andy brennan, Author at Dukebridge Partners

Security has always played a key role in DevOps, but it has now become so integrated in the DevOps process that many have started to refer to the whole development cycle as DevSecOps. Here, we look at why so much importance is now placed on the security part of the life cycle.

What is DevOps

A combination of the words ‘development’ and ‘operations’, DevOps refers to the method of software development which utilises a set of IT tools and automated practices which help businesses to achieve increased speed and improved outcomes in the delivery of apps and services.

Shortening the development life cycle for new software systems can improve a company’s internal processes and customer service, often giving them a competitive edge over other businesses in their industry.

Why has Sec been added?

The ‘Sec’ in DevSecOps stands for security. Ideally, any good development life cycle would have always included a security phase, but this was generally something which would have been carried out by a specific team towards the end of the development process.

However, this way of working has become outdated as development cycles have evolved. Where a project used to take months or even years, they are now generally required to be completed within days or weeks.

With that in mind, it is becoming necessary to integrate security throughout the development life cycle and share responsibility for ‘Sec’ from the start to avoid risks and unforeseen issues further down the line that can cause delays to the process, which, in turn, would be counterproductive to the purpose of DevOps speeding things up.

Many sector specialists now see the integration of security as so vital that changing the terminology from DevOps to DevSecOps serves as a reminder to coders of the need to develop new software with security in mind at all times.

What does good DevSecOps look like?

There are several factors which help make a successful DevSecOps strategy.

Training – providing security training for developers ensures that the whole development team understands the need and has the knowledge to implement security throughout the process, as this may not have been required of them in the past.

Partnering – inviting security teams to work with DevOps in the early stages of a project can help with planning for integrated security initiatives and automation. Information can be shared at the outset about known threats, such as potential malware.

Risk Analysis – defining the risk tolerance of a new piece of software and conducting a risk/benefit analysis can be a key part of any DevSecOps strategy. This should include identifying supply chain risks, including open source software components which may be needed in the initial stages of the development life cycle. While security risk budgets may be tight in the current economic climate, risk analysis can be an essential part of the processes and, therefore a worthwhile use of funds.

Automation – running manual security checks can be extremely time-consuming, so planning which tasks can be automated and implementing the automation of repeated security tasks can save time while keeping the project both secure and on track for timely delivery.

If you are looking for a team of tech, cyber security, risk, compliance or IT professionals for anything from a small short-term project to a large-scale scale long-term managed contract, get in touch with Dukebridge today and find out how our hybrid consulting services can quickly and effectively fulfil your staffing needs.

Dukebridge services:

We equip our clients to overcome the challenges of meeting business, operational and technology objectives by helping them build, scale and deploy skilled teams quickly and cost-effectively.

We achieve this by providing highly responsive programme/project resources skilled in analysis, project management and execution, whose effectiveness is sustained by our Service Delivery Function. This includes a centralised PMO function that helps achieve project/engagement success by embedding accountability and governance from day one.

It has long been a fear of the human race that we will all one day be replaced by robots, an idea fuelled by the science fiction genre with books and films like i-Robot, The Matrix and even The Stepford Wives.

Yet, while these stories are, of course, a fantasy version of a dystopian future, recently, with the launch of ChatGTP and other machine learning automation platforms, the fiction might look like it is becoming a reality as many in the tech sector are concerned that generative AI could replace their roles in the workplace and make many jobs obsolete.

What sort of roles could AI replace?

Automation is often thought of in terms of efficiency with robotic processes, until recently, mainly replacing low-skilled roles, such as in factory production lines, to increase speed and accuracy.

However, the difference with generative AI is that it can create and ‘think’ for itself, meaning that it has the potential not just to replace mundane and repetitive physical tasks, it can now also learn and innovate, allowing the possibility for machines to perform more sophisticated jobs which require decision-making and imagination. Understandably, some software developers and tech specialists worry that their expertise and creativity will no longer be needed.

As the tech industry continues to grow exponentially and technological solutions increasingly affect every aspect of modern life, so do the opportunities to employ generative AI software to improve user experiences and automate processes for increased productivity and idea generation.

Some of the key areas in which generative AI is most likely to be used include:

Coding – Generative AI can massively increase the speed of various coding tasks, such as translating one programme language to another. It can also automate code writing, rapidly learn new programme languages and how to use programming tools, and be employed to test new software to predict problems and find errors before programmes are released for general use or sale.
Automation – Machine learning can tackle a task by tapping into its historical data for context and then deciding on the most suitable course of action and predicted outcomes, all at lightening-speed. This allows for both hugely increased efficiency and hyper-personalisation way beyond human capabilities.
Risk Management – As generative AI can learn from past data input, it is likely to be able to predict and pre-empt security risks, including fraud and data breaches. The software should also be able to proactively improve compliance, identifying errors and implementing updates for new regulations.
Development – Advances in technology tend to lead to further technological advances, meaning that generative AI is likely to become increasingly important in creating new ideas and further improvements to all aspects of the tech sector. Generative AI is already being used for design, research, visual identity, copy generation and real-time personalisation, helping companies quickly improve their products, software and marketing to reach new customers and build better relationships with their existing clients.

So are we all out of a job?

In reality, it is improbable that generative AI will replace real workers anytime soon; instead, humans and robots will work together to improve outcomes and increase productivity.

Currently, generative AI is only as good as the data input it receives. It can only produce new ideas based on what it understands from this information, so it is technically incapable of creativity in the human sense.

Additionally, generative AI needs to be monitored and moderated as there is always a possibility that the algorithms could make decisions using incorrect or incomplete information, and the technology is also currently unable to effectively make ethical or strategic decisions. Therefore, human interaction is still necessary to ensure that output is accurate and useful.

Although generative AI may take away more formulaic and time-consuming tasks, it also creates new jobs in the sector. Predictions show that almost 100 million people will work in AI by 2025.

Some tech jobs expected to increase in demand include data detectives and data scientists, prompt engineers, robotics engineers, machine managers and programmers, especially Python coders, as Python plays a crucial role in AI development. In addition, those with the capability to train others in AI software and processes will be increasingly needed, along with those who can work in a maintenance capacity to ensure the smooth day-to-day running of AI programmes.

Furthermore, as robots are adapted and developed to interact with humans in an ever more complex, lifelike and timely fashion, other related fields which are set to thrive in an AI-assisted work environment include; modelling, computational intelligence, machine learning, psychology, linguistics and neuroscience.

Specific industries that look likely to increase hiring due to AI include healthcare. With billions already invested in autonomous vehicles, PWC predicts a surge in healthcare technician jobs and transportation.

So generative AI is nothing to worry about; robots will be a force for good in the workplace. Automation and artificial intelligence look set to be something we will all need to become accustomed to integrating into our daily working lives to help us increase productivity and innovation, and predictions show that rather than replacing us, they can help us and create new roles for humans too.

If you are looking for a team of tech, cyber security, risk, compliance or IT professionals for anything from a small short-term project to a large scale long-term managed contract, get in touch with Dukebridge today and find out how our hybrid consulting services can quickly and effectively fulfil your staffing needs.

Dukebridge services:

We equip our clients to overcome the challenges of meeting business, operational and technology objectives by helping them build, scale and deploy skilled teams quickly and cost-effectively.

The business world is feeling the pinch of the global recession, and as companies look for ways to save money, many are cutting security budgets to stabilise their bottom lines.

While streamlining budgets is necessary, the danger of reduced spending is that companies become vulnerable to providing a sub-standard service, shrinking their customer base and, perhaps most crucially, damaging their reputation and leaving themselves open to security risks.

A report last week found that only 49% of organisations currently have enough budget to meet their current cyber security needs. Yet, over 33% of IT and security professionals said that their budgets would remain static or be reduced over the coming year, which is an actual reduction as inflation continues pushing up prices for external services and equipment.

For organisations where risk, governance and controls spending is lower than it may have previously been, it is now vital for risk professionals to look at cost optimisation to ensure that companies remain protected from security risks through effective budget management.

What is cost optimisation?

Simply put, cost optimisation means using the funds available to achieve the most significant impact for the least money spent. However, this can be a tricky balancing act for chief information security officers (CISOs) as some budget line items are essential for compliance regulations, such as firewalls and anti-virus software.

Often, CISOs have a minimal amount of budget left with which to be creative, but anything they can optimise will help, and there are some recommended strategies to help achieve cost optimisation.

Cost optimisation strategies

In the first instance, it is advisable to have an audit of the current security situation concerning whether the fundamentals of security systems are up to scratch, as this can save money and reduce risk in the long term. If the right foundations are in place, an organisation will be better positioned to protect against a data breach or be resilient in the face of one and make a swifter and more effective recovery if the worst happens.

Dukebridge commented that clients are reporting a culture change where staff adopt a “work with your head up” mentality to try and prevent risks in advance. Investing in getting the basics right and ensuring that teams work together to make the best use of resources optimises budget and can reduce unnecessary spending further down the line.

As well as looking at the structure of systems, it is also worth shopping around for a good deal on the essentials. With increasing cyber security providers entering the market daily, some better deals may be found, freeing up some budget for other use. In addition, as part of the audit process, ensure that longstanding tools and services fit the purpose as risks evolve. No one wants to pay huge chunks of their security fund for a platform that only performs half the functions you might need as requirements change. Products are only worth the money if they sufficiently reduce the level of risk required. If a gap analysis shows that a service is not value for money, you can negotiate a better deal or seek an alternative, more cost-effective solution.

Equally, CISOs may want to review if systems align with the business’s risk tolerance. Spending a budget on complicated cyber security when the company might be comfortable with a slightly higher level of risk would be money wasted, which could be spent elsewhere.

Finally, prioritising risks is vital. Determine which technology must be paid for first to protect the business and then look for ways to save money in other areas, such as automating or outsourcing certain functions such as password reset. A Dukebridge client highlighted how this can apply in practice, saying they are “now investing in risk prioritisation mechanics, which will rank our exposure by how likely it is and how catastrophic the effect would be. By doing this, we are trying to make solutions for them in order of how they ‘rank’ against each other internally”.

Beware of false Economy

Having the right foundations and the most intelligent technology to match your organisation’s risk requirements can go a long way to optimising your budget. However, business leaders should be mindful of making sweeping cuts to workforces or salaries.

While cutting back on staff spending can seem like an excellent way to save money, the benefits can be short-lived and increase risk. Teams with reduced numbers are likely to have to take on a heavier workload meaning that mistakes can be more likely to occur, and therefore the risk of security issues increases. On top of this, professionals working at capacity, potentially with reduced or frozen salaries, are more likely to experience burnout and seek alternative employment. This can cause a retention headache, which can, in turn, increase risk through the loss of experienced talent and increase costs through the need to recruit new staff. This all goes against cost optimisation as it needs to make the ‘best’ use of the budget available as it only focuses on immediate cost-savings, not overall cost-efficiencies.

One way to overcome recruitment, retention and risk management issues when on a tight budget can be to utilise flexible service solutions – often also known as ‘Statement of Work (SoW)’ solutions, ‘hybrid recruitment’ or ‘resource augmentation’. When building and managing a small team with restricted funds, it is crucial to have the right talent with the total mix of skills and knowledge needed to manage the risks at hand. Finding suitable individuals with the right experience can be tricky and time-consuming, and this is where SoW consultancies can help.

These consultancies offer a pre-authorised bench of screened professionals ready to work. They can hit the ground running when they arrive, negating the need for a long-winded and repetitive recruitment process. SoW teams generally also work on a project basis, meaning there are options for interim employment, reducing the risk of taking on new permanent staff and making them redundant further down the line. All of this can save companies time and money, which can be essential to manage reducing budgets with limited resources successfully.

In addition to removing the hassle and cost of finding the right talent, most SoW consultancies offer the option to take on partial or complete financial, output and delivery risk associated with the projects they are working on, helping CISOs to reduce their risk further while also optimising costs.

Overall, managing security on a reduced budget will likely be a significant factor to impact organisations as we move through 2023, but with careful cost optimisation, risk professionals may be able to find a safe path through this rough economic patch.

Dukebridge services:

We equip our clients to overcome the challenges of meeting business, operational and technology objectives by helping them build, scale and deploy skilled teams quickly and cost-effectively.

As AI rapidly develops to carry out increasingly complex tasks, there is a common concern amongst many workers that technological advances could be accompanied by the possibility of automation replacing them in the workplace.

The latest in a long line of these tech innovations is generative AI. It certainly has ruffled some feathers in the marketing community, as this new artificial intelligence branch can generate original and creative ideas.

What is generative AI?

Generative AI is a subfield of artificial intelligence focusing on creating original content from scratch, including text, images and music. It is designed to use patterns and styles from existing data to generate brand-new concepts without external input aside from an initial prompt.

There are two types of generative AI; ‘supervised’, which is trained to generate content that matches specific goals or criteria, and ‘unsupervised’, which can create content without clear labels or objectives. So, it’s pretty clever stuff.

Several generative AI tools are available, including Jasper, Writesonic and the largest and best known, ChatGPT by OpenAI. These content-generators can create content and answer questions in natural-sounding, conversational language, which would be tricky to distinguish from a real human response or piece of copywriting.

OpenAI explains that their ChatGPT bot can even interact conversationally, with the ability to answer follow-up questions, admit its mistakes, challenge incorrect premises and reject inappropriate requests.

Are workers being replaced?

Looking at the abilities of generative tools, it is easy to see why marketers might be worried, as much marketing activity involves creating original copy, such as writing; adverts, website content, marketing emails, social media posts and even blogs.

Not only does generative AI create this content and tailor it to a target audience, but it can do it at a speed and scale which is just not achievable by humans, meaning it could have tremendous time and cost-saving benefits compared to employing a team of highly skilled communication specialists.

However, existing generative AI still needs to develop and is extremely unlikely to replace real creative professionals soon. Although tools like ChatGPT can create tailored content, which can be extremely useful, technically speaking, these bots are not capable of genuine creativity as they can only produce new ideas based on what they understand from existing information they received as data input.

This means the output may target a specific audience, but the content may be too generic to give a competitive edge or brand voice. Ultimately this can reduce engagement with customers who may have previously been interested in the content of a particular company because of the relationship they have developed through an authentic tone of voice which AI is still incapable of replicating.

Moreover, generative AI comes with a small risk of damaging a brand if it is not monitored and moderated. There is always the possibility that the algorithms could make decisions using inaccurate or incomplete information, which could create low-quality content. The technology is also currently unable to effectively make ethical or strategic decisions to align with company values and goals.

So generative AI has pros and cons. It can work at speed and scale, but it is only as good as the prompt and the information it knows, and the output needs to be quality checked for accuracy and effectiveness. It can be used for the more mundane and formulaic tasks, such as generating copy containing lots of keywords for SEO or writing product descriptions, and this could have an effect on the level of demand for some more junior roles, but it would seem that currently, the majority of creative professionals are not replaceable in the near future.

Embracing the Technology

As with all technological advances, AI will likely continue to play a broader role in the workplace as time goes on. Just last month, OpenAI launched an updated version of the tool, ChatGPT Plus – a subscription option for faster service. Microsoft simultaneously launched ChatGPT 3.5-powered Teams Premium, which offers enhanced features for improved user experience. According to recent sources, ChatGPT 4.0 may be just around the corner and is set to be ‘exponentially more powerful’, available as a mobile app and directly linked to search engines.

So rather than thinking about being edged out of the door, employees should consider how they can harness the power of generative AI and incorporate it into their role. For instance, although the output often needs moderating, the bots can be an excellent source of ideas generation for brainstorming or creating a first draft of content for editing by a real person, which can save time and offer innovation.

In addition, sector specialists who can write accurate and detailed briefs that can be used as prompts to create more precise output are also likely to be in demand. Those who embrace generative AI and learn how to utilise it best may find they have a competitive edge when landing a job and differentiating their brand and themselves from the pack.

Dukebridge services:

We equip our clients to overcome the challenges of meeting business, operational and technology objectives by helping them build, scale and deploy skilled teams quickly and cost-effectively.

As payments move ever closer to becoming almost exclusively electronic, payment card companies, retailers and legislators increasingly focus on customer security and data protection.

As discussed in our recent blogs on Open banking and Cyber security, electronic payments and data management come with many risks to businesses and their customers. New security measures, including PCI DSS 4.0 for card payments, are constantly introduced.

What is PCI DSS 4.0?

Set by the PCI SSC (Payment Card Industry Security Standards Council), PCI DSS is the global data security standard the payment card industry uses to protect the cardholder. It applies to any organisation that processes, stores or transmits cardholder information or private authentication data.

Essential compliance requirements of the Standard include; maintaining firewalls, anti-virus software and security policies, ensuring the use of unique IDs and passwords, applying encryption to transmitted cardholder data and restricting and tracking access to cardholder information.

Until recently, the sector had used a version of the Standard known as PCI DSS v. 3.2.1; this was seen as insufficient for the evolving security needs within the industry and will now be replaced with PCI DSS 4.0.

The new version of the Standard will place increased focus on risk analysis and governance and requires companies to be prepared to report continuously rather than annually, which is the current obligation. While this is good for customer security, it will pile further pressure on companies to remain compliant.

On the upside, however, as the new rules have been designed in conjunction with feedback from top global industry players, the changes will allow businesses more flexibility to report in ways which suit their targeted organisational needs and personal risk exposure.

When will the rules change?

The update was released on March 31 2022, so companies who want to comply with industry ‘best practice’ should already be implementing the changes.

However, the new rules will be optional and only partially replace the current Standard until March 31 2024, when 3.2.1 will be retired, with a handful of the new 4.0 requirements still being mandatory until March 31, 2025.

Organisations can ‘opt-in’ before the 2024 deadline, and those who do will have access to self-assessment questionnaires and other supporting documents once they are published in the coming months.

Should my organisation be preparing for the changes now?

The simple answer is yes. According to the National Law Review:

Implementing PCI DSS 4.0 will require structural changes that go beyond tweaking security controls. Businesses will also need to prepare for the increased legal risks of PCI DSS 4.0’s obligations.

They go on to say that:

PCI DSS 4.0 is an extensive change to the previous version of PCI DSS. The additional annual diligence requirements will take time and effort to establish.

The move to PCI DSS 4.0 will likely be time-consuming, and businesses will require the proper risk governance, compliance and legal teams in place to identify any current compliance gaps and successfully navigate the changes. Organisations are being advised to act now to allow time to recruit the right talent and to plan and implement new tailored processes to satisfy the updated rules.

Dukebridge services:

We equip our clients to overcome the challenges of meeting business, operational and technology objectives by helping them build, scale and deploy skilled teams quickly and cost-effectively.

Our lives are becoming increasingly integrated with smart technology. As we move away from computers being stand-alone devices and tech being embedded into everyday objects, the Internet of Things has developed rapidly.

What is the Internet of Things?

The Internet of Things (IoT) refers to physical objects containing sensors, software or other technologies to connect and exchange data with other devices and systems over the Internet. It is a way to make inert objects into smart hardware.

It is different from the Internet because it can create information about connected objects, analyse and share the data and make decisions based on the collected information.

Examples of the IoT in action can be seen in home automation, such as the operation of lights, heating and security cameras controlled by smartphones or voice-activated assistants like Alexa or Siri.

The IoT also has substantial industrial applications such as in; healthcare for remote monitoring of patients, transportation for traffic control, parking and vehicle management and even agriculture, where data can be collected for a range of environmental needs, including temperature, rainfall, humidity, wind speed, pest infestation, and soil content. It also has uses in the military, manufacturing and many other commercial sectors.

IoT technology is even being used in a humanitarian capacity, with a start-up business, Moeco, developing wireless trackers to monitor the safe transit of aid packages and other vital supplies to dangerous and hard-to-reach locations in war-torn Ukraine.

IoT benefits and challenges

The benefits of IoT are clear to see across all walks of life for both individuals and companies, offering cost and time savings through automation, enabling enhanced security possibilities and streamlining processes. Recent research shows that 83% of organisations report that they have significantly improved their efficiency by introducing IoT technology.

On the downside, there are concerns over cyber security, with reports from earlier this year of a new DNS bug which could be allowed on IoT devices. In a more general sense, too many businesses recognise privacy risks to exchanging and storing large amounts of data. They know that customers need to feel assured that their information is being managed safely and responsibly and that they have ownership of their personal information.

To combat security risks, there have been calls for global regulations for IoT, and in response, governments around the world are starting to introduce legislation around IoT security; however, in most cases, this is still in its infancy, and there is no joined up approach with different countries and regions implementing their own rules.
However, not all challenges are bad, and some create opportunities within the sector. It’s estimated that the number of active IoT devices will surpass 25.4 billion by 2030 and as the industry expands and developments are made, there is a constant need to update technology to enable devices to support more complex functions, find innovative ways to reduce power consumption and allow more significant numbers of ‘things’ to be connected.

The upside is that the tech job market looks very healthy. There are increasing opportunities on offer for tech professionals in roles such as; IoT developers, embedded system designers, infrastructure architects and IoT solutions engineers as businesses realise that they need more IoT specialists to support developments, often on a ‘statement of work’ project basis.

What the future holds for the IoT

It is predicted that IoT has the potential to generate $4-11 trillion in economic value, with up to 152,200 IoT devices connecting to the Internet every minute by 2025. With legislation gradually introduced around the globe to make it safer for users, the industry will continue to see substantial growth for a long time.

Dukebridge services:

We equip our clients to overcome the challenges of meeting business, operational and technology objectives by helping them build, scale and deploy skilled teams quickly and cost-effectively.

Data protection law has been the bane of many marketers and tech specialists’ working lives, from double opt-in to cookie consent.

However, as part of its Data Reform Bill, the UK government recently announced new proposals to streamline and simplify some data collection processes, including cookie collection, to reduce the need for cookie consent by replacing individual pop-up messages on every website with a ‘one-stop’ data-privacy setting which would apply at the browser level.

What are cookies?

Cookies are small text files sent by the website you’re visiting on your device and stored on your device’s web browser to track and collect data from your browser to send back to the website owner.

Since the implementation of GDPR in 2018, it has become law to ask for consent to collect this data. This is why internet users are now constantly served pop-up banners to accept cookies when visiting a website, which can feel more than a little annoying for many people.

Why do companies collect them?

Tracking website users allows businesses to understand more about their customers, such as which pages they visit on the website, how long they look at them, where in the world they are, what sort of device they are using and where visitors go after they leave the site.

This is extremely useful data for organisations. It can help them understand customer behaviour, tailor their site to create the best user experience, and inform their advertising strategy based on visitors’ views.

However, there are advantages for the user too. For starters, some websites won’t let you in unless you agree to cookie collection, but more importantly, companies can offer visitors a bespoke version of their website if they know more about them. Remembering that a user is interested in a particular topic or product means that when they return to the website again, they can be shown more of what they are interested in and less about other items or subjects. Storing cookies also allows websites to retain log-in information making it easier for visitors to access their online accounts and other restricted data when returning to a website.

What would the new rules mean?

The plans, released in June to coincide with London Tech Week, are mainly focussed on relieving the pressures put upon small and medium-sized businesses (SMEs) to comply with GDPR rules and, instead, concentrate efforts to clamp down on companies who hound people with nuisance calls.

The UK government summarises the bill as “increasing financial penalties for pestering people with nuisance calls and minimising the number of annoying cookie pop-ups people see on the internet.”

The proposals suggest scrapping what the government calls “red tape and pointless paperwork”, which businesses are currently required to complete under EU GDPR, as part of a plan to “transform the UK’s data laws for the digital age”.

This would include allowing cookies to be placed on a user’s device without explicit consent for a broader range of purposes, removing the need for websites to display pop-up cookie banners and moving to an opt-out model of cookie consent in the long term – except for content which is likely to be accessed by children which would remain more heavily protected.

It is estimated that the new rules could save businesses around £1bn over ten years, with the proposed changes also removing the requirement for SMEs to employ a data protection officer, allowing the ICO (Information Commissioner’s Office) to be more flexible about which data protection cases it investigates and widening access to data for public health services and research.

How have the proposals been received?

Perhaps unsurprisingly, there has been a mixed reaction to the proposals, with many in the marketing and tech industries welcoming the changes which would make their jobs easier.

However, privacy campaigners are less impressed with the potential new legislation. Concerns that data could be more likely to fall into the hands of hackers and expose users to increased identity theft or online fraud is a significant worry, with digital campaign organisation, The Open Rights Group commenting that “At a time when personal data can be leveraged to do all sorts of wrong things, depicting data protection as a burden is wrong, irresponsible and negligent”

In addition, the legalities of how the new rules would affect data transition between the UK and EU are being investigated. Tech UK, the trade association who have worked with the government on the proposals, also noted that there are still several questions about exactly how the alternative browser-level cookies would work, suggesting more consultation is needed.

So, it would appear that there is still a long way to go before GDPR rules are relaxed and pop-up cookie consent becomes a thing of the past but watch this space for updates.

Dukebridge services:

We equip our clients to overcome the challenges of meeting business, operational and technology objectives by helping them build, scale and deploy skilled teams quickly and cost-effectively.

How Biometrics are improving Banking

As technological advancements continue to develop, Biometrics is rapidly emerging as the identification method of choice for many banks in their secure authentication processes.

What is Biometrics

Biometrics identifies and authenticates individuals through their unique biological characteristics, such as fingerprint matching, face or voice recognition, or even vein patterns.

There are three recognised forms of authentication, something you know (e.g. a password), something you have (e.g. an ID card) and something you are (Biometrics). Of the three, Biometrics is considered the most reliable and difficult to replicate.

Why Biometrics

Fraud remains one of the biggest problems that financial institutions face in the modern world. Banks are constantly looking for the best way to reduce fraud, minimise economic loss and give their customers the fastest, most secure and most convenient banking experience possible.

Biometrics can offer security far superior to password protection as it can’t simply be guessed or stolen. This provides customers with peace of mind and can offer banks a more reliable KYC (know your customer) procedure.

In addition, biometric authentication can be more convenient for customers as it eliminates the need to remember information such as PINs or login details, making the process quicker and easier. Recent research by iProov showed that consumers in the USA, Canada, the UK, Italy, Spain and Australia all said that “speed and convenience were the two biggest plus points for using face or fingerprint ID for banking apps”.

Many banks are also using multi-factor authentication for added security, combining a biometric measurement with another piece of data, such as a time-sensitive OTP sent to your mobile phone.

Of course, banks need to get the balance right to avoid irritating customers with a lengthy or confusing process, especially during onboarding, to ensure that individuals don’t just give up and choose another provider.

How is Biometrics being used?

Voice recognition is becoming an increasingly popular way for banks to verify identity. It works by recording an individual’s unique and identifiable phonetic features and then matching that recording in real-time when authentication is needed.

HSBC UK adopted voice authentication in 2016, and the bank claims that the technology has prevented nearly £1 billion of fraud, with the rate of attempted fraud down by 50% year-over-year as of May 2021.

NatWest is also embracing Biometrics, using real-time facial recognition for new account openings. There has been a high demand for virtual account opening, especially during Covid, so having a method of onboarding new customers with a ‘selfie’ is a convenient and contact-free process for clients, as well as a deterrent for fraudsters with reports that NatWest has seen a decrease in the number of fraudulent applications as a result of implementing the biometric technology.

What are the risks?

While Biometrics can offer increased protection from criminal activity, that’s not to say that fraudsters aren’t trying to find ways around biometric checks. Using techniques such as ‘artefact attacks’, where a picture or video is presented to the camera or microphone to authenticate identity falsely, can bypass some systems.

Equally, there is a more general issue that, like any technology, Biometrics are not 100% reliable. It is possible to generate ‘false rejections’ in cases where automated systems fail to recognise a genuine customer due to a technical issue or physical change in biometric state, e.g. the individual has a cold and their voice sounds different or their fingerprints have faded as they have grown older.

The Future of Biometrics in Secure Transactions

Although there may be risks, it appears that Biometrics still emerges as the most reliable and secure way to identify customers. Therefore, its applications are only likely to continue to grow as time goes on.

Recent research conducted by Juniper predicts that Biometrics will be used to secure $2.5 trillion in mobile payment transactions by 2024, a nearly ten-fold increase over current transaction volumes and a Worldpay commissioned survey of 2019 showed that 62% of Generation Z respondents would be happy to ditch their payment cards and move to biometric identification at the point of sale.

Most recently, tech giant, Apple, has been granted a new US patent to incorporate Touch ID into the Apple TV remote control, allowing users to authenticate transactions, such as movie rentals through the Apple store with a fingerprint scan.

So, it looks like biometric identification is here to stay, and that should be a good thing for consumers and banks alike, speeding up processes, increasing security and streamlining transactions. Still, as technology develops, fraudsters will continue to look for ways to beat the system, and banks will have to remain vigilant for emerging techniques.

Dukebridge services:

We equip our clients to overcome the challenges of meeting business, operational and technology objectives by helping them build, scale and deploy skilled teams quickly and cost-effectively.

What is FRTB

Forming a significant part of Basel IV, the Fundamental Review of the Trading Book (FRTB), is a set of capital rules developed by the Basel Committee on Banking Supervision (BCBS), which will introduce international standards for banks and financial institutions on their trading activities to minimise market risk exposure.

The FRTB has been ten years in the making, with the BCBS initially launching the first consultation on the subject back in 2012 in response to the 2008 banking crisis. Unfortunately, like everything over the past two years, there have been delays due to the pandemic, but it now seems that implementation of the new rules will be sometime between 2023 and 2025.

The wide date range is attributed mainly to some jurisdictions being more prepared than others. Each region can interpret the rules to create their own set of local regulations that broadly follow the standards being introduced.

According to recent reports, only a few jurisdictions, including Hong Kong, look ready for the 2023 deadline, with Europe close behind, having already prepared their interpretation of the rules and provided guidelines to banks intending to launch in 2024.

However, in other areas, especially the US, there have been few official statements on rule interpretation with regulators yet to issue a formal FRTB proposal.

Purpose and impact

In basic terms, the main aim of the FRTB is to introduce a standardised means of supervision and risk assessment to allow banks to more accurately calculate their market risk and credit risk by drawing a clearer line between banking book and trading book activities. Currently, the classification of a position is determined by ‘trading intent’, but this has been said to offer too much scope for individual decision-making, which can cause issues when comparing portfolios, so the hope is that the new rules will make the process more precise.

The FRTB also focusses on introducing a regulated approach to calculating the Risk-Weighted Assets (RWA), i.e. the capital held by a bank to reduce the risk of insolvency, and also to replace Value at Risk (VaR) with a revised ‘Internal Model Method’ to calculate worst-case scenario losses. The new internal model method uses expected shortfall to enhance transparency and make more reliable comparisons between portfolios, which should be more dependable than VaR, which doesn’t account for extreme circumstances in its calculations.

The impact on banks is vast in terms of preparation as they will have to review many processes such as their trading/bank book boundaries, modelling approach and data sourcing. It could affect the entire infrastructure and business model that financial institutions operate on and may take many years to adapt to fully. This is undoubtedly one of the most significant changes to banking and financial regulation in history, but hopefully, the increased stability it will bring to the financial world will be worth all the effort.

Dukebridge services:

We equip our clients to overcome the challenges of meeting business, operational and technology objectives by helping them build, scale and deploy skilled teams quickly and cost-effectively.

As Artificial Intelligence (AI) advances, it increasingly impacts the business world. Every industry now uses some form of AI in their day-to-day operations, allowing for greater efficiency and reducing labour costs where jobs can be automated.

While many sectors suffered as a result of Covid, technological developments in the AI space have been accelerated by the pandemic, with lockdown resulting in the need for more AI applications in a range of business, health and education settings, with AI even playing a role in the development of vaccines.

According to a recent Forbes article, PwC predicts that by the mid-2030s, up to 30% of jobs could be automated, and CBS News reports machines could replace 40% of the world’s workers within 15 to 25 years.

Here we explore some of the emerging AI trends which could directly affect business for the rest of 2022 and beyond:

Chatbots – Popular with businesses and consumers alike, chatbots are AI systems that enable customer engagement via messaging, text, or speech. Although the AI required to understand and interpret conversations with users can be complex, several platforms are now available to help with sophisticated chatbot building. With this ease of creating chatbots, coupled with consumers’ demand for 24hr services and the normalcy of using messaging apps, the automation of online chat forums will likely increase. Chatbots don’t just provide advantages to customers; businesses can enjoy reduced operating costs in areas of customer service, marketing, payments and processing. It is predicted that by 2024, consumer retail spending via chatbots worldwide will reach $142 billion – up from just $2.8 billion in 2019, according to a recent report by Insider.
Fully Automated Driving – The technology needed for autonomous driving, i.e. driving without the need for any human interaction within the car or remotely, continues to develop, with heavy investment in the testing and refining of driverless cars by leading companies such as ARGO AI who, spent the last month of 2021 focussing on details such as how to ensure that autonomous vehicles can recognise cyclists. The applications of driverless vehicles are immense, including; deliveries, public transport and even military use. The advantages could be far-reaching, too, with autonomous cars having the potential to be safer and reduce congestion which in turn also reduces emissions.
Security & Surveillance – AI is increasingly being used in several forms of biometric authentication (link to McGregor Boyall biometrics blog from 14 Jan) for security and surveillance. This includes face recognition, voice identification, and video analysis. This technology reduces the need for human input, with AI being able to better distinguish between authentic and fake biometric information in real-time, helping businesses with everything from monitoring storage in retail or manufacturing to validating customers for online banking. More advanced ‘anti-spoofing’ technology is also currently in development, allowing companies even greater flexibility and accuracy for increased security.
Real-time video processing – This refers to instances when there is a need to process streamed video content in real-time. It is mainly associated with virtual conferencing such as Zoom and Microsoft Teams. Unsurprisingly, there has been a massive demand for effective software for real-time video editing, e.g. blurring and background removal or replacement. AI algorithms are constantly being designed and updated to provide solutions that can identify objects at fast processing speeds without compromising accuracy while ensuring that security and privacy are retained where needed.
Visual Inspection – Used across a range of industries, automated visual inspection has recently seen a surge in popularity as the technology has seen rapid improvements in accuracy and performance. Applications of AI inspection include:

Monitoring quality control and compliance in manufacturing
Detecting product defects on an assembly line
Identifying faults of mechanical and car body parts
Baggage screening and aircraft maintenance
Inspections of nuclear power stations
Temperature screening and anomaly detection in test results for healthcare

Low-Code & No-Code Platforms – One of the greatest barriers to employing AI technology for many companies is the cost, time and expertise needed to develop AI models from scratch. With new ‘No-code’ and ‘Low-Code’ solutions becoming more readily available, smaller organisations can now look to compete in the AI arena. No-code platforms are designed to have drag-and-drop functionality for ease of use and without the need for any coding, while Low-code platforms are suitable for more technical users and provide easy access to the code when needed to allow for more personalisation. Both of these out-of-the-box solutions help businesses to implement AI models quickly and at low cost without the need for a large team of highly qualified data scientists and therefore have the potential to accelerate the use of AI at an exponential rate.
Hybrid Tech Teams – As an alternative to No-code and Low-code options, companies who want to speed up the implementation of AI but don’t want to rely on out-of-the-box solutions may be considering hybrid recruitment, or Statement of Work (SoW) as it is sometimes known, which can supply businesses with tech solutions that allow them to hire a ready-made team of the best tech talent on a project basis. This ‘best of both worlds option can provide the highly qualified software developers and data scientists needed to build and implement a new bespoke AI system tailored to a company’s specific requirements, but at a lower cost and faster timescale than employing permanent tech professionals or training up existing staff. Once a new AI platform has been built, the tech can then be managed by existing staff at the company without the need to retain highly salaried software professionals.

If you are looking for a team of tech, cyber security, risk, compliance or IT professionals for anything from a small short-term project to a large-scale, long-term managed contract, get in touch with Dukebridge today and find out how our hybrid consulting services can quickly and effectively fulfil your staffing needs.

Dukebridge services:

We equip our clients to overcome the challenges of meeting business, operational and technology objectives by helping them build, scale and deploy skilled teams quickly and cost-effectively.

What is DevOps

Why has Sec been added?

What does good DevSecOps look like?

Dukebridge services:

What sort of roles could AI replace?

Some of the key areas in which generative AI is most likely to be used include:

So are we all out of a job?

Dukebridge services:

What is cost optimisation?

Cost optimisation strategies

Beware of false Economy

Dukebridge services:

What is generative AI?

Are workers being replaced?

Embracing the Technology

Dukebridge services:

What is PCI DSS 4.0?

When will the rules change?

Should my organisation be preparing for the changes now?

Dukebridge services:

What is the Internet of Things?

IoT benefits and challenges

What the future holds for the IoT

Dukebridge services:

What are cookies?

Why do companies collect them?

What would the new rules mean?

How have the proposals been received?

Dukebridge services:

How Biometrics are improving Banking

What is Biometrics

Why Biometrics

How is Biometrics being used?

What are the risks?

The Future of Biometrics in Secure Transactions

Dukebridge services:

What is FRTB

Purpose and impact

Dukebridge services:

Dukebridge services:

Get in touch today

Useful links

Information