PDF, XLS, CSV and HTML.

Conclusion

UserLock takes the strain out of administering AD user logon access and scores highly for its granular concurrent session controls. Unlike Group Policy, changes made in UserLock are propagated immediately and all logon controls are accessible from a single interface.

Agent deployment is a breeze and with a pricing structure based on maximum simultaneous user sessions, it’s affordable for SMBs and enterprises alike. Add in the extensive session auditing and reporting features and you have the perfect access security partner for Windows Active Directory environments.

The post IS Decisions UserLock Review – 5* appeared first on IT Security Guru.

A few years ago, Cisco began working with the best and brightest minds around the world to address this issue. This led to the creation of their security technology program, which included an open platform for collaboration called the Cisco Security Technology Alliance (CSTA).

Nozomi Networks has integrated its ICS security solution with the CSTA to deliver comprehensive operational visibility and cyber security across IT/OT networks.

Nozomi Networks Integrates with Cisco Security Policy Platform and Devices

The CSTA provides an environment for leading security solution providers like us to integrate with Cisco APIs and SDKs across the Cisco security portfolio.

Nozomi Networks kicked off membership in CSTA with security integration for Cisco’s Identity Services Engine (ISE).

The Identity Services Engine (ISE) is a security policy management platform that helps organizations manage users and devices on business networks. Sharing contextual usage data amongst IT systems and solutions makes it much easier to enforce policies for resource access, and more.

If you want to learn more click here

The post Integration with Cisco Technologies Delivers IT / ICS Security appeared first on IT Security Guru.

The following countries have passed legislation to combat the spread of fake news:

Qatar

As the first country to pass legislation criminalising the spread of fake news, Qatar’s 2014 cybercrime law provoked a great deal of controversy due to its broad language, which leaves ample room for interpretation. Under this law, it is illegal to spread false news that jeopardises the safety of the state, its general order, and its local or international peace. Offenders found guilty of circulating false information may face prison sentences and/or hefty fines. The law also places harsh sanctions on those found guilty of libel or slander.

The lack of clear criteria for fake news under Qatari law, as well as the prohibition of news that violates “any social values or principles,” presents considerable risks for individuals and businesses in Qatar. For example, in November 2015 a woman was found guilty of violating Qatari cybercrime law because she used insulting language in private messages to her landlord. In the absence of a clear standard for what constitutes such language, this law could similarly be used against firms doing business in Qatar if any of their employees happen to use insulting language over digital channels.

These laws have also been used against media organisations. In 2016, an assistant editor of a Doha newspaper was reportedly questioned by police and spent a night in jail after an individual convicted of child molestation demanded that the newspaper redact a story describing the crimes he had been accused of, on the grounds that such a story damaged his reputation. Although the assistant editor’s case was eventually dismissed, the arrest still illustrates the law’s ability to impact the operations of media outlets.

Malaysia

On April 2, the lower house of Malaysia’s parliament passed the controversial Anti-Fake News Act, a bill calling for fines of up to RM500,000 ($123,100 USD) or up to six years in prison for individuals found guilty of spreading “news, information, data and reports which is or are wholly or partly false.” The first person prosecuted under the law was a Danish citizen, who was fined RM10,000 ($2,460 USD) after accusing Malaysian police of responding slowly to the April 21 shooting of a Palestinian lecturer.

Since the legislation was passed shortly before Malaysia’s May elections following a corruption scandal involving then-incumbent prime minister Najib Razak, many a commentator framed the law as an attempt to shield Najib from negative publicity. Najib ultimately lost the election, and the Anti-Fake News Act was repealed on Aug. 16.

The passing and subsequent repeal of Malaysia’s short-lived Anti-Fake News Act demonstrates the potential for political volatility to affect the regulatory business climate. According to Reuters, the law applied to digital publications and social media, including offenders outside of Malaysia, if Malaysia or a Malaysian citizen were affected. As such, if it had achieved longevity, the law could have had serious implications for any international news outlet or social media platform with users in Malaysia.

Kenya

On May 16, Kenyan president Uhuru Kenyatta signed the Computer Misuse and Cybercrimes Act, intended to combat illegal online activity, including the spread of fake news. The law was criticised for the broad, ambiguous language used to define fake news, which leaves enough room for interpretation for the Kenyan government to prosecute dissenting journalism or online speech. Although Kenyatta has already signed the bill into law, it remains to be seen how the law will be implemented and whether it will stand up to legal challenges.

France

After heated debates, the French parliament passed a bill to combat fake news during the three months leading up to elections on July 3. The law requires social media platforms to allow users to flag stories they believe are false, notify authorities, and publicly disclose actions taken to address fake news. In addition, political candidates would be able to call upon a judge to rule on whether to take down a news story within 48 hours.

The law has been widely criticised for threatening free speech, causing confusion, and it’s unrealistic, 48-hour lead time for judges to verify contested news stories. Moreover, since the law concerns the spread of fake news rather than its production, it will affect a variety of social media websites and other digital platforms with users in France.

Egypt

On July 16, Egyptian parliament passed legislation that classifies social media users with more than 5,000 followers as media outlets, making them subject to prosecution if found guilty of spreading fake news or inciting readers to break the law. The bill fails to establish clear standards by which the veracity of reports could be judged, leading human-rights activists to express concern that the law was simply instated as a legal justification for ongoing efforts to suppress free speech.

The Egyptian bill has not yet been signed into law by President Abdel Fattah el-Sisi, but there are no indications that he opposes the measure, and he recently ratified other legislation tightening government control of online activity.

Russia

On July 22, the Russian parliament conducted its first of three votes on a bill that would hold social networks accountable for users’ circulation of false information on their platform. According to the legislation, websites with more than 100,000 visitors per day and a commenting function could be fined 50 million RUB ($800,000 USD) for not removing inaccurate content within 24 hours of its appearance. The law will also require social media companies operating in Russia to establish offices there, which could subject social media giants to increased surveillance from the Russian government.

Flashpoint analysts believe the bill is likely to pass without any serious hurdles, as Russian parliament has demonstrated a willingness to adopt laws governing social media content in the past.

Assessment

Laws intended to combat fake news introduce a variety of regulatory risk for businesses, especially in countries that adopt legislation broadly worded enough to hold online platforms accountable, not only for the content they publish, but also for the content shared or created by users. As such, companies operating media platforms or social networks with international user bases should monitor the global regulatory landscape for legislation that may present liabilities and adjust their operations accordingly.

The post Emergence of Global Legislation Against ‘Fake News’ May Present Regulatory Risks appeared first on IT Security Guru.

CREST was set up in 2006 in response to the need for more regulated professional services in the technical security sector. The non-profit organisation is now recognised globally as the preeminent accreditation and certification body for providers of penetration testing, cyber incident response, threat intelligence and security operations centre (“SOC”) services. CREST accreditation is a mandatory requirement for CBEST engagements commissioned under the framework of the Bank of England.

“Earning this elite accreditation exemplifies how Kroll is continuously enhancing the depth and breadth of our Cyber Risk offerings to help clients around the world achieve greater security and resiliency,” said Jason Smolanoff, Senior Managing Director and Global Cyber Risk Practice Leader for Kroll. “We are proud to be part of an influential community of organisations and professionals who are shaping cyber security best practices for a dynamically changing future.”

“Ultimately, it’s the knowledge, skills and relevant insight that the professional tester brings to the client’s environment that determines the value of penetration testing to an organisation,” said Andrew Beckett, Managing Director and EMEA Leader for Kroll’s Cyber Risk Practice. “Kroll works on hundreds of cases a year, including some of the most complex and highest profile matters in the world. This CREST accreditation underscores how our wide-ranging experience on the cyber security front lines, rigorous methodologies and threat intelligence-based technology all combine to deliver meaningful cyber risk assessments and, if necessary, pragmatic remedial solutions.”

“CREST is delighted to welcome Kroll as a member company,” said Ian Glover, president of CREST. “To become a CREST member, Kroll has been through a demanding assessment process that examined test methodologies, legal and regulatory requirements, data protection standards, logging and auditing, internal and external communications with stakeholders, as well as how test data security is maintained.  Awarding Kroll membership for its penetration testing services means that we are formally recognising that the company consistently delivers the highest professional security services standards to its customers.”

Associate Managing Director William Rimington, based in London, leads the global CREST program for Kroll. Rimington, a prominent authority in the area of penetration testing, has over 20 years of experience in technology architecture and testing, risk and cyber security. Prior to joining Kroll, Rimington led the Global Centre of Excellence for Ethical Hacking at a Big Four firm and was instrumental in the firm’s becoming a global member of CREST as well as a UK-approved provider of services for CBEST.

The post Kroll Earns Global CREST Accreditation for Penetration Testing Services appeared first on IT Security Guru.

We all consume services that often today carry the same fundamental weaknesses as they did ten years ago. Can an attacker steal your password today? Yes. Can an adversary take down your preferred social channel? More than likely.

Agreed that improvements have been made, security has been bolstered to attempt to make successful attacks that much more difficult, but let’s not forget the opposition, those hackers, hacktivists, state sponsored military led attackers have also matured in leaps and bounds. The progression on both sides almost equal each other out. Good against bad, right against wrong, it’s a stalemate position right now and there doesn’t seem to be an end in sight.

“So Nick, what are the options, what do you suggest?”. One thing is for sure, we cannot stop, we must collectively continue to invest in all areas of security, to improve on what we have today and protect against what we sense may be the attacks of tomorrow; to do anything else would be almost negligent. But what we really need is a change to break this cycle. The hamster wheel will always spin when there is a hamster running on it.

Can we rely on technology when technologies can always be broken, after all if a human put it together, a human can pull it apart. As an example, there are a lot of companies in the security world hedging their bets on Blockchain as a silver bullet to some of our security problems, with practical uses being debated in R&D labs. Fighting technology with technology – is that what we are doing?

However, I do believe that we are closer to solving some of the problems we face such as Phishing. Changes to how we manage ‘identity’ and ‘access’, getting rid of passwords where possible, that ball is already rolling and gathering speed. But that’s just one example and there are many others where the ball isn’t rolling, it’s as good as stuck.

Once again it all comes back to people, to be vigilant, to understand the risks, to remain informed, to be responsible, to identify when something isn’t quite right. And until there is a breakthrough in the fundamental way we technically protect, such as a re-engineering or security overlay to the Internet, new attacks will be born and gifted a name, which at first will require explanation until they are simply weaved into the fabric of our everyday lives.

The post Weaving the security thread into the business conversation appeared first on IT Security Guru.

The survey also found that communication within leadership roles regarding cybersecurity risks is also inconsistent:

• Only 8% of executives say that their CISO or equivalent performs above average in communicating the financial, workforce, reputational or personal consequences of cyber threats.
• Less than a quarter of executives say that their cyber resilience board briefings are “well above average”.
• Under 15% give their CISOs or equivalent a top rating from a scale of one to ten.

“It is no surprise that one of the main challenges companies face when implementing a cyber risk mitigation or resiliency plan is the communication gap between the board and the CISO,” says Anthony Dagostino, global head of cyber risk with Willis Towers Watson. “Cyber resiliency starts with the board because they understand risk and can help their organizations set the appropriate strategy to effectively mitigate that risk.  However, while CISOs are security specialists, most of them still struggle with adequately translating security threats into operational and financial impact to their organizations- which is what boards want to understand. To close this communication gap, CISOs need tools that can help them quantify and translate the vulnerabilities uncovered from their cybersecurity maturity assessments. These tools enable them to better communicate the risk to the board, seek adequate budget, and enable the board to provide meaningful guidance”.

According to the survey, the specialist-generalist dilemma is not only faced at the board level, as cyber requires specialist knowledge and skills along with enterprise-wide business, workforce and process capabilities. For example, as workforce vulnerabilities contribute to most cyber incidents, two-thirds of companies surveyed believe HR and Information Security partnership is key. When asked whom takes a lead role in developing employee-related cyber risk policies, 54% said HR leads with Information Security advising and 28% said Information Security leads with HR advising. “These findings are encouraging because they signal that more organizations are involving their HR function in addressing cyber risk. Still, organizations need greater collaboration between their CHROs and their CISOs to truly assess the organizational culture driving cyber risk in the first instance. The solution isn’t always more security awareness training. It could be a leadership or incentives and rewards issue, things that fall squarely within the function of the CHRO,” Dagostino added.

Some other key findings around leadership responsibilities for cyber include:

• 3 out of the 4 regions surveyed believe that the “board as a whole” should oversee cyber risk, while Europe believes it should be a dedicated cyber group.
• Only 30 percent of executives believe they have enough directors that understand  cyber risks and only 23 percent are actively recruiting directors who understand those risks.

In all regions except the UK, the heads of cyber-resilience report to the CEO. In the UK, most report to the board.

The post Uncertainty is widespread across companies over who takes the lead on cyber, says Willis Towers Watson appeared first on IT Security Guru.

According to the new Trends in Customer Trust report by Salesforce Research, 59% of customers believe their personal information is vulnerable to a security breach. Even worse, 54% don’t believe that companies have their best interests in mind.

Businesses are facing a crisis of customer trust — and this is a big problem — as trust is a key factor driving customer engagement and loyalty.

Making trust your number one value isn’t just the right thing to do; it’s also good business. Our study finds that 95% of customers are more likely to be loyal to a company they trust while 92% are more likely to purchase additional products and services from trusted businesses.

Furthermore, 93% of customers are more likely to recommend a company they trust. And given the prevalence and power of social media, online reviews, communities, brand advocates — and detractors — can now quickly influence thousands of customers and prospects with just a single post.

How do companies navigate this dynamic when experiences are increasingly driven by data?

Understand the Personalization Paradox

With customers becoming more sceptical of how their personal information is used, could it be that data-driven customer engagement dead? Hardly. Customers today want brand experiences tailored to their wants and needs. In fact, this expectation is higher today than ever before. Over half (53%) say they expect the offers they receive from businesses to be personalized.

But there’s a problem: 54% of customers say the marketing messages they receive aren’t as relevant as they would like them to be, suggesting that many companies may need to improve — not scale back — their personalization capabilities.

Part of this process involves showing a true understanding of customer needs at a deeper level, well beyond simply addressing customers by name in an email. For example, 84% say being treated like a person — not a number — is very important to winning their business. And with competition for the customer’s dollar intensifying each day, personalized customer experiences are among the biggest brand differentiators.

The question is: how can businesses meet these growing expectations when many customers don’t trust them with the information that allows them to create these experiences in the first place?

Cultivate Trust with Transparency

Without trust, customers are unlikely to disclose the kind of information businesses need to create more personalized experiences. Our research shows that transparency is crucial in this regard: 91% of customers say they’re more likely to trust companies with their personal information if those companies are transparent about how that data is being used.

It’s not enough for businesses to say “we value the security and privacy our customers’ data.” Businesses need to show how they are doing that and then let customers decide for themselves what information is appropriate to use and what’s not. It shouldn’t, therefore, come as a surprise that 92% of customers say they’re more likely to trust a business with their data when they’re given control over what information is collected and ultimately used.

Deliver Customers Value in Exchange for Data

Gaining customer trust is vital. Earning that trust, however, means businesses must deliver value. Otherwise, what incentive do customers really have for sharing their personal information?

Personalization is a big part of that value equation. Interestingly enough, it’s less important for certain age groups than others. For example, only 35% of baby boomers and traditionalists are comfortable with companies using information about them in exchange for personalized engagement — a figure that jumps to 64% for millennial and Generation Z customers.

Being educated on how that information will be used for their benefit also plays a crucial role in winning over customers. Seventy-eight percent of baby boomers and traditionalists (vs. 91% of millennials and Gen Zers) say they’re more likely to trust a company with their personal information if the company can clearly explain how having access to that information will provide a better overall customer experience.

Build Trust for the Future

Educating customers is particularly important when rolling out new technologies that power next-generation customer experiences. For example, companies must address the fact that 60% of customers say they are concerned about their information being compromised — or otherwise misused — by artificial intelligence (AI).

Clearly, strong data security, governance, and compliance measures are important for overcoming customer concerns. However, the onus is also on businesses to take the lead in educating customers about how they protect information, why they should be trusted with that information, and what value customers will receive in exchange for providing that information. Part of this involves clear explanations of the benefits of these data-driven technologies that enable them to deliver richer, more personalized customer experiences.

Of course, none of this is possible if customers don’t trust companies in the first place. Because in the new world of data-driven customer engagement, trust is everything

For more insights from Salesforce’s study, see our research brief, Trends in Customer Trust .

The post Managing the Customer Trust Crisis: New Research Insights appeared first on IT Security Guru.

Digital transactions have become more sophisticated, more secure, but one kind of digital transaction is lagging behind: online banking.

And cyber criminals are aware of this fact.

More than three quarters of companies (78%) were targets of payment fraud in 2017 – the highest percentage recorded since 2007.

According to the Payments Fraud and Control Survey Report carried out by JP Morgan Chase, a leading global financial services firm, 78% of companies were targets of payment fraud in 2017.

The report is based on a survey of corporate practitioners in all kinds of companies in the US and highlights the growing threat of financial cybercrime across the globe.

Since 2014, there has been an uptick in payment fraud activity, with a steep increase in 2015 – and with 78% of companies experiencing attempted or actual payment fraud in 2017, it marks the highest percentage since 2007.

Almost half of the survey respondents (45%) worry about cyber security

Almost half of the corporate practitioners surveyed (45%) are concerned about how cyberattacks could affect online banking operations or B2B payments. Not at all surprising.

In fact, this is the main reason that this type of platform isn’t growing as fast as could be expected.

More than three quarters of survey respondents (77%) are victims of Business Email Compromise (BEC) scams

Though we could talk about unjustified technophobia from these professionals, the truth is that most of them have certain grounds to be mistrustful. 77% of those surveyed have been victims of the notorious BEC scam or CEO fraud, an illegal practice where an employee with access to the company’s funds receives an email from a director, asking for an urgent transfer. This is a fraud, since the sender of the email is someone external to the company; but by the time the employee realizes, it’ll be too late. This practice is as illegal as it is successful. In fact, BEC scams became the most lucrative cybercrime of 2017.

Treasury and finance professionals need all the tools and information available to outsmart fraudsters

Those surveyed are in no doubt: while they would like to make greater use of online banking services and B2B platforms, they are concerned about the cybersecurity of their finances and of the payments carried out in this way.

The key: cybersecurity policies and solutions

Companies cannot remain idle with regards to this problem, nor simply hope that it will eventually sort itself out.  As such, financial institutions and online transaction platforms must guarantee potential customers the confidence they need to increase the adoption of their services.

To do this, they must bolster their companies’ corporate cybersecurity, especially in three main areas:

1. Strategy

Companies need to position corporate cybersecurity as one of their central strategic pillars. It’s not enough for IT security to be a necessary supplement: it must be integrated into the essential points of their business model.

1. Policy

Corporations must also establish cybersecurity policies. As well as affecting the technical operation of the company, these policies also need to reach the employees themselves, making sure they’re aware of how important it is to ensure that the company’s security is never compromised.

1. Solutions

Finally, every company, independent of its sector or even its size, must adopt and implement cybersecurity solutions to improve the reliability of its system. To do so, they may turn to external specialized cybersecurity companies that know how to establish security measures to stop all sorts of problems for occurring.

The fact is that these days, thanks to a collective effort, the average user now trusts online platforms for their financial transactions. So now the ball is in the companies’ court: they must protect user trust by providing secure, cyberattack-proof IT systems. Banks and financial institutions must be the first to ensure financial cybersecurity in all their operations.

The post Security risks curb the adoption of online banking appeared first on IT Security Guru.