Study says fintech startups vulnerable to web or mobile app attacks

Financial technology startups like to boast that they are more nimble than their counterparts in the traditional banking world. But if a test of their websites and mobile apps by a cybersecurity vendor is accurate, the startups aren’t necessarily better at protecting their applications. The study released this week by ImmuniWeb is a follow-up to an identical one released last month that tested the websites and mobile apps of the world’s biggest financial institutions against the free version of the vendor’s tools. The tests scored external web applications, APIs and mobile apps for SSL security, website security, mobile app security and phishing of 100 fintech startups around the world. A server starts with a score of 100, and then points were deducted for problems — for example, for not complying with PCI, HIPAA or NIST guidelines. Other experts and vendors might have scored or measured sites and applications differently, resulting in different rankings. Among the ImmuniWeb findings: All of the companies had security, privacy and compliance issues related to abandoned or forgotten web applications, APIs and subdomains Eight main websites and 64 subdomains of the companies had at least one publicly disclosed and exploitable security vulnerability of a medium or high-risk The most popular website vulnerabilities were XSS (Cross-Site Scripting, as described by the Online Web Application Security Project (OWASP) A7), Sensitive Data Exposure (OWASP A3) and Security Misconfiguration (OWASP A6) The oldest unpatched security vulnerability was CVE-2012-6708 impacting jQuery 1.7.2 being publicly known since 2012 All of the mobile applications tested contained at least one security vulnerability of a medium risk, 97 per cent had at least two medium or high-risk vulnerabilities 56 per cent of mobile app backends (REST/SOAP APIs) have serious misconfigurations or privacy issues related to SSL/TLS configuration and insufficient web server security hardening In addition, 62 per cent of the companies failed the Payment Card Industry DSS compliance test even for their main website, while 64 per cent of the companies failed ImmuniWeb’s test for compliance with rules for the European Union General Data Protection Regulation (GDPR) on their main website. By ImmuniWeb’s scoring, banks were better than fintechs in only three out of 17 categories. However, that may not be saying much. For example, only nine per cent of the main websites of fintechs had the highest “A+” grades, compared to four per cent of banks tested. “At first glance, the fintech industry is doing comparatively better,” noted ImmuniWeb CEO Ilya Kolochenko. “However, if we correlate the quantity and complexity of managed IT systems per organization, the conclusion may unequivocally differ in a favour of the banks. Nonetheless, the numbers from the research positively emphasize a decent level of cybersecurity amid the fintech companies, evidencing commitment and care. “The research emphasizes spiraling cybersecurity challenges faced both by dynamic fintech companies and well-established financial institutions.” This section is powered by IT World Canada. ITWC covers the enterprise IT spectrum, providing news and information for IT professionals aiming to succeed in the Canadian market. read more

Googles AI Presence Grows in the Contact Center

As a reminder, CCAI comprises three components: Virtual Agent, with Google Dialogflow, for analyzing call intent and routing customers accordingly; Agent Assist, for listening in on conversations between agents and customers and surfacing relevant content in real time; and Conversational Topic Modeling, a contact center analytics tool for identifying topics, keywords, and relevant discussion points. “Avaya’s expanding partnership with Google Cloud promises exciting developments across multiple facets of Avaya’s portfolio,” said Sheila McGee-Smith, president & principal analyst, McGee-Smith Analytics, in a prepared statement. “From a contact center perspective, new AI-driven intelligent conversation experiences will soon be available to customers who chose to remain on premises solutions, those that are transitioning to a hybrid cloud environment and those that choose to fully embrace the cloud.” Why You Need to Care About CX of Connected Consumers Blair Pleasant September 30, 2019 Today, enterprises are distinguishing themselves with personal, robust customer experiences. But can it be too much? Darryl Hoover, CTO with Direct Travel, said he believes the Engage Digital and Dialogflow combo will be instrumental for the company “in providing timely and effective customer service to our rapidly growing customer base.”Tags:News & ViewsGoogle Contact Center AIDialogflowAgent AssistVirtual AgentConversational Topic ModelingRingCentral Engage DigitalAvayaGenesysMitelCiscoContact Center & Customer ExperienceAI & AutomationCCaaSDigital TransformationPartner EcosystemProduct News Articles You Might Like While each Google-contact center partnership has its hallmark, the overarching goal for the contact center partners is to leverage the cloud giant’s prowess with artificial intelligence (AI) to better inform agents and optimize the customer experience provided through their solutions. These moves involve the CCAI framework or component pieces. AI is central to Engage Digital, John Finch, AVP, product marketing at RingCentral, told me in an email interview. “AI provides smart routing to agents, taking an incoming message and then classifying it by language, intent, sentiment, and skills to get it to the right agent to solve.” Led by Google’s announcement that it has integrated Contact Center AI (CCAI) with Salesforce Service Cloud for agent assistance, as detailed in this No Jitter post, the pace of Google-related contact center news associated with this week’s Google Cloud Next ’19 event has been fast and furious. Mitel, as we covered earlier this week, deepened its ties with Google, as have Avaya, Cisco, Genesys, and RingCentral. Avaya is working with Google on several early access clients, including a “very large” proof-of-concept (PoC) test for Virtual Agent/Dialogflow and several other PoCs combining all three CCAI components, an Avaya spokesperson said. Initial PoCs were with Avaya Aura (Contact Center Elite), Experience Portal, and Oceana, he added. Log in or register to post comments Avaya Evolves with GoogleAvaya’s relationship with Google has been evolving since the company tapped Google for a partnership back in late 2014 that put its contact center software on agent Chromebooks. And though not an original partner, today Avaya is participating in Google’s CCAI early access program, while Google Cloud has joined the Avaya A.I.Connect ecosystem. In particular, Famous pointed to Cisco Answers, a CCAI-powered intelligent agent introduced last month at Enterprise Connect. Cisco Touts Webex Contact Center-Calling Integration Beth Schultz September 23, 2019 Company talks up other enhancements to cloud platform, as contact center partners make service news of their own. Beyond CCAI, Avaya is now supporting Google Cloud Platform (GCP) as a deployment option for its communications and collaboration portfolio. This comes on top of a variety of other product integrations Avaya has forged with GCP. For example, its OneCloud offering for contact center and UC and its IX Collaboration meeting service both run natively in GCP. google_image.jpg What’s Trending in CX Today Blair Pleasant September 17, 2019 Organizations that truly care about customer service start with a understanding of what digital consumers really want. Among the five contact center providers mentioned above, Cisco, Genesys, and Mitel are original CCAI partners, announced with the program launch last July. But Avaya and RingCentral are no strangers to Google, either, having assorted communications and collaboration-related relationships with the company. But, as noted in its press release, the AI enhancements aren’t only for large enterprises. Beginning this quarter, companies using the Genesys PureEngage, PureConnect, and PureCloud platforms can incorporate the CCAI capabilities in their deployments, the company announced. Small, medium, and large enterprises across cloud and on-premises deployments will be able to take advantage of AI within their contact centers, it said. Genesys Expands CCAI to Customer BaseGenesys, too, is showcasing its CCAI solutions at Cloud Next, and is working with customers — “multiple enterprise-level organizations” — as part of its CCAI early adopter program, the company announced. Though it didn’t share specific names, it said those companies include a global ridesharing company, a large automobile manufacturer, and a Fortune 500 department store. Calling CCAI a “game-changer for the industry,” Paul Lasserre, VP of product management for AI at Genesys, said in a prepared statement that customers have already identified hundreds of use cases across marketing, sales, and services organizations. Cisco Transforms Customer Care with GoogleFor Cisco, this week’s Google Cloud Next ’19 event provided an opportunity to showcase ways in which it’s leveraging the CCAI framework to “transform the contact center from delivering reactive care to predictive care, and moving from isolated customer experiences to cohesive and engaging journeys,” as Tod Famous, senior director of product management for the Cisco Customer Contact Business Unit, wrote yesterday in a company blog post. The beta version of Digital Engage, along with the Dialogflow integration, is available now, with general availability expected in the third quarter of 2019. In his post, Famous shared the expectations that early adopter Sopra Steria, a European digital transformation consulting firm, has for Cisco Answers in its contact centers. “AI is transforming our business models and enables us to provide our clients with unmatched offerings while reducing total cost of services without compromising on quality. We expect Cisco Answers to be an integral part of our solutions by cutting down search time in half, allowing our agents to be much more effective,” said Jean-Marie Souchu, director of infrastructure management at Sopra Steria, in a prepared statement. RingCentral ‘Engages’ AI for ExperienceFor its part, while not a CCAI partner, RingCentral has announced that it’s integrating its Engage Digital customer engagement platform with Dialogflow, which incorporates Google’s AI expertise for building conversational interfaces and supports speech-to-text and other such capabilities. Introduced last November, the Engage Digital customer engagement platform is built on the Dimelo technology RingCentral acquired in October 2018. Decoding Dialogflow: Enabling Voice Brent Kelly September 16, 2019 The seventh in a multi-article series focusing on building intelligent bots using Google Dialogflow and Contact Center AI See All in Contact Center & Customer Experience » How to Plan a Smooth Contact Center Cloud Migration Elizabeth Magill September 24, 2019 A strategic migration plan must answer three important questions. read more

4 Imperatives for Enterprise IT Communication Managers

Network Engineers: Time to Give Up Your Blankies Zeus Kerravala August 29, 2019 Following an SD-WAN user session at VMworld, sharing advice on why you need to embrace reskilling SummaryBottom line, we’re in a much more dynamic space than ever before and the stakes are higher than ever for your enterprise or organization. So, adapt and lead! Maybe even ask for a raise or job re-definition, since you have much more value to add for the future. Best of success! In the past, you had fewer options. While you had many telephony system vendors to choose among, their feature sets were fairly similar. But now, telephony can come from most any direction — on premises or from cloud UC, communications platform as a service (CPaaS), smartphones, and communications built into applications. Users are now experiencing mobile communications, speech recognition, Web communications, and online meetings that delight them much more than the vendor-supplied packaged solutions available to them from enterprise IT. And, chief executives and most business unit or departmental leaders know they must innovate in the digital world, or face disruption and irrelevance. Parker is writing on behalf of BCStrategies, an industry resource for enterprises, vendors, system integrators, and anyone interested in the growing business communications arena. A supplier of objective information on business communications, BCStrategies is supported by an alliance of leading communication industry advisors, analysts, and consultants who have worked in the various segments of the dynamic business communications market.Tags:News & ViewsStrategic LeadershipCareersBCStrategiesBest PracticesNews & ViewsOrganization & Management Articles You Might Like Then translate what you know into specific requirements that will inform your choices. You may find yourself needing to invite unusual vendors to the table and to the bidding and selection processes. Which vendors have the right vision and the staying power? Is it better to buy a voice or contact center service from a traditional category leader or to opt for a cloud service that comes from a vendor that’s leading in big data, AI, or ML? You’re most likely to succeed when you stay in context and have the data. 1. Relate contextuallyAllocate a portion of your time, every day or at least every week, to staying in touch with your peers and your leadership in IT and in the business or operating departments. In your conversations, ask your peers how you and your team can help them with their own challenges; in the process, they may find ways to help you. For example, you could form alliances with your peers in network infrastructure, applications software management, information security, and business analysis, architecture, and planning. These alliances can pay enormous dividends. In each of these cases, you can make your decisions in ways that make life easier for your peers. In return, your peers can amplify your initiatives to produce far greater benefits to the overall organization. Log in or register to post comments Or, perhaps Usage Profiles, as referenced in prior posts, will show where the users are ready for truly innovative approaches to their requirements, such as a smartphone-only offering for field personnel or a major self-service advancement for employees, clients, customers, or citizens based on speech recognition tools available today (“Alexa, reset my password.”). 2. Manage informedlyBest-in-class management in the digital age is driven by data. Data, data, data. Be sure that essentially everything your department does produces data about usage — how much, how often, and by whom. This will provide amazing insights that will inform your decisions as well as your peer relationships. I’m often surprised in finding communications managers who aren’t looking at hourly, daily, and monthly dashboards of usage data to guide their work. Or, perhaps CPaaS should be your focus for the future so you’re able to embed communications in the operating departments’ applications and workflows. In such a case, you would then be managing the existing PBX purely as voice infrastructure for desk phones and generic devices (lobbies, halls, security alarms, etc.). 3. Choose wiselyThis paraphrases the ancient knight in an Indiana Jones movie who says of the person who didn’t select the Holy Grail, “He chose poorly.” So, choose wisely. Have a crystal-clear connection to the strategies and goals of the enterprise, the operational departments, and the CIO team. Stay in context (see above) with your peers and leadership and lay your demands on your vendors, rather than simply accepting their marketing hype. So, what to do? I have a lot of specific ideas — and maybe those are for a future post — but the first step, seems to me, is to apply management principles such as these four: BCS_logo_100px.jpg Similarly, regular dialogs with your peers in each operating department will assure you’re serving their evolving needs, rather than being surprised when they sign up for one more online service or load one more communications app on their smartphones. Maybe you’ll need to become a communications agent or broker for the operating departments, but that’s a good thing since that’ll make you the go-to person for all things communications. By partitioning your investments and your initiatives, you’ll find that some partitions will be quite calm for a period of years, while others are much more active. Then, that will change and evolve, over time. So, you can rotate your focus to that most dynamic area from quarter to quarter or year to year. Enterprise Connect Research: 2018 Career & Salary Survey Beth Schultz December 12, 2018 A snapshot of your career in enterprise communications, from the skills you possess, your top job factors, and the salaries you earn See All in Careers » If you’re an enterprise IT communication manager at any large organization, you’re facing far more challenges than your predecessors. Technology choices are mushrooming. Users are demanding consumer-like choices and services. And, your organization is likely undergoing constant reinvention as it strives to stay competitive for customers and employees in this digital age. Where possible, you should also be recording or logging communications sessions — voice, video, email, meetings, IM, texting, etc. Analytic tools are just getting better and better. Archive this data, too, since it will be possible in, say, five years, to apply artificial intelligence (AI) or machine learning (ML) to this historical data to analyze trends, find communications bottlenecks, and expose other opportunities for improved communications and workflows in your organization. 4. Partition smartlyLastly, you might consider partitioning out your communications architecture. For example, maybe it’s best to hand off the networking portion of your communications services to your IP networking peer and shift your department toward the communications applications zone. Cisco Gives Certifications a Software Facelift Zeus Kerravala June 17, 2019 A new line of DevNet programs will verify core and advanced skills of Cisco platforms, applications, and APIs. Take Our Survey: Communications Careers in the Spotlight Michelle Burbick November 12, 2018 Share insight into your communications career and earn a chance to win a $100 gift card. From these relationships, you’ll have a foundation for relating to IT and organizational leadership in ways that are connected to the business or organizational strategies and priorities. Sometimes, this may signal that your communications technology team can do less. For example, you may no longer need to provide desk phones and telephone numbers for mobile employees. This, in turn, will free up time, resources, and budget to work on necessary new ideas. In the past, you could choose a good, solid vendor and rely on the vendor to stay at the leading edge of innovation. But that doesn’t work anymore. Apple and Google, the smartphone leaders, don’t make PBXs, and likely never will. Cisco, Avaya, Mitel, NEC, and other IP-PBX and network infrastructure leaders make neither smartphones nor application software packages, and likely never will. Google, Microsoft, and Amazon are leading the way in artificial intelligence (AI) and machine learning (ML), including offering their tools to others such as contact center software producers that are incorporating Google AI. Yet, Google, Microsoft, and Amazon are also applying their advancements to their own cloud-based solutions. So, the integration of all these tools for communications in your enterprise is up to you, the communications manager, and your team. Don’t Surrender in the Fight for IT Talent Joyce Osenbaugh June 12, 2019 Combat the shortage by looking for your next hires in non-traditional places. strategy-774.png read more

Brock nursing team enters Alzheimer Society walk

A group of future nurses from Brock is entering a team in the Alzheimer Society of Niagara Walk for Memories this weekend.Under the banner of “Brock’s Future Nurses,” the team is led by student Michelle Richardson. Fourth-year student Samantha Micsinszki is participating, as is Lynn McCleary, associate professor of Nursing.The walk is an annual event to raise money for programs at the Alzheimer Society of Niagara. The walk will be Sunday, Jan. 29 at the Pen Centre.Click here to sponsor the Brock team.

Identifying Toronto van attack victims could take days

Ontario’s chief coroner is still in the process of identifying the victims of Monday’s van attack in north-end Toronto.Dirk Huyers says the process could take days and is complicated by of the size of the crime scene.The attack took place over a one-kilometre stretch of one of the city’s busiest streets.None of the victims have been formally identified.According to family and friends, the dead include 80-year-old grandmother Dorothy Sewell, Chul Min “Eddie” Kang, a chef and former Mohawk College student and Anne Marie D’Amico, who worked at an investment firm.Ten people were killed and 14 were injured when a van plowed into pedestrians on the sidewalk on Yonge St. Monday afternoon.Alek Minassian, 25, of Richmond Hill was charged yesterday with 10 counts of first-degree murder and 13 counts of attempted murder.An additional count of attempted murder is expected.Minassian has another court appearance scheduled next month. read more

Georgiabased Colonial sues contractor over Alabama spill

BIRMINGHAM, Ala. — Georgia-based Colonial Pipeline Co. is suing an Alabama contractor over a spill that threatened U.S. gasoline supplies three years ago.The pipeline operator contends faulty work by the Birmingham-based Ceco Pipeline Services caused a crack that spilled at least a quarter-million gallons of gasoline in rural Shelby County in 2016.The spill shut down a major pipeline for weeks, tightening gasoline supplies along the Eastern Seaboard.Colonial Pipeline is based near Atlanta in Alpharetta. It filed the federal lawsuit Friday seeking unspecified damages.Ceco Pipeline Services hasn’t replied in court, and a company official didn’t return an email seeking comment Monday.The lawsuit claims the contractor failed to adequately replace dirt around the pipeline after maintenance work. The suit says that failure caused cracks that led to the spill.The Associated Press read more

Lebanese bank denies doing banking activities for Hezbollah

BEIRUT — A Lebanese bank targeted by the U.S. Department of the Treasury for “knowingly facilitating banking activities” for the militant Hezbollah group has denied the charges, saying it abides by international laws.The Treasury’s Office of Foreign Assets Control sanctioned Jammal Trust Bank on Thursday.The bank said it learned about the sanctions “with great surprise” and “denies each and every allegation” on which the Treasury based its action.Friday’s statement also said the bank is committed to “abiding strictly by Central Bank of Lebanon rules and regulations, as well as all international rules and regulations on countering money laundering and financing of terrorism.”The bank also said it shall take appropriate steps in order “to clear its good name,” adding that it would appeal the Treasury’s decision.The Associated Press read more

Can green investment help relaunch Germanys economy

FRANKFURT — A recession looms for Germany and the European Central Bank is pleading for governments to spend more to revitalize economic growth. Yet despite having the luxury of borrowing money for less than nothing, the German government is keeping a tight rein on its finances.A debate over Germany’s devotion to budget austerity is intensifying as the outlook for the economy dims and public pressure grows to address issues like global warming. On Friday, the government will unveil measures that could include billions in incentives and spending to make the economy more environmentally-friendly.“The call for fiscal stimulus has never been louder,” said Carsten Brzeski, chief economist for the bank ING Germany. “And this week will show whether the eurozone country with the deepest pockets finally plans to empty them.”David McHugh, The Associated Press read more

Ready student one Universities launch degrees in esports

LONDON — On their first week in class, a group of students is playing a first-person shooter video game in a sleek new digital studio. It’s their introduction to the degree in esports they’ve all enrolled in.The group clicking away on their mice are at the University of Staffordshire, one of several U.K. and U.S. schools launching programs aimed at capitalizing on the booming industry’s need for skilled professionals.The University of Staffordshire last year launched its bachelor’s and master’s esports programs, in which students mainly learn marketing and management skills. It’s expanding this fall to London. Other schools also debuting esports degree courses include Britain’s Chichester University, Shenandoah University in Virginia, Becker College in Massachusetts and Ohio State University. In Asia schools in Singapore and China offer courses.Kelvin Chan, The Associated Press read more