Categories
Insights

Three ways Super Funds can drive customer engagement and strengthen governance practices


The Australian super industry is undergoing a period of unprecedented disruption as technology reshapes customer expectations and drives funds to redefine offerings and delivery capabilities.

Customer expectations are rising, forcing organisations – regardless of size or sector – to become increasingly customer centric and digitally enabled to not only gain competitive advantage, but even just to compete and survive.

Super is no different. A shift is occurring. What members consider the ‘norm’ has changed. They expect a tailored customer experience, not just to be shown their portfolio. They expect to be provided with transparent value and benefits, personalised recommendations and insights. They want great service, competitive returns and an understanding of what you, the super provider, is doing for them personally.

Coupled with this heightened expectation is a loss of consumer trust in Super funds. This industry and regulatory shift is forcing funds down the expensive path of restructuring organisational values and having to adhere to strict regulatory compliance which has been amplified by political and public scrutiny.

As the power shift to consumer increases, funds have been witnessing an increase in customers exercising their choice to leave in search of better alternatives. This trend is causing a flow on effect of voluntary and involuntary consolidation and mergers of funds.

As funds re-establish standards, technology can be leveraged to help drive customer engagement and strengthen governance practice through the following:

1) Data virtualisation platforms – a single source of truth for all your data:

Many funds run administration services across multiple disconnected systems with little to no integration. Most of these systems are slow, expensive to integrate and require a high level of manual processing that can result in technical debt costing time and money to maintain.

Having to rely on a range of disparate systems usually means there is limited capacity to effectively map out client behaviours and interactions across all channels, as data sets are isolated. This results in an incomplete customer profile that does not consider all aspects of a customer’s financial history and behaviour.

Funds also often lack the ability to accurately curate structured data and unstructured data (emails, texts, letters etc.) collected from customer journeys. Consequently, they are unable to comprehensively understand each customer’s experience and by extension how to best serve each customer.

Data virtualisation is a technology data management solution that allows an application to retrieve and integrate data from across an entire organisation regardless of where it is located and present it in a single place. Governance, control, data lineage and security can be managed and even enhanced using data virtulisation, over other data consolidation techniques. This allows customer and business insights to be gained quickly and often more cost effectively than building data warehouses and data lakes. Modern financial services challenges require solutions that facilitate a faster and cheaper time to insights, whilst managing governance requirements. Data virtulisation is one way funds and companies can meet the challenge.

2) Artificial Intelligence (AI) models for improved member engagement and customer experience:

Adopting AI offers a viable solution to member engagement by enabling funds to connect with clients via AI generated insights. Unprecedented amounts of data can be analysed to find patterns, trends and inflections to determine exactly when and how customer’s needs have changed.

Once established, AI algorithms can engage customers in automated interactions that previously wouldn’t have been cost effective, including customer queries and conflict resolution. Super is often perceived by customers as complex as they struggle to understand the benefits and the value the fund is providing. AI and automation has made first class customer service cost-effective, scalable and achievable for the super industry.

3) AI powered regulatory risk & compliance frameworks:

Compliance, risk and audit have traditionally been reliant on rule-based processes to assess and prevent compliance breaches. In addition, these systems often rely on data from a single platform for each risk assessment. However, without a holistic, enterprise view of the enterprise it is difficult for a fund to truly assess enterprise compliance and manage its whole-of-company risks.

AI paired with a data virtualisation platform can be used to build and train models to have secured views on all enterprise data. Data sources for each model can be tracked and managed for traceability, bias reduction and stop non-compliance from the source, through to model development and production. This combination provides lineage from source data to AI model to the final AI-powered decision; a vital component in good financial service governance.

Proactive risk management, governance and compliance tools and frameworks can anticipate, detect and manage AI-backed risk assessments and analytics – allowing funds to respond faster to threats and be nimble in responding to changing regulatory compliance demands.


Mark Hannon

Head of Sales

Categories
Insights

Four ways to protect your investment in IoT from cybersecurity threats

Four ways to protect your investment in IoT from cybersecurity threats


IT professionals are used to thinking about how to protect our information technology assets. Data loss, data theft, exposure, identity theft and ransom attacks are the menu du jour. As we move towards Industry 4.0 internet of things (IoT) is connecting operational technology (OT) to the network at breakneck speeds, raising the stakes for cyber-attacks to the levels of tales we see in dystopian fiction.

We have seen nation-state attacks against nuclear power plants (India, November 2019), as well as widespread attacks on IP connected surveillance cameras. Just today it was announced that  a major cyber security attack has been identified by the Australian government. However, threats like ransomware take on a new form: consider a farm with hundreds or thousands of IoT sensors being held ransom under the treat that their crop may be flooded just before harvest, sending them into financial ruin. 

Recent attacks have highlighted just how vulnerable Australian government and business are to malicious cyber attack.

OT security is no longer speculative; this week we have seen exposure of attack surfaces in the networking stacks of embedded devices. Nineteen vulnerabilities were discovered in the Treck TCP/IP library commonly in use in IoT devices, four of which are considered critical. Physical security used to be the primary concern for OT managers, but now we must consider a broader landscape. 

Physical security used to be the primary concern for OT managers, but now we must consider a broader landscape. 

How do OT cyber-attacks work? 

In addition to securing the back-office systems the devices talk to, OT security professionals now need to look at the devices themselves. The attack vectors can be broken into four key areas of concern. 

1) Device firmware: This is the software running the device and comprises the base operating system on the device and the application sitting on top of this. Both elements will make use of code which is either subject to unintentional vulnerability via defect, or introduction of malicious artefacts through open-source libraries in use. 

2) Device hardware: There are common protocols in use to communicate between the hardware elements of IoT devices which can be the subject of attack. The very common I2C and one-wire protocols connect sensors and actuators to a device and are prone to being sniffed if physical access is available. 

3) Device APIs: IoT devices are useless unless they are connected to a back end, and these interfaces or application program interfaces (APIs) are often vulnerable to attack. The same attack tools used to attack web servers can be used to attack IoT devices; most common weaknesses exploited are default usernames/passwords, weak passwords, and hard-coded passwords, but buffer overrun attacks are also a concern for the transport protocols in use (HTTPS in most instances) where the attacker uses carefully constructed URLs to attempt to break into the API. 

4) Radio networks: Wireless communications are a dream come true for an attacker, removing the need for physical access to carry out an attack. Open discovery protocols or weak network configuration can leave devices open to man-in-the-middle attacks which potentially expose user or API credentials,  allow actors to extract, inject or otherwise change device data or allow actors to alter the state of actuators by replaying or inserting commands on the device interface. 


“Physical security used to be the primary concern for OT managers, but now we must consider a broader landscape.”


So, What can you do?

We have found that there are four components to an effective protection strategy for IoT assets. 

1) URL filtering: This is the practice of recognising URLs that are known sources or destinations for cyber-attacks. In the case of IoT it is particularly important to manage this access to prevent BotNet attacks which can generate significant amounts of traffic or computational load. 

2) Behavioural assurance: IoT devices are typically low power, low data bandwidth devices so many will fit into one of a few behavioural patterns. Once a pattern is selected for a device, we watch traffic for patterns outside this behavioural definition. For example, a period of high data utilisation when the device has been classed as low bandwidth, or traffic generation during a period when the device should be dormant. 

3) Behavioural profiling: Patterns of behaviour can be established quickly for IoT devices. Artificial intelligence (AI) algorithms can be trained early in a device life cycle to understand the expected behavioural profile of a device, observing low traffic under normal circumstances, occasional high traffic due to an event, and seeing traffic to several legitimate destinations. Once established, the AI can continue to scan the traffic, watching for changes in this behavioural profile to understand when an attack is imminent, or under way. 

4) Global threat profiling: If you have access to enough devices, AI algorithms can begin to learn the patterns of the threat actors as well. This can be applied to the entire population of devices under protection, meaning that new threats can be identified and acted on more rapidly than would be otherwise possible. 

Choose the right protection and integrator  

Unico have extensive experience delivering tailored solutions that meet the specific needs of our customers. Alongside Allot, one of our strategic partners, we have a product that provides four comprehensive modes of protection for your IoT infrastructure: 

  • URL filtering 
  • Behavioural assurance 
  • Behavioural profiling 
  • Global threat profiling 

If you would like to find out more about protecting your business or your customers business please get in contact as I would be happy to show you how the Allot IoTSecure Service can provide affordable, multi-tenanted IoT protection solutions ready to ship to your customers out of the box. 


Andrew Davison

Technology and Innovation Evangelist