This week, Emma Dunkley of the Financial Times published an amusingly titled yet insightful piece on the recent cyberattacks levelled at two major high street banks. Not to be misled by the lighthearted headline of the article, her account provided another chilling glimpse into the reality of what major banks and consumer organisations now face on almost a daily basis when it comes to protecting their data.
“The recent attacks on Lloyd’s Banking Group and Tesco Bank revealed the evolving techniques used by cybercriminals to expose financial institutions’ vulnerabilities”, she wrote, as she sought to explain the wider implications of what had happened. “The threat of cyber assaults is increasing. As banks roll out more digital services, and as more customers use technology to handle their money, cyber criminals have a greater number of entry points through which to access systems and customer data.”
On January 11th, Lloyds was hit by what is commonly known as a ‘denial of service’ attack, where hackers hijacked several of the bank’s servers and flooded their website with large amounts of traffic designed to cripple online services. Upon discovering that they could not gain access to online banking, many customers took to social media to vent their frustration, as Lloyds deployed a series of counter-measures designed to isolate the attacks and limit the damage caused.
Although large banks are typically targeted by denial of service attacks around once a month, the Lloyds incident was particularly severe – with this attack lasting far longer than the usual few hours.
“Denial of service attacks are happening 24/7 globally,” says Philip Halford, a senior adviser at financial services consultancy Bovill. “There are multiple perpetrators, often targeting the same trophy targets. They share the common objective to breach a control system sufficiently to allow or deny legitimate users access to it. The motivation can vary from criminal intent to mere bragging rights. The effect, however, can be crippling for organisations.”
Compared to the Tesco Bank fraud that took place in November last year, the Lloyds attack was relatively mild, with no customer data or money having been stolen. It is reported that the hackers behind the attack demanded a £75,000 bitcoin ransom, although it is unclear whether Lloyds bowed to this request.
Tesco Bank was not so lucky. Last year’s assault led to nearly £2.5m worth of payouts to 9000 customers who had money stolen by cyber criminals. This time, the data breach was facilitated by a weakness in one of Tesco’s mobile banking apps, which was exploited to access personal information connected to thousands of current and savings accounts. Thankfully Tesco Bank acted quickly to reimburse customers, but the incident still represents a significant and worrying reality of the risks posed by hackers.
What the attacks on Lloyds & Tesco Bank tell us about how online crime is evolving
Over the past twelve months, news of major cyberattacks has become increasingly commonplace – with 2016 seeing more sophisticated assaults than ever before.
Cyber crime is on the rise, with attackers developing increasingly sophisticated hacking techniques to break through organisations’ defences. It is one of the biggest risks to global banking, threatening to cripple lenders and defraud customers.
As the Financial Times rightfully put it, “the stakes are high”. When we consider the reputation of the UK banking sector amongst its customers, trust is a critical factor, and information security plays a huge role in this. Not only must banks consider their reputation in this matter, but also the potentially significant fines and sanctions imposed by financial regulators where institutions are seen to have failed in their obligation to protect customer information and assets.
Under the UK Data Protection Act, banks can currently be hit with a penalty of up to £500,000, but an EU directive that comes into force in May 2018 will mean companies can be fined up to 4 per cent of their global revenues for serious data breaches.
As we move into an increasingly tech-dependent world, banks and other organisations alike have an ongoing responsibility to stay ahead of the threats posed by cybercriminals – and as we so often hear, this isn’t just down to software.
Education also plays a huge part in cyber resilience, and equipping staff with the right knowledge can mitigate risk on a truly massive scale. We know that as much as 90% of all cyberattacks are mounted as a direct result of the unwitting action of a member of staff – whether that’s clicking on a phishing email, or falling foul of social engineering. Never before has it been so important to place cyber resilience at the top of your business agenda.
Interested in better understanding the implications of increased cybercrime for your business? Join our free webinar in partnership with AXELOS GBP and featuring Vicki Gavin of the Economist Group, as we explore the most effective ways to safeguard against cyberattacks. Join the webinar and explore more here.
For the full original FT article, click here.
How do you run L&D successfully across large organisations? Live from Learning Technologies Conference, Richard Owen, Product Manager at long-time Unicorn partners CII explains how they have trebled use of the Broker ASSESS platform in one year.
CII is the world’s largest professional body for insurance and financial planning.
Broker ASSESS is effectively a lot of content and an LMS that has 50,000 users. It is bought by companies who range from having 10,000 staff to one, and can be used by business owners to Head of Compliance, Director of Operations to HR and L&D, everyone.
About two-and-a-half years ago CII started on a journey to increase usage of the LMS.
Usage was really low (4%of all courses on system) and all the content was compliance. It was old and looked old. The challenge was to provide something that was about more than just exams.
CII asked customers why they weren’t using it and the main points were:
- time was challenge – these were people who were doing only one to four courses a year or touching the system once or twice every six months.
- content tended to be too generic – it didn’t suit everyone
- the way learning presented was just in a long alphabetical list – finding anything was just too hard.
- the reporting wasn’t telling the story it needed to so it wasn’t really usable for much.
How did they do it?
They had a plan and it started with sorting the content out. Everything was rewritten from scratch (500+ courses and many thousands of MCQS). It was a huge undertaking but it was the first base from which everything else could move forwards.
This involved getting their hands dirty; not simply employing a research company to do their market research for them but getting out to customers themselves and not just talking to the managers but the people who work for the managers too. First answers weren’t accepted either…
“People don’t want to offend you,” admitted Richard. “They’re saying it’s great and the best thing they’ve ever seen but I can see from their MI they’re lying and they never use it!”
Making the new content role specific was key too. If people think something isn’t relevant to them they gloss over it.
Now learners get a personalised experience. The first thing a learner sees is a diagnostic; they are asked approx 5-10 questions on a topic and exempted from learning if they get the questions right while if not it gets added to their basket.
The new reporting functionality also provides a real time view of knowledge across a business on a subject at any time. The CEO gets this on their desk at the start of each month so does Head of Compliance, which makes this data very powerful.
Through this there has been a distinct change in attitude to the traditional tick box approach. There is a mass of data for senior managers to digest and insights into what people in the business know. The key was for this information not to be used as a stick to beat people with rather understand what people do know and how they can improve.
The navigation and catalogues were fixed to become much more user friendly and all this was only possible by getting buy in from top.
One year in and usage has trebled and is still growing. Use of the new functionality has also increased significantly. CII has also improved the way it communicate about Broker ASSESS, and with more mechanisms still being rolled out on this front growth is expected to expand further still.
“Without having a supplier in Unicorn that was agile enough to adapt to our ideas we would’ve struggled,” Richard continued.
With the building blocks now in place CII are starting to look at integrating apps and gamification into the platform. Their first learning game is due to be launched next month.
To help businesses understand how the platform can support them, CII aren’t adverse to providing it on a trial basis and frequently find that it’s now very quickly embedded into that business.
But Richard revealed the champagne cork popping didn’t last long. He added: “Once you’ve arrived at your destination, don’t think you’ve done it and it’s finished as you’re already behind and it’s out of date. It becomes a constant maintenance process then to keep achieving the desired outcomes so don’t spend time too long celebrating it!”
Simon Mercer, Unicorn ComplianceServe Product Manager, and Julia Kirkland, Partner at FSTP, presented a recap on what’s happened so far, looked ahead to what are going to be the hot regulatory topics over the next 12-18 months and answered the biggest question of all, how on Earth are we going to do all this?? Julia even sang a little bit. It was beautiful.
Anyway here are the top five takeaways on compliance training and where we go next…
The Senior Managers Regime and accountability will remain firmly on agenda – last week the FCA fed back on the first tranche of it accountability regulation, which took effect in March, stating that many firms have misunderstood the guidance. In a nutshell, the screw is going to keep turning. With 55,000 more firms due to come under SMR by 2018, Julia’s key message to anyone still grappling with the challenges of SMR was do not put it in compliance or HR! It has to be championed by a Senior Manager and driven from the top down. The good news is the FCA is suggesting there won’t be a ‘big bang’ on the next tranche of SMR and Certification implementation, but as we’ve seen from the first phase a year’s gap is nothing in these terms. Which brings us neatly to…
How are you bench marking people ahead of the Certification Regime? – firms who have already had to adhere to SMR regulation only have until next February – that’s five months – to put a robust certification process in place. In a quick show of hands amongst the delegates in the room, only one firm who had moved over SMR had already got their certification regime running. Under certification you are asking people who weren’t previously approved persons to take on more responsibility, knowledge etc, so how are you benchmarking these people? What competencies and/or qualifications are you using as a baseline? What are the KPIs and the core competencies required for a role? How are you going to issue that individual with a certificate? And remember the Senior Manager has the ultimate responsibility for saying they’ve signed that person off. It’s a big deal.
What’s hot in 2017 and what’s relevant to you – Julia outlined how she and her FSTP colleagues had trawled through the FCA’s annual risk documentation and picked out what they believe to be the 12 biggest areas of interest over the next 12 months. She did threaten to rap at this juncture also…regardless this is the list.
- Conduct risk
- MiFID II
- Transaction reporting
- Certification Regime
- Business strategy and stress testing
BUT (and note the capital letters), even though some will be more relevant to certain businesses than others, the majority are interdependent on each other. They cannot be taken in isolation.
Modernising your learning approach – in the past we have dealt primarily with compliance departments, but this is changing. Within the L&D community learning is being modernised to move from push to pull learning and getting to point where learners have access to resources and tools to pull as well as utilise what’s pushed to them. This includes introducing more elements of microlearning, in bite-sized chunks that is much more informal and on demand in line with the 70: 20: 10 approach to learning. Unicorn’s eCreator authoring tool, built into ComplianceServe, has got a really significant role to play in this. In fact, by Christmas all existing ComplianceServe content will have been re-developed in eCreator, with the smaller chunks of micro learning, to follow. The benefit? By downloading the SkillsServe app learning can take place offline to sync when back online.
There is a brand new generic T&C system now built in to ComplianceServe – we’ve been building and integrating custom T&C systems and functions for clients for a long time but now there’s a generic version for smaller organisations to make use of. This includes:
- T&C Guidance – regulation is only going way way, there will be an ever greater need to evidence competency. Guidance is all about what does T&C mean for an organisation, how do you create a T&C scheme in the first place, what things need do you need to set up a T&C system in ComplianceServe
- Pre-defined forms and workflows
- Offline forms – there is too much to do online for some things. Can be completed, scanned and attached as part of site.
- Pre-built pathways – for e.g. monthly one-to-ones, quarterly action plan and final sign off, can be assigned to both regulated and non-regulated staff (couple of forms different)
In this month’s T-C News, we ask four months into the new accountability regime for banks, how did the industry handle its arrival and what’s next?
The article addresses:
- how adjusting to the new accountability regime has been
- what challenges have arisen, things that needed extra attention and how they were dealt with
- preparing for the Certification Regime and training for the Conduct Rules ahead of the March 2017 deadline
- how the Senior Manager and Certification regimes have helped streamline policies and processes, especially around T&C.
“ As far as evidencing competency is concerned, CPD alone doesn’t cut it.” – Philippa Grocott, Partner, FSTP.
Just last week we brought you news of a second high-profile cyber-attack on a major UK bank. With the Financial Services sector still reeling from the $81 million cyber heist involving Bank Bangladesh earlier this year, the second attack highlighted the growing need for increased cyber security across the industry.
With news that the Bank of England recently issued a request to all UK banks to redouble their security efforts when it came to all computers connected to the SWIFT messaging network, it’s obvious that cyber-crime is a very real threat to institutions across the board. “What we’re seeing is the very clear need for businesses to realise the potential cost of not only software security, but also cyber awareness among staff”, says Unicorn Training’s own Alex Prodromou. “With the increased sophistication of cyber-crime, more often than not hackers are able to access and wreak havoc across an organisation, simply because of the unwitting action of a member of staff who may have clicked on a phishing link, or opened an unsecured attachment.”
“Contrary to what we often read in the news, this isn’t anything to do with stupidity or negligence”, he continues; “but rather that organisations don’t always see the value in adopting a bottom-up approach, and educating staff about the potential threat posed by cyber-criminals.”
Indeed, the Bank of England’s alleged warning to the UK banks it regulates constitutes the first of its kind – and is the first time in history that a bank in a major economy has issued an alert of this kind.
It should be noted that The bank of England – one of the central G10 banks responsible for co-overseeing Brussels-based SWIFT – had no comment. However, it is undeniable that the Bangladesh theft has sent shockwaves through the established money transfer service for both commercial and central banks across the globe.
One thing is for sure – cyber resilience remains one hot topic for the industry, and institutions of all sizes ought to be taking concrete steps to safeguard their interests. Talk to us today about RESILIA, powered by AXELOS, and learn how Unicorn can help safeguard your business against cyber-crime.
With Gen Y set to dominate the UK’s working population by 2020, finding a connection with this tech-savvy demographic will be crucial to achieving successful and enduring T&C and compliance outcomes. Peter Phillips, Unicorn CEO, asks could serious games provide an answer in the latest T-C News
Games and gamification aren’t going away. Games and T&C though? Where and how does that fit?
Hold the scepticism for a second and consider this one fact – by 2018, just two years away, over half the UK working population will be part of Generation Y, the collective, also known as ‘Millennials’ and categorised as being born between 1980 and the early 1990s.
To what extent you think games are relevant to T&C and compliance will probably depend on whether your approach to these is more ‘tick box’ in style, or sit as part of a wider, essential culture of changing and reinforcing behaviours and standards.
Behaviour, ethics, expertise, knowledge are all deep-rooted cultural elements in reputable firms. As far as Gen Y is concerned there is significant evidence that games and gamification can have substantial benefits in embedding behaviours.
Check out this showreel from our official games partners, Amuzo
They were amongst a number of big hitters who had crossed the pond for Learning Technologies 2016, and eminent speakers Cathy Moore and David Guralnick took time out to chat to us about connecting learners to learning, something that sounds obvious on paper but is much more challenging to do in practice.
Cathy discusses giving learners “respect” and not bombarding them with information, rather giving them choice in their learning and throwing them in at the deep end.
“Give the learner a challenge, and within it links to optional information, so they can look at the information for extra help if they want, they can also plunge in and sink or swim if they want. I’d like to see that understanding of how adults work be transferred into learning and development so we realise we don’t have to carefully feed them every little bit of information.”
David talks about using stories in online learning and how, although there’s been change in corporate training during his 25 years in the industry, there’s been much “read and take a test” stagnation, which is only changing now.
“We want things people care about and can apply on the job. We’re seeing JIT performance support take off; sometimes you don’t need a course, sometimes you just want to look something up or have an app that will help you make a decision right then but isn’t something you need to know.”
Just when we had calmed down from discovering our SkillsServe learning and performance platform has been ranked as the World’s top LMS for financial services for the second year running, it was confirmed SkillsServe has also gone up a place in the 2016 rankings to FOURTH overall!
As he unveiled his prestigious, annual Top 50 LMSs Report 2016 last week, leading global eLearning analyst and consultant, Craig Weiss, said of SkillsServe: “Congrats to Unicorn Training #4 LMS 4 2016 – who knew a LMS geared towards Financial Services could be so modern & robust? Wait, you just did!”
Last year SkillsServe made the top five for the first time ever, but the same dedication to evolving the platform over the past 18 months, which saw it consolidate its position as the top platform for financial services, has also kept it ahead of the pack in the overall field too.
Over the past year Unicorn has launched its SkillsServe App, introduced powerful diagnostic tools, made major improvements to the platform design, including visual reporting, brand new catalogue and content management, activity ratings and feedback, and is rolling out multiple languages.
Peter Phillips, Unicorn CEO, said: “We had hoped to see the work that has gone into maintaining SkillsServe’s position as the top LMS for financial services would be reflected in the overall findings too so we are obviously absolutely delighted to have seen SkillsServe move up another position to fourth overall.
“Learning Technologies 2016 last week reminded us just how much competition is out there, with more and more companies looking to capitalise on the rapid hand-in-hand growth of technology in education.
“But longevity, experience and trust are things that can’t be built overnight and we will not be resting on our laurels as we look to maintain our position at the forefront of LMS innovation and development over the next 12 months and beyond.”
At over 500 pgs, with 40+ carefully considered LMS profiles, featuring exclusive details and data, annual sales and Y2Y growth, plus lots, lots more, Weiss’ Top 50 LMS Report is considered the best authoritative and independent guide for global LMS vendors. Weiss himself was again recently voted the most influential person in the corporate eLearning sector.
The date – 7 March 2016 – is etched in the minds of those working for FCA-regulated firms who are now staring the rules and regulations of the new Accountability Regime straight in the face. But with two months to go, it isn’t too late to ensure your business and staff are competent and compliant in the all-seeing eyes of the regulators.
“Everybody knows the FCA’s bite has matched its bark so far, therefore as the new regulation around accountability comes into effect, being able to show the clear lines of reporting, roles and responsibilities, and producing evidence of competency within the wider context of compliance with the Accountability Regime is critical.”
That is the view of Mark Jones, Unicorn Training Commercial Director, writing in a recent edition of T-C News magazine.
The Senior Managers Regime and Certification Regime for banks, building societies, credit unions and PRA-designated investment firms are designed to encourage individuals to take greater responsibility for their actions, and for firms to take full responsibility for their staff’s fitness and propriety.
Both regimes will be underpinned by new Conduct Rules, setting out the required standards of behaviour. It’s never been more important to ensure you have the correct systems, training and controls in place so every relevant staff member conforms to the requirements. Staff must be competent to undertake their roles and understand their individual responsibilities.
Mark adds: “You could argue we are starting to see more of a crossover between the traditional roles of risk and compliance teams and those in training and competence, as whereas compliance is where the focus around conduct and behavioral and cultural change has been centred over the past few years now robust T&C practices are extrinsically tied in with that.
“The Accountability Regime leaves no hiding place in the FCA’s aims of raising standards and restoring public trust and confidence in the regulated sectors. But the by-product is firms, almost by default, will have to adopt much more commonsense, transparent people management practices.”
To help you meet these regulatory challenges, we have been busy developing a number of new eLearning modules in partnership with FSTP to add to our ComplianceServe library. And to help you get started, here are the first of some short introductory videos we’ve produced to get you on the right path 🙂 More will be coming soon so keep your eye out!
And if you would like to chat about any of this face-to-face you can come to see us on Stand P14 at the Learning Technologies 2016 conference and exhibition at Olympia on Wednesday 3 and Thursday 4 February.
Introduction To The New Banking Regime (click image to play)
The Certification Regime (click image to play)
Introduction to ComplianceServe
Unicorn Training CEO and founder, Peter Phillips, has been ranked in the Top 10 of the UK’s most influential people in corporate eLearning for the first time.
Now in its seventh year, the latest annual lists of the ‘Top 10’ most influential people in the corporate eLearning sector – in the World, North America, Europe, the UK and Asia-Pacific – sees Peter ranked at number 8, and one of four debutants, in the 2016 UK rankings.